Prem,

prem.ce24 · ‎11-17-2015

Hello Team,

IS it necessary to give public IP on firewall physical interface connected to ISP for anyconnect VPN in ASA5585.

or we have configure physical interface connected with ISP with local IP address.

and anyconnect VPN as accessable on internate by public IP given at VPN configuration time.

if configurable please suggest.

Thanks & Regards,

Prem Prakash

Dinesh Moudgil · ‎11-18-2015

Hi Prem,

As long as Anyconnect client has connectivity to your ASAs interface IP, there should not be any issue.

In case you have private IP on ASA's interface and ISP is providing you public IP, make sure port 443 is open for the connection.

i.e. publick IP:443 should be statically natted to private IP:443

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

prem.ce24 · ‎11-18-2015

Hello Dinesh

Thanks for Reply.

is ASA Local interface untrust ip 10.115.5.1/30 directly connected to Router 10.115.5.2/30

And i have to static nat 10.115.5.1 with Public ip 14.24.125.5 on same asa

and anyconnect client use 14.24.125.5 for connecting VPN.

Please suggest

Regards,

Prem

Marvin Rhoads · ‎11-18-2015

Prem,

The static NAT would need to be configured on the router, not the ASA.

IS it necessary to give public IP on firewall physical interface for anyconnect VPN in ASA5585