Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
883
Views
5
Helpful
2
Replies

Multiple SSL on ASA-5506-X with 9.7

Go to solution
Kerry Kriegel
Beginner
Beginner

‎10-06-2017 03:14 PM - edited ‎03-12-2019 04:36 AM

 Hi,

 

I have several ASA's with a /28 on a single "outside" interface.

We host individual customer servers, using private addressing, on each inside interface - ifname Company-X

 

We are trying to setup each company with their own AnyConnect client ssl that will be answered by one of the /28 ip addresses.

 

i.e.  vpn.mycompany.com  resolves to w.x.y.1

i.e.  vpn.company-A.com  resolves to w.x.y.3

ie.  vpn.company-B.com  resolves to w.x.y.5

etc.

 

I have seen some posts (circa 2012-14) indicating that this can NOT be done because there is only one ssl per interface.  Others indicate that there are ways that "should work".

 

Has anyone actually done this?

Using what methodology?

 

Any assistance is greatly appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
VIP Advisor VIP Advisor
VIP Advisor
In response to Karsten Iwen

‎10-07-2017 11:14 AM

You can achieve this using Group-URL, you can match the fqdn used to
connect to vpn server (ASA) and allocate the corresponding group-policy
automatically

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Karsten Iwen
VIP Mentor VIP Mentor
VIP Mentor

‎10-06-2017 03:54 PM

Also today, VPNs are terminated on the outside IP of the ASA. But you can use different FQDNs that point to this same address and also different certificates for each FQDN.

Go to solution
Mohammed al Baqari
VIP Advisor VIP Advisor
VIP Advisor
In response to Karsten Iwen

‎10-07-2017 11:14 AM

You can achieve this using Group-URL, you can match the fqdn used to
connect to vpn server (ASA) and allocate the corresponding group-policy
automatically

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents