Secondary Public IP for AnyConnect and IPSec terminations on ASA5505
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2011 08:33 AM - edited 02-21-2020 05:46 PM
Can anyone point me to a document or tell me how to use a secondary public IP on the External interface of an ASA to terminate both the AnyConnect and IPSec clients. I have a /29 block and the primary IP is mapped on 443 to an OWA server behind the ASA. Currently I have AnyConnect listening on 4443, but users aren't remembering the port so we want to utilize one of our other available public IPs. I also want to move IPSec to the new IP so we can have one FQDN for both VPN client terminations.
- Labels:
-
IPSEC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2011 09:04 PM
This is what we are going to do is: Since the VPN Clients have to terminate on the ASA primary addresses and it appears we can’t change that termination to a secondary IP, we are going to move the current OWA access on primary IP:443 to the secondary IP address:443 via the static NAT mapping. We will also remove the port 4443 configuration from the webvpn configuration and let it default to 443.
