Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1263
Views
0
Helpful
1
Replies

Secondary Public IP for AnyConnect and IPSec terminations on ASA5505

John Gawf
Level 1
Level 1

‎12-18-2011 08:33 AM - edited ‎02-21-2020 05:46 PM

Can anyone point me to a document or tell me how to use a secondary public IP on the External interface of an ASA to terminate both the AnyConnect and IPSec clients.  I have a /29 block and the primary IP is mapped on 443 to an OWA server behind the ASA.  Currently I have AnyConnect listening on 4443, but users aren't remembering the port so we want to utilize one of our other available public IPs.  I also want to move IPSec to the new IP so we can have one FQDN for both VPN client terminations.

Labels:
0 Helpful
1 Reply 1

John Gawf
Level 1
Level 1

‎12-21-2011 09:04 PM

This is what we are going to do is:  Since the VPN Clients have to terminate on the ASA primary addresses and it appears we can’t change that termination to a secondary IP,  we are going to move the current OWA access on primary IP:443 to the secondary IP address:443 via the static NAT mapping.  We will  also remove the port 4443 configuration from the webvpn configuration and let it default to 443.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents