Can anyone point me to a document or tell me how to use a secondary public IP on the External interface of an ASA to terminate both the AnyConnect and IPSec clients. I have a /29 block and the primary IP is mapped on 443 to an OWA server behind the ASA. Currently I have AnyConnect listening on 4443, but users aren't remembering the port so we want to utilize one of our other available public IPs. I also want to move IPSec to the new IP so we can have one FQDN for both VPN client terminations.
This is what we are going to do is: Since the VPN Clients have to terminate on the ASA primary addresses and it appears we can’t change that termination to a secondary IP, we are going to move the current OWA access on primary IP:443 to the secondary IP address:443 via the static NAT mapping. We will also remove the port 4443 configuration from the webvpn configuration and let it default to 443.