Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
169
Views
5
Helpful
1
Replies

Specific SSL VPN IP in public IP range on an ASA 5515

Albeck
Level 1
Level 1

‎11-09-2015 07:02 AM

Hello,

I have an /29 public subnet on my outside interface of my cisco ASA 5515-X (version 9.5.1) and I want to configure remote VPN access to use a single, specific IP address within this range. However, when i set up the remote vpn access, i can only specify an interface. The result of that, is, that the VPN server of the ASA listens only on the configured IP address of the interface and not on any other IP adress in the same subnet.

So is there any possibility to specifiy an IP adress for VPN access?

As a workaround I thought about configuring an extra interface with the prefered IP address of the subnet. But this is not possible and results in an error because the ASA says that the IP/net of the workaround interface overlaps with the existing subnet of my /29 interface.

So how can I use all the IPs in my /29 subnet, when I am only able to configure one interface with only one IP address?

Thanks, Albeck.

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎11-09-2015 10:29 AM

All services that are provided by the ASA (that includes VPN) are only handled by the interface address (that's by design of the ASA and not configurable). The other addresses can be used with NAT for internal systems.

Customers Also Viewed These Support Documents