04-18-2011 08:04 AM - edited 02-21-2020 05:17 PM
Hello guy,
i would like to make works a vpn ssl anyconnect and an https access (OWA) on a cisco asa with only 1 public IP Address.
I test each features alone and it works perfect, but i'm not able use both features at the sme time with only 1 public ip address,
any body knows if this is possible ?
Thanks a lot for our help
Lorenzo
04-19-2011 02:44 PM
Lorenzo,
Why not make OWA available via clientless webvpn (portal) instead of struggling with it?
Otherwise you can enable webvpn on different port.
Marcin
04-20-2011 12:42 AM
Hi Marcin,
Your suggestion could be possible, but I need OWA published for OMA mobile access (iphone, ecc…).
Second suggestion, use webvpn on different port, could be possible too, but this is out of standard and usually (hotel,hotspot,ecc..) allow only port 80 and 443 !
This is the reason why I would like to make working OWA and SSL together the problem is that I have only 1 IP Address available.
Lorenzo
04-20-2011 02:28 AM
Lorenzo,
Bear with me - this will be long, but should work.
What I suggest is to have OWA avilable via SSL VPN portal.
What you can do is.
Point DNS entry for OWA to your ASA's IP as something like owa.mydomain.tld
In webvpn portal you make sure that actual page of OWA is set as "homepage" veriable (either via IP or via DNS name).
If it's needed you create single sign on (SSO) on the ASA to make sure that once user is logged into ASA will automatically be logged into OWA (without entering the credentials twice).
What you will most likely need to do also in practice is to make sure that users logging into the VPN portal are authenticated via LDAP to the same server OWA is authenticating to.
This will maximize use of your ports and will allow Anyconnect and OWA to work at the same time.
Marcin
04-20-2011 02:34 AM
Marcin,
i understood what you mean, question is, how, with this configuration, the mobile device can access to email ?
Iphone has SSL client, but Android not !
04-20-2011 02:58 AM
Lorenzo,
Well, how is OMA published exactly ? I have never dealt with it. Is there like a special link that they need to access?
You can try to reach out to the guys in your account team to see if there might not be something supported here.
Actually for smart phones, OWA access over SSL should work just fine ... but again there might be some specifics on MS side I'm not aware of.
Marcin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide