cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
597
Views
0
Helpful
7
Replies
Netplace Support
Beginner

SSL VPN using Private IP

Hi All,

Is it possible to configure anyconnect SSL client Vpn using Private IP so that my internal users sitting in corporate network can connect to particular zone or server through Vpn tunnel.

 

Any help will be appreciated

7 REPLIES 7
Rob Ingram
VIP Expert

Hi,
Yes you can configure the VPN headend device with a private IP address and connect via SSL-VPN. As long as the device can route between the networks that's what matters.

HTH

Hi RJI,

 

Thanks for your reply.

 

My requirement is like, want my users in corporate network sitting behind core and distribution level switches should connect to devices in other zone example (DMZ, Server farm) via secure anyconnect SSL client base Vpn configure on ASA.

 

If possible can anyone please share any document or configuration guide base on my requirement.

Ok, here is an example of SSL-VPN on ASA.

 

I wouldn't say what you are wanting to do is very practical, but it is possible. If the users are behind the ASA anyway, you should be able to just permit access from INSIDE to DMZ, without the need to run a SSL-VPN connection.

 

HTH

Hi RJI,

 

Thanks for your reply and suggestion to achieve my goal via access policies. But due to some complaince and client requirement we need access our servers in Dmz or any other zones via SSL Client vpn.

 

 

 

 

If you enable the AnyConnect client connection on both the outside interface and inside interface. Then your users should be able to use AnyConnect client to establish a session. Then you just need to be sure that your policies for the Remote Access vpn allow access to DMZ etc.

 

HTH

 

Rick

HTH

Rick

Hi Richard,

 

Thanks for your reply.

 

But could you please elaborate more about it.

 

Also if I want to enable SSL Vpn headend on inside interface for users to connect to SSL Vpn using inside interface IP, then why I want to enable SSL Vpn on outside.

You only need to enable webvpn (SSL VPN) on the interfaces where you want you clients to connect.

Tunnel only specified networks (your DMZ subnet(s)) in the group policy.

Either NAT the users' VPN addresses to the ASA interface address or else put routing in place so that the Fortigate knows the pool is reachable via the ASA interface.

Make sure the ASA interface (or VPN pool - according to which approach you took above) can reach the target DMZ host(s) and that the user's native addresses cannot - i.e. rules in your Fortigate

Create
Recognize Your Peers
Content for Community-Ad