Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1369
Views
0
Helpful
5
Replies

SVC WebVPN (clientless) uses IP pool addressing or ASA inside interface IP

will
Level 3
Level 3

‎02-13-2015 03:56 PM

I'm trying to design something which requires ASA to uniquely assign one IP per clientless VPN user. it seems like all these web requests coming through the ASA are proxied via the ASA's inside IP for the source address of the Web request. Does ASA proxy requests through it by changing the VPN client request IP's from a POOL configuration. Or is it always going to use the ASA inside interface IP? Assuming a two NIC configuration (inside/outside)

NOTE: I'm not talking about AnyConnect, IKEV1/2 client based VPN's. I'm specifically talking about the client-free login connection method.

thx in advance,

Will

1 person had this problem
Labels:
0 Helpful
5 Replies 5

Rasika Nayanajith
VIP
VIP

‎02-15-2015 07:47 PM

Hi Will,

Pls move your thread to here

https://supportforums.cisco.com/community/6001/vpn

HTH

Rasika

0 Helpful

will
Level 3
Level 3
In response to Rasika Nayanajith

‎02-15-2015 09:53 PM

thanks you ras, I posted in correctly - probably going to fast! I have re-posted in vpn forum.

0 Helpful

Michael Alvarez Martinez
Level 1
Level 1

‎09-03-2015 06:40 PM

Hello will@bootit.com,

Did you find your answer? Is it possible to make VPN clients to request IP's from the Pool configuration?

 

Regards,

0 Helpful

will
Level 3
Level 3
In response to Michael Alvarez Martinez

‎09-04-2015 08:48 PM

hi Michael, I couldn't make the ASA proxy requests from anything other than the inside interface. the proxy mentioned in this thread from the outside interface doesn't quite make sense to me. Essentially the connection comes into the "web server" on the ASA outside interface. the ASA takes the tunneled SSL webpage request and then shoots that back into the network as a request from itself on it's inside interface. the inside server responds to the ASA inside IP as though he is the client. And then the reverse proxy gets created before tunneling the traffic back to the internet WebVPN client.

The other styles of VPN _do_ allow POOL IP selection.

hope that helps.

0 Helpful

pjain2
Cisco Employee
Cisco Employee

‎09-03-2015 11:12 PM

the ASA will always proxy the traffic from the outgoing interface meaning if the traffic is destined out from the inside interface to the internal subnet, it is going to be prox'ied from the inside interface ip

0 Helpful
Customers Also Viewed These Support Documents