Re: VPN SSL on ASA

arnaud.dessauvages · ‎06-19-2006

Hi,

We?re using a cluster of ASA.

The interconnexion between the cluster and the external router is a private one (?outside? interface IP address is a private address).

Several public addresses are configured on the cluster, used for NAT purposes.

We intend to configure VPN SSL access.

Could you please confirm whether to be possible or not to configure VPN SSL on the ASA but using a public address dedicated to this aim ?

That is, the end-point IP address of the VPN SSL tunnel is not the ip address of the ?outside? interface but the one of a public IP address dedicated.

Maybe a NAT ? But I?m not sure because the traffic doesn?t pass through the cluster, but just stops on it.

Thanks in advance for your attention and for your inputs.

Best Regards,

Arnaud

wong34539 · ‎06-23-2006

From my understanding of SSL VPN, as long as you have IP connectivity between the client and the VPN gateway, things must work fine as far as reachability is concerned. These links talk about configuring WebVPN (Cisco's name for SSL/VPN) on ASA

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/vpn/webvpn.htm

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/vpn/svc.htm

sachinraja · ‎06-29-2006

Hello Arnaud,

I'm really not sure if this will work. YOu need to enable webVPN only on a certain interface. If you enable it on the outside interface, any connection to the IP of the outside will have WEB VPN access.

by default, ASA will support only 2 web vpn connections. You might have to purchase licenses if it exceeds.

Hope this helps.. all the best.. rate replies if found useful.

Raj