ASA SSL clientless VPN

Posted on 2010-03-23
Medium Priority
Last Modified: 2012-05-09
I have an outside interface IP address on the ASA with a subnet allowing 6 IP addresses. I have setup clientless SSl vpn enabled on the outside interface and when i try to access it to the IP address within the subnet that is actually configured on the outside interface it works fine.
However if i try and set it up so the tunnel-group group-url points to one of the other IP's in the subnet it won't work.
Can anyone confirm whether it only works on the actual configured IP or should i be able to connect on any of the IPs in the subnet.

ie if IP was as shown below the address would work but - would not.

 interface GigabitEthernet0/1
 nameif outside
 security-level 0
 ip address
Question by:nappyshock
  • 2
  • 2
LVL 23

Accepted Solution

Erik Bjers earned 2000 total points
ID: 28430252
You will need to connect to the actual interface IP on the ASA for the VPN to work.  

If you want to use an IP other than the one you have assigned to the physical interface you will need to create a sub-interface and assign a different public IP to it (ability to do this depends on the ASA and license you have).  For more information see http://www.cisco-tips.com/tag/asa-subinterfaces/

However there is really no need to use a different IP for your VPN so I would suggest using the one you have assigned to the public interface.


Author Closing Comment

ID: 31706291
Thanks for quick response.

Author Comment

ID: 28430910
Thanks ebjers for the quick response!
I reason i was going to put the clientless SSL VPN on a seperate IP was because port 80/443 on the actual interface IP is being used by the SSL anyconnect client.
I suppose i could use a different port for the clientless SSL VPN.
LVL 23

Expert Comment

by:Erik Bjers
ID: 28431006
in that case if your license allows it create a sub-interface

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question