We help IT Professionals succeed at work.

Cisco 5505 VPN Configuration

Medium Priority
809 Views
Last Modified: 2012-09-10
I have a client with a single Static IP Address that exposes their Windows 2008 SBS server to the Internet for Email and OWA. They want to install a Cisco 5505 to allow for VPN access. Typically, when I set them up, I have the Cisco 5505 Outside Interface have an IP address that the VPN clients connect to. I then have another IP address that is routed through the Cisco Router as a Static Route to expose the SMTP and OWA services.

This client only has one IP address and I'm not sure if that can be done and what the configuration should be.

Thanks.
Comment
Watch Question

Top Expert 2011
Commented:
I believe you can use a single address for VPN and for Static NAT (smtp and owa)
CERTIFIED EXPERT
Commented:
yes, you can use a single address for NAT to an SBS server and for inbound IPSec VPN, if you want to use AnyConnect with its default settings, you would require an additional IP address, but it is possible to run AnyConnect on a different port.
CERTIFIED EXPERT
Commented:
You need to use port address translation for SMTP and OWA instead of network address translation.  Basically, you only translate the individual ports.

Example:  static (inside,outside) tcp <outisde_IP> 25 <inside_IP> 25 netmask 255.255.255.255

The problem you might run into is that OWA and SSL VPN clients will want to use the same port (443).

You can change the port either service, or you can use the Cisco IPSec VPN client (this client is being deprecated, but it is still available for download).

Explore More ContentExplore courses, solutions, and other research materials related to this topic.