Cisco VPN with Anyconnect - What outside IP address to use?
Ok, this may seem like a silly connection but here goes.
I have a Site-to-site vpn set up between two of our offices. The main and a branch. For this site to site vpn I'm using our 'public' IP address that all the workstations get when they access the internet, (we use NAT). The site-to-site works fine.
We also want to set up an anyconnect VPN. It works internally using 192.168.1.1. I thought I could use one of our 5 external IP's (e.g. 70.x.x.19). Is this the correct way of doing this? I'm basically am confused on what IP address I shoud be using. We have 5 address, 4 are used already for email server, web server and two other servers.
Any help would be appreciated!
I have a Site-to-site vpn set up between two of our offices. The main and a branch. For this site to site vpn I'm using our 'public' IP address that all the workstations get when they access the internet, (we use NAT). The site-to-site works fine.
We also want to set up an anyconnect VPN. It works internally using 192.168.1.1. I thought I could use one of our 5 external IP's (e.g. 70.x.x.19). Is this the correct way of doing this? I'm basically am confused on what IP address I shoud be using. We have 5 address, 4 are used already for email server, web server and two other servers.
Any help would be appreciated!
ASKER
Ok. That is what I thought, but the problem is the outside IP is 10.1.10.200, which connects to our comcast business modem.
Inside 192.168.1.1/24
Outside 10.1.10.200/24
Then the cable modem is our public 70.xx.xx.xx.
So I'm not sure what we are supposed to do here?
Inside 192.168.1.1/24
Outside 10.1.10.200/24
Then the cable modem is our public 70.xx.xx.xx.
So I'm not sure what we are supposed to do here?
You say that you have several public IP's but your ASA has a private IP address? Why is that?
ASKER
Our setup is:
Inside->Firewall->Cable modem so all traffic hits the cable modem first, then is routed to the firewall, which has always been like this for this company. I don't think we can make the cable modem 'transparent'.
Any ideas??
Inside->Firewall->Cable modem so all traffic hits the cable modem first, then is routed to the firewall, which has always been like this for this company. I don't think we can make the cable modem 'transparent'.
Any ideas??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you this worked. I still don't understand why my other public IP addresses (e.g. email, web server and so on) are working correctly. They all work and do not have one to one mapping or anything.
Anyhow, I mapped our sslvpn.xxxx.com address to 10.1.10.200 (ASA "outside") and it worked! Next on the list is getting VPN clients to be able to access the 192.168.1.0/24 network (the inside).
Thanks again for your help!
Anyhow, I mapped our sslvpn.xxxx.com address to 10.1.10.200 (ASA "outside") and it worked! Next on the list is getting VPN clients to be able to access the 192.168.1.0/24 network (the inside).
Thanks again for your help!
ASKER
Update: This ended up breaking our site-to-site VPN. I forgot to update the comments on this. I'm going to need to reopen this question...
If you have for example the outside interface with ip 2.2.2.2/29 then you cannot use 2.2.2.3 for anyconnect, you have to use 2.2.2.2.