RE: SSL VPN-IP Address from Ryan West on 2010-04-23 (Ccielab archives 04/2010)

From: Ryan West <rwest_at_zyedge.com>
Date: Fri, 23 Apr 2010 15:56:02 +0000

Paul,

> -----Original Message-----
> Sent: Friday, April 23, 2010 11:02 AM
> To: sairam
> Cc: Cisco certification; Cisco certification; Cisco certification
> Subject: Re: SSL VPN-IP Address
>
> I think the only way this could work is by configuring the ASA like it
> was part of a VPN cluster, excluding the address from nat, then
> specifying it as the cluster ip address. You may also want to specify
> this new ip address as the URL for the ssl VPN. The real ip might
> continue to accept connections, I've not tried this.
>

That's an interesting idea and a feature I wasn't really aware of. With clustering enabled, do you need to leverage RRI to get the client VPN traffic back to the proper ASA? I would think so, I didn't really see a way to create a clustered address on the inside. Does it support all VPN connections; L2L, Web, and EasyVPN? I am able to find configuration examples for the feature, but not in the regular configuration guide, at least not for 8.2.

Thanks,

-ryan

Blogs and organic groups at http://www.ccie.net
Received on Fri Apr 23 2010 - 15:56:02 ART

This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:57 ART