In config-load-balancing, there is a "cluster ip address <addr>"
command. I think this would work similar to the Juniper thing that Stu
mentioned. So load balancing cluster works different than failover.
Just curious about a single node cluster so you could use this virtual
ip.
On Apr 23, 2010, at 3:04 PM, Stuart Hare <stuart_at_ipexpert.com> wrote:
> Sairam,
>
> Is there a particular reason why you would not want to use the
> outside interface?
> This is pretty standard behaviour for most boxes.
>
> As Paul said the only the only possible way may be using a cluster
> but Im pretty sure on the ASA that would still mean using the
> outside interface of the primary device.
>
> I know on the Juniper SA for instance you can create a cluster and
> assign an outside VIP that will be used between both active and
> standby devices.
> Not sure this is an option for the ASA though.
>
> I'll check it out and post back if I find anything.
>
> Stu
>
> On Fri, Apr 23, 2010 at 4:01 PM, Paul Stewart <pestewart_at_gmail.com>
> wrote:
> I think the only way this could work is by configuring the ASA like
> it was part of a VPN cluster, excluding the address from nat, then
> specifying it as the cluster ip address. You may also want to
> specify this new ip address as the URL for the ssl VPN. The real ip
> might continue to accept connections, I've not tried this.
>
>
>
>
> On Apr 23, 2010, at 6:40 AM, sairam <seekumarin_at_gmail.com> wrote:
>
> Dear Experts, I request your assistance.
>
> I am trying to test the SSL VPN (WEB VPN in Cisco ASA). It is working
> perfectly by default configuration. Now I am using OUTSIDE INTERFACE
> as SSL
> VPN Terminating point as below
>
> web vpn
> enable outside
>
> Is it possibe to use a differnt IP Address from the same Subnet of
> OUTSIDE
> INTERFACE, Instead of Interface IP Address itself. The Idea behind is,
> Clients should not use OUTSIDE Interface IP Address, but whereas
> they can
> use from the IP Address Pool of OUTSIDE Interface
>
> Please advice
>
> Regards and Thanks in advance
>
> sairam
>
>
>
>
> --
> Regards,
>
> Stuart Hare
> CCIE #25616 (Security), CCSP, Microsoft MCP
> Sr. Support Engineer b� IPexpert, Inc.
> URL: http://www.IPexpert.com
Blogs and organic groups at http://www.ccie.net
Received on Fri Apr 23 2010 - 15:12:25 ART