https://community.cisco.com/t5/network-security/client-service-port-change/m-p/3354748#M1027841 <P>Dears,</P> <P>I want to change the client service port from 443 to some other port, I want to know which port range should be used for this client services, if I m not wrong the private port cannot be used.</P> <P>&nbsp;</P> <P>crypto ikev2 enable&nbsp;OUTSIDE client-services port 443</P> <P>crypto ikev2 enable&nbsp;OUTSIDE client-services port&nbsp; ?????</P> <P>&nbsp;</P> <P><FONT color="#ff0000"><SPAN class="Y0NH2b CLPzrc">Ports with numbers <STRONG>0</STRONG>–<STRONG>1023</STRONG> are called system or well-known ports; ports with numbers <STRONG>1024</STRONG>-<STRONG>49151</STRONG> are called user or registered ports, and ports with numbers <STRONG>49152</STRONG>-<STRONG>65535</STRONG> are called dynamic and/or private ports.</SPAN></FONT></P> Fri, 21 Feb 2020 15:33:39 GMT thomasandy32 2020-02-21T15:33:39Z https://community.cisco.com/t5/network-security/client-service-port-change/m-p/3354748#M1027841 <P>Dears,</P> <P>I want to change the client service port from 443 to some other port, I want to know which port range should be used for this client services, if I m not wrong the private port cannot be used.</P> <P>&nbsp;</P> <P>crypto ikev2 enable&nbsp;OUTSIDE client-services port 443</P> <P>crypto ikev2 enable&nbsp;OUTSIDE client-services port&nbsp; ?????</P> <P>&nbsp;</P> <P><FONT color="#ff0000"><SPAN class="Y0NH2b CLPzrc">Ports with numbers <STRONG>0</STRONG>–<STRONG>1023</STRONG> are called system or well-known ports; ports with numbers <STRONG>1024</STRONG>-<STRONG>49151</STRONG> are called user or registered ports, and ports with numbers <STRONG>49152</STRONG>-<STRONG>65535</STRONG> are called dynamic and/or private ports.</SPAN></FONT></P> Fri, 21 Feb 2020 15:33:39 GMT https://community.cisco.com/t5/network-security/client-service-port-change/m-p/3354748#M1027841 thomasandy32 2020-02-21T15:33:39Z https://community.cisco.com/t5/network-security/client-service-port-change/m-p/3354765#M1027842 <P>Thomas,</P> <P>&nbsp;</P> <P>why would you want to change it?</P> <P>&nbsp;</P> <P>have you got one public IP or something and you are already running a webserver that responds to 443?</P> Sun, 25 Mar 2018 22:23:10 GMT https://community.cisco.com/t5/network-security/client-service-port-change/m-p/3354765#M1027842 Dennis Mink 2018-03-25T22:23:10Z https://community.cisco.com/t5/network-security/client-service-port-change/m-p/3354930#M1027843 <P>&nbsp;</P> <P>&nbsp;</P> <P>I am giving my customer anyconnect vpn client directly by dropbox I want to disable the client services completely or to some other port &nbsp;so that the public&nbsp;IP should not be accessible from Internet on well know port.(443)</P> <P>&nbsp;</P> <P>Hence whenever the user wants the anyconnect client and when they enter in their browser https//:publicip the certificate presented to the user is a CA signed still the direct access to the public ip on port 443&nbsp;is a risk ???</P> <P>&nbsp;</P> <P>if it is a risk then I shld change to some other port or I&nbsp;have to disable them, once disabling I hope it will not affect the other site to site IKEv2 vpn ??</P> <P>&nbsp;</P> <P>thanks</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>thanks</P> Mon, 26 Mar 2018 07:31:54 GMT https://community.cisco.com/t5/network-security/client-service-port-change/m-p/3354930#M1027843 thomasandy32 2018-03-26T07:31:54Z