02-15-2019 02:21 AM - edited 02-21-2020 08:49 AM
I am trying to setup Cisco anyconnect to terminate on an ASA through a juniper srx650, I currently use the older cisco client and that works fine.
Does anyconnect use different ports?
Solved! Go to Solution.
02-15-2019 02:25 AM
Hi there,
AnyConnect will use UDP/443 and TCP/443 as a fallback. Check that both destination ports are allowed into the SRX zone that the ASA is positioned in.
cheers,
Seb.
02-15-2019 06:11 AM
The traditional Cisco client for Remote Access VPN used ipsec and so you had to permit ports for isakmp and esp. By default the AnyConnect client does not ipsec but uses SSL and so the ports would certainly be different. As suggested in a previous response you would need to permit TCP and UDP 443.
HTH
Rick
02-15-2019 02:25 AM
Hi there,
AnyConnect will use UDP/443 and TCP/443 as a fallback. Check that both destination ports are allowed into the SRX zone that the ASA is positioned in.
cheers,
Seb.
02-15-2019 02:28 AM
Hi Seb,
I have been using the old cisco client for years and have been asked to get anyconnect up and working as we are moving to windows 10. If the same ports are used I would expect them to have just worked?
02-15-2019 02:48 AM
hmmm, well if you are not using webssl, perhaps you have AnyConnect over IKEv2. Can you share the crypto config from your ASA?
cheers,
Seb.
02-15-2019 03:29 AM
Hi Seb,
I am not currently using the webssl, if I test the on another prepord network/firewall, that does not go through the Juniper it works. hence the question about what ports are required for anyconnect.
Do you know of a best practice guide for anyconnect?
02-15-2019 06:11 AM
The traditional Cisco client for Remote Access VPN used ipsec and so you had to permit ports for isakmp and esp. By default the AnyConnect client does not ipsec but uses SSL and so the ports would certainly be different. As suggested in a previous response you would need to permit TCP and UDP 443.
HTH
Rick
02-17-2019 11:53 PM
Hi Seb,
Thanks for the help, I had not allowed 443.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: