Showing results for 
Search instead for 
Did you mean: 


Change remote management port Cisco ASA5510


I previously had some assistance configuring a router for inbound HTTPS traffic in this thread: It has been working great.

I got a call from the customer that the web access no longer works for this product. I believe it is because the web interface for remote management is now using port 443. I can confirm this by going here:
. That should take me to a page that says the test is successful, but I get to the login page for remote management of the Cisco appliance.

How do I change the port for remote management, or better yet, disable that service?


Jouni Forss


So just to make it clear, are we talking about a situation where you have a site with an ASA firewall which has only one public IP address available that is naturally used in its external interface and originally you had forwarded port TCP/443 to an internal host/server to access a web portal and the ASA has now been enabled for ASDM access (using TCP/443) that is causing connectivity problems to the actual internal server?

If the above is the situation then if you have the CLI access to the ASA you would have to check atleast these settings

show run http

This should list the networks and interfaces from which the ASDM is reachable. It should also tell if the ASDM is enabled with the default port or if its running on nondefault port.

You should see something like

http server enable

http outside

This would mean that the ASA is configured for ASDM access

You could also use the following command to view on what ports the ASA is listening on

show asp table socket

You should probably see the TCP/443 port being listened on.

Naturally if my presumptions above are correct then someone at some point enabled the ASDM access since it shouldnt start causing problems suddenly.

You can either use the CLI connection to disable the ASDM access by clearing the "http" related configurations.

You could also change the port used with the command

http server enable

Hope this helps

- Jouni


Must be too tired. You clearly answered some of my doubts and stated the needed information in the original post, doh Must have not registered with my brain for some reason

Though still the above "show" commands and configuration commands should help you with this situation I imagine.

- Jouni

Here are some resutls of the commands....

Result of the command: "show run http"

http server enable

http inside

http management

http inside

Result of the command: "show asp table socket"

Proto  Socket    Local Address               Foreign Address         State

TCP    00013f0c    *               LISTEN

TCP    0001c104  *               LISTEN

SSL    00026de4   *               LISTEN

SSL    000282fc *               LISTEN

SSL    0003147c  RDP-Outside:443   *               LISTEN

DTLS   0003c1b4  RDP-Outside:443   *               LISTEN

SSL    0ca72f5c             WebViewServer:58524     ESTAB

SSL    0ca81eb4             WebViewServer:58526     ESTAB

SSL    0cf24a64             WebViewServer:58740     ESTAB

RDP-Outside is configured as

WebViewServer is conifgued as

Does that help? I seem to remember it being a fairly simple process from the ASDM to change the port number it listens on, I just can't remember now what it was. I had to do it before.



In the CLI format the command is for example

http server enable 444

I am not sure if changing the port while connected with ASDM cuts the current connection off or will it only affect the following connections.

On the ASDM you can go to

Configuration (Top Menu Bar) -> Device Management (Bottom Left) -> Managenent Access (Drop Down Menu) -> ASDM/HTTPS/Telnet/SSH (Drop Down Menu) -> Port Number (On the actual page)

Hope this helps

- Jouni

I changed it to port 444 through ASDM. I can log in and access the Cisco appliance on the internal server successfully now, but now I get a new message when I go to:
, it is for the SSL VPN service.

I found my way to a config screen for SSL VPN, tried to edit the port number for that, but it told me no changes can be made on an active interface. Do I need to shut down the entire appliance to make this change? Am I trying to make the change in the wrong spot?



Try to uncheck the interface specific settings you see above and then change the port for the service.

- Jouni

I unchecked the Allow Access and Enable DTLS boxes, changed the ports to 445, and that stopped the SSL VPN login page, but now I have a page can't be displayed error.



I guess you could check the current configurations with the "packet-tracer" command

packet-racer input outside tcp 12345 443

Insert the public IP address of the ASA and replace the IP address with something else if its not allowed according to your ACLs.

- Jouni

Something else happened along the way, and I had to re-create the ACL and routing rule. Once I entered those two commands, web access to the server was restored. Thank you for helping me edit the port number for remote management and the SSL VPN.


Content for Community-Ad