10-08-2021 01:18 PM
Hello,
First if this is the wrong area I apologize, wasn't sure if it should go here or in the VPN section cause it kind of deals with both. I am trying to setup RA VPN on a FPR1010-NGFW. We have only one static IP for our WAN and our email server is using port 443, so I need to change the default https port for anyconnect, but I can't seem to find the port setting in global settings for the connection profile.
Using this article on Cisco's website I found the instructions to configure the port on the global settings:
The instructions are found under "Configure an RA VPN Connection Profile"
I have done this countless times on ASA55xx firewalls and I've managed to find most of what I need on this newer firewall but this time what I need seems to elude me.
Show Version:
----------[ TRTFPR.trtechnologies.local ]-----------
Model : Cisco Firepower 1010 Threat Defense (78) Version 6.4.0 (Build 102)
UUID :
Rules update version : 2018-10-10-001-vrt
VDB version : 309
----------------------------------------------------
Cisco Adaptive Security Appliance Software Version 9.12(1)6
Firepower Extensible Operating System Version 2.6(1.133)
Compiled on Mon 22-Apr-19 08:39 PDT by builders
System image file is "disk0:/installables/switch/fxos-k8-fp2k-lfbff.2.6.1.133.SPA"
Config file at boot was "startup-config"
DEVICENAME up 23 hours 51 mins
Hardware: FPR-1010, 2937 MB RAM, CPU Atom C3000 series 2200 MHz, 1 CPU (4 cores)
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Number of accelerators: 6
1: Int: Internal-Data0/0 : address is 0000.0000.0000, irq 10
3: Ext: Management1/1 : address is xxxx.xxxx.xxxx, irq 0
4: Int: Internal-Data1/1 : address is 0000.0100.0001, irq 0
5: Int: Internal-Data1/2 : address is 0000.0300.0001, irq 0
6: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
Serial Number:
Configuration last modified by enable_1 at 19:52:23.688 UTC Fri Oct 8 2021
Solved! Go to Solution.
10-08-2021 11:57 PM - edited 10-08-2021 11:59 PM
@Keegan Santos unfortunately I do not believe there is another way to change the port.
Either upgrade to 6.7 or 7.0 or perhaps try using an IPSec VPN which uses udp/500 and udp/4500 instead of an SSL-VPN.
10-08-2021 02:22 PM - edited 10-08-2021 02:24 PM
I was reading through release notes for versions after 6.4 (the version I have) and it seems that the option to modify the port in the global settings of the RA VPN connection profile was introduced in version 6.7. Does this mean there is no way to change it? Or that it has to be done elsewhere or via cli on versions prior to 6.7?
10-08-2021 11:57 PM - edited 10-08-2021 11:59 PM
@Keegan Santos unfortunately I do not believe there is another way to change the port.
Either upgrade to 6.7 or 7.0 or perhaps try using an IPSec VPN which uses udp/500 and udp/4500 instead of an SSL-VPN.
10-13-2021 11:44 AM
Yes I believe you are correct, we already bit the bullet and bought a SmartNET subscription so we can obtain the latest release. Thank you for the reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide