cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1140
Views
0
Helpful
3
Replies

Port Setting Missing from RA VPN Global Settings

Keegan Santos
Level 1
Level 1

Hello,

     First if this is the wrong area I apologize, wasn't sure if it should go here or in the VPN section cause it kind of deals with both.  I am trying to setup RA VPN on a FPR1010-NGFW.  We have only one static IP for our WAN and our email server is using port 443, so I need to change the default https port for anyconnect, but I can't seem to find the port setting in global settings for the connection profile. 

 

Using this article on Cisco's website I found the instructions to configure the port on the global settings:

https://www.cisco.com/c/en/us/td/docs/security/firepower/670/fdm/fptd-fdm-config-guide-670/fptd-fdm-ravpn.html

The instructions are found under "Configure an RA VPN Connection Profile"

 

I have done this countless times on ASA55xx firewalls and I've managed to find most of what I need on this newer firewall but this time what I need seems to elude me.

 

Show Version:

----------[ TRTFPR.trtechnologies.local ]-----------
Model : Cisco Firepower 1010 Threat Defense (78) Version 6.4.0 (Build 102)
UUID :
Rules update version : 2018-10-10-001-vrt
VDB version : 309
----------------------------------------------------

Cisco Adaptive Security Appliance Software Version 9.12(1)6
Firepower Extensible Operating System Version 2.6(1.133)

Compiled on Mon 22-Apr-19 08:39 PDT by builders
System image file is "disk0:/installables/switch/fxos-k8-fp2k-lfbff.2.6.1.133.SPA"
Config file at boot was "startup-config"

DEVICENAME up 23 hours 51 mins

Hardware: FPR-1010, 2937 MB RAM, CPU Atom C3000 series 2200 MHz, 1 CPU (4 cores)

Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Number of accelerators: 6

1: Int: Internal-Data0/0 : address is 0000.0000.0000, irq 10
3: Ext: Management1/1 : address is xxxx.xxxx.xxxx, irq 0
4: Int: Internal-Data1/1 : address is 0000.0100.0001, irq 0
5: Int: Internal-Data1/2 : address is 0000.0300.0001, irq 0
6: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0

Serial Number:
Configuration last modified by enable_1 at 19:52:23.688 UTC Fri Oct 8 2021

 

1 Accepted Solution

Accepted Solutions

@Keegan Santos unfortunately I do not believe there is another way to change the port.

Either upgrade to 6.7 or 7.0 or perhaps try using an IPSec VPN which uses udp/500 and udp/4500 instead of an SSL-VPN.

View solution in original post

3 Replies 3

Keegan Santos
Level 1
Level 1

I was reading through release notes for versions after 6.4 (the version I have) and it seems that the option to modify the port in the global settings of the RA VPN connection profile was introduced in version 6.7.  Does this mean there is no way to change it?  Or that it has to be done elsewhere or via cli on versions prior to 6.7?

@Keegan Santos unfortunately I do not believe there is another way to change the port.

Either upgrade to 6.7 or 7.0 or perhaps try using an IPSec VPN which uses udp/500 and udp/4500 instead of an SSL-VPN.

Yes I believe you are correct, we already bit the bullet and bought a SmartNET subscription so we can obtain the latest release.  Thank you for the reply. 

Review Cisco Networking for a $25 gift card