cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1079
Views
5
Helpful
2
Replies
Alex Pfeil
Rising star

AnyConnect Client and WebVPN Port 443 Not Working

I have an issue where port 443 is setup on a Cisco ASA appliance for AnyConnect and WebVPN.

 

1. I get a timeout when trying to go there via browser or AnyConnect client.

2. If I change to a different public interface on the ASA on port 443, it works.

3. If I change from port 443 to a different port (tried 8443), it works.

4. I have also ran debugs and if I ping the outside IP address (ICMP), I see my IP hitting the IP address.

5. I completed SSL debug and I see SSL errors when trying to access the ASA on port 443.

 

Has anybody run into something similar?

 

1 ACCEPTED SOLUTION

Accepted Solutions
Alex Pfeil
Rising star

Figured out the solution.

 

ISP was blocking traffic to that port on 80 and 443. I believe they were also blocking one other port.

 

Here is some more info:

1. It was possible to ping the IP address on the outside.

2. Wireshark capture showed no response on 80 or 443.

3. Switching to a different outside IP address worked.

4. Changing to a different port worked as well.

 

The IT manager on sight contacted the ISP and sure enough, they were blocking it. It has to do with the domain not being registered to the specific IP address. We may even have to change our URL to a different domain that we have physically in that location.

View solution in original post

2 REPLIES 2
Rob Ingram
VIP Mentor

Hi,
Do you have a nat rule that is translated to the outside interface?
Alex Pfeil
Rising star

Figured out the solution.

 

ISP was blocking traffic to that port on 80 and 443. I believe they were also blocking one other port.

 

Here is some more info:

1. It was possible to ping the IP address on the outside.

2. Wireshark capture showed no response on 80 or 443.

3. Switching to a different outside IP address worked.

4. Changing to a different port worked as well.

 

The IT manager on sight contacted the ISP and sure enough, they were blocking it. It has to do with the domain not being registered to the specific IP address. We may even have to change our URL to a different domain that we have physically in that location.

View solution in original post