05-17-2024 08:04 AM
I'm looking to enable Ikev2 for anyconnect and disable SSL.
My concern is on the change log when I go to deploy it, the IPsec Proposal says port 443.
We nat Port 443 down to out on site exchange server for hybrid email.
Our SSL vpn has been redirected to another port to prevent any conflict. I'm just concerned that this will interfere with the hybrid exchange environment. does anyone know if this will be an issue? we'd like to get off of SSL vpn just because of the brute force stuff that's been going on.
Solved! Go to Solution.
05-17-2024 08:41 AM
thats Client Services port which is used to download secure client/anyconnect updates, profiles and other settings. You can specify a different port or disable (if you do that the clients will not receive updates).
05-17-2024 08:38 AM
Need to check this point' but the ipsec anyconnect use http to download the xml and image it use.
If you can add xml manually to pc and disable auto-update that maybe solve issue
MHM
05-17-2024 08:51 AM
I manually changed the xml on the client I'm testing with to try the IPSec.
I added a second server as "VPN-IPsec" and made the Primary Protocol IPsec, so I think the client side is fine. I was concerned about the port 443 on the Firewall side.
05-17-2024 08:41 AM
thats Client Services port which is used to download secure client/anyconnect updates, profiles and other settings. You can specify a different port or disable (if you do that the clients will not receive updates).
05-17-2024 08:48 AM
We use "Device Insights" for updates, so I should be able to disable this. I'll give it a shot and see how it goes.
05-17-2024 08:57 AM
Thank you both. this works.
I can now move my Anyconnect users to Ikev2 and disable SSL, I changed the port number in Client services to 9443, then disabled it just so I wouldn't be concerned about it.
05-17-2024 09:26 AM
You are welcome
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide