Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15557
Views
10
Helpful
2
Replies

Anyconnect on non standard port (eg 444)

Go to solution
stevebuckleycork
Level 1
Level 1

‎02-20-2015 04:12 AM - edited ‎02-21-2020 08:05 PM

Hi,

Hoping someone might be able to help as I'm stumped. I'm trying to set up Anyconnect on an ASA 5505 running software 9.0(1) / ASDM version 7.1(1)52.

I have followed various guides online (all pretty much the same)  using the Wizard. The only difference in my case is that I cannot use port 443 as it's already in use for ActiveSync. So I want to use 444 instead.

To achieve this I run the anyconnect VPN wizard as per instructions, and afterwards go to Configuration>Remote Access VPN>and change the port settings here (https and dtls ports to 444 from 443). 

what happens then on the client side: 

I can browse to the router/site : eg https://123.123.123.1:444 and this brings up the login/password screen, it accepts credentials as it should, and goes through the procedure of downloading the client. All fine so far. When the anyconnect client tries to connect it issues a warning about the certificate (that's ok as I've only used self-signed for now) so I have the option of connect anyway which I chose. It then proceeds to try and connect and just sits there before eventually crashing the client.

On the ASA side of things then I've looked at the log while this is happening and it goes through the following steps :

1 it initiates the handshake, then I can see there is a tcp connection buildup from my IP to port 444, followed immediately by Teardown. The buildup/teardown keeps repeating until the client crashes. 

So in summary I can get as far as the ASA (to enter credentials,download the client etc). The client can get as far as recognising that the cert isn't trusted, which I can acknoweldge and move on from, and it's beginning the authentication but just stops there. 

I am lost as to where to go from here. I'm wondering if it's anything to do with the fact Im not using 443. I've also tried this by installing the client as a standalone installer on a different pc and entering the address with port 444 after (eg 123.123.123.1:444) , same result. Tested on windows 7 and 8.1.

Any and all help greatly appreciated!

 

Thanks

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Neil Cudmore
Level 1
Level 1

‎02-20-2015 07:51 AM

Not done this through the 'wizard', but having done this through the command line it does work on a 5505 running 9.1(3) - I use port 8086.

 

Relevant lines for ssh

webvpn 
 no enable outside      
 port 8086   
 enable outside
 anyconnect enable
 tunnel-group-list enable

 

Note you have to disable it first with the 'no enable outside' before you change the port.

 

 

View solution in original post

2 Replies 2

Go to solution
Neil Cudmore
Level 1
Level 1

‎02-20-2015 07:51 AM

Not done this through the 'wizard', but having done this through the command line it does work on a 5505 running 9.1(3) - I use port 8086.

 

Relevant lines for ssh

webvpn 
 no enable outside      
 port 8086   
 enable outside
 anyconnect enable
 tunnel-group-list enable

 

Note you have to disable it first with the 'no enable outside' before you change the port.

 

 

Go to solution
stevebuckleycork
Level 1
Level 1
In response to Neil Cudmore

‎02-20-2015 09:05 AM

you sir, are a genius. That worked perfectly - for some reason you cannot change the port number by using the wizard. Or more specificially you can but it causes the client services to keel over. Doing it via telnet worked fine. Thanks for your help

 

Steve

0 Helpful
Customers Also Viewed These Support Documents