Protocol Socket State

woori-bank · ‎02-26-2016

Hi! I have one question. I confiqured all settings for configure Anyconnect. I want to use port 6789.

I use NAT RULE (LAN1-center office LAN2-vpn clients), but i think that a need to use a second nat rule too, because port 6789 is not open.
I USE:

nat (inside,outside) source static LAN1 LAN1 destination static LAN2 LAN2 no-proxy-arp route-lookup

Is it need to use secobd rule for NAT?

object service PORTVPN
service tcp destination eq 6789
nat(outside,outside) source static LAN2 LAN2 destination static LAN2 LAN2 service PORTVPN

Or i need tu use acces-list?

access-list VPN_CLIENTS extended permit object PORTVPN any any
access-group OUTSIDE-ACL in interface OUTSIDE

How can I open PORT for using it for anyconnect?

THANK YOU!!!

Aditya Ganjoo · ‎02-26-2016

Hi,

I do not think you need NAT and ACl rules for this.

You just need to access it using the URL:

https://outside-ip:port

You should be able to access the Anyconnect page.

Reagrds,

Aditya

woori-bank · ‎02-26-2016

Thank you! but all port on asa is closed. And I try to use telnet to our external address on port 6789.It is faild.

Aditya Ganjoo · ‎02-26-2016

Hi,

Can you share the output of show asp table socket from the ASA ?

Regards,

Aditya

woori-bank · ‎03-10-2016

Protocol Socket State Local Address Foreign Address
SSL 001ed7f1 LISTEN 192.168.1.1:443 0.0.0.0:*
TCP 001f12f1 LISTEN 192.168.1.1:22 0.0.0.0:*
TCP 02fd0911 ESTAB 192.168.1.1:22 192.168.1.110:4977
SSL 0612789e1 LISTEN 80.80.80.80:6789 0.0.0.0:*
DTLS 06281622 LISTEN 80.80.80.80:443 0.0.0.0:*

ASA AnyConnect Remote Access VPN.USE NOT DEFAULT PORT.HOW OPEN IT?