07-21-2022 08:57 AM
Hello,
I need to disable access to the ASA 5508 by the 443 port from the outside.
Version 9.14(2)
The device works like a regular firewall for the office + has an IKEv1/IPSec tunnel to the AWS cloud.
Device is not used to connect users via vpn outside.
I tried to disable vpn access from the outside (please look at screenshots from ASDM), however, if I try to access the external interface of the device like https://<ip>:443, suddenly an 404 error message is displayed in browser, so I want to completely disable access on port 443 from the outside, since the device is old and probably can be susceptible to vulnerabilities (like https://www.youtube.com/watch?v=gqRmu3VFPVc)
I also tried disable via "no webvpn" in ssh console, but the problem still remains.
I can't disable internal http server, because of ASDM.
ASDM/HTTPS access set only for internal (lan/inside) interface.
07-21-2022 09:01 AM
webvpn
disable outside
07-21-2022 09:22 AM
tried, but:
ASA5508(config-webvpn)# disable outside
^
ERROR: % Invalid input detected at '^' marker.
07-21-2022 09:36 AM
no enable outside
or try disable Webvpn all with
no webvpn
07-21-2022 09:38 AM
when you end make double check by this command
sh asp table socket
07-21-2022 09:48 AM
unfortunately 443 still listen on the outside interface:
07-21-2022 09:42 AM
no enable outside - done
already performed no webvpn
but access to that 404 page is still there...
07-21-2022 09:44 AM
sh asp table socket
share output here
07-21-2022 09:53 AM
07-21-2022 10:17 AM
Yes but as I know the WebVPN and ASDM share same port 443.
07-21-2022 10:34 AM
This page is hardly related to the ASDM. I tried to connect to external (outside) interface from a host on the Internet:
07-21-2022 10:32 AM
Hi friend,
as I mention the port 443 is share with ASDM
but you can disable the page by
webvpn
keepout
try this way.
07-21-2022 10:48 AM
webvpn
keepout blank
unfortunately the same
07-21-2022 09:02 AM
- Check this thread for hints : https://community.cisco.com/t5/vpn/disabling-clientless-browser-based-vpn/m-p/2909549
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide