Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5479
Views
5
Helpful
8
Replies

Unable to disable Remote VPN

Go to solution
Cisco Freak
Level 4
Level 4

‎07-08-2016 12:31 PM

Hi Experts,

I was trying to disable Remote access VPN in an ASA.

ASA(config)# no webvpn
ASA(config)# end

ASA# sh run webvpn
ASA#

I removed the enable inside and enable outside command under webvpn. But still I am getting the prompt in AnyConnect client and when I try https URL I get the page with "File not found" error. How can I completely disable it?

I don't want any web page when I hit the VPN URL.

CF

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mdussana
Level 1
Level 1
In response to Cisco Freak

‎07-11-2016 02:56 PM

Maybe you have other services using port 443, as crypto ikev2 enable Outside client-services port 443, This will make the ASA to listen on 443 even though http and webvpn are disabled.

By entering show run | in 443 you can verify.

View solution in original post

8 Replies 8

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎07-08-2016 06:11 PM

Perhaps the software version of that ASA will need a reboot.

0 Helpful

Go to solution
Cisco Freak
Level 4
Level 4
In response to Philip D'Ath

‎07-11-2016 09:05 AM

I tried a reboot too.. But even after that VPN is working.

0 Helpful

Go to solution
mdussana
Level 1
Level 1

‎07-11-2016 01:33 PM

Hi,

After disabling webvpn you shouldn't be able to get the client portal anymore, but the ASA web service is still running so you should be getting that page immediately after disabling webvpn.

If you are entering a custom URL, the ASA will redirect it to /admin and show you a 404 error message probably.Then, If you do not want any webpage at all, I would recommend then disabling HTTP on your ASA.

0 Helpful

Go to solution
Cisco Freak
Level 4
Level 4
In response to mdussana

‎07-11-2016 01:53 PM

It's all disabled, but still I am getting a web response. Check the attached screen capture.

ASA# sh run http
ASA# sh run we
ASA# sh run webvpn
ASA#

Preview file
18 KB
0 Helpful

Go to solution
mdussana
Level 1
Level 1
In response to Cisco Freak

‎07-11-2016 02:13 PM

Hi,

Have you already cleared your cache? Please send me the "show asp table socket" output and if possible take a capture on your outside interface. (hide the IPs if you prefer).

Thanks.

0 Helpful

Go to solution
Cisco Freak
Level 4
Level 4
In response to mdussana

‎07-11-2016 02:41 PM

ASA# sh asp table socket


Protocol Socket Local Address Foreign Address State
SSL 0003857f 192.168.15.1:443 0.0.0.0:* LISTEN
SSL 0005e5ef x.x.x.x:443 0.0.0.0:* LISTEN
TCP 0006a22f 192.168.15.1:22 0.0.0.0:* LISTEN
TCP 0008bcdf x.x.x.x:22 0.0.0.0:* LISTEN
TCP 006fb088 192.168.15.1:22 10.10.79.12:42349 ESTAB
ASA#


ASA# sh run http
ASA# sh run webvpn
ASA#

0 Helpful

Go to solution
mdussana
Level 1
Level 1
In response to Cisco Freak

‎07-11-2016 02:56 PM

Maybe you have other services using port 443, as crypto ikev2 enable Outside client-services port 443, This will make the ASA to listen on 443 even though http and webvpn are disabled.

By entering show run | in 443 you can verify.

Go to solution
Cisco Freak
Level 4
Level 4
In response to mdussana

‎07-11-2016 03:20 PM

You are right!!

ASA had that command enabled on the outside interface. 

Removed that command then reloaded the FW, not its all good!!

Thank you!

CF

0 Helpful
Customers Also Viewed These Support Documents