Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
3
Helpful
4
Replies

VPN no connection after port change

00u18jg7x27DHjRMh5d7
Level 1
Level 1

‎10-17-2023 08:13 AM

I have to change ports on or VPN connection due to standard 443 being used by a web server. But after changing the port I get an error "User not authorized for AnyConnect Client access contact your administrator".

I get the log in screen put in credentials then that comes up. On 443 I can use the same device no issues only change made was Access port and DTLS port under Access Interfaces on FMC 7.0.

Using DAP Trace I get the following:

FMC# DAP_TRACE: DAP_open: New DAP Request: 4C
DAP_TRACE: Username: Tom, DAP_add_SCEP: scep required = [FALSE]
DAP_TRACE: Username: Tom, DAP_add_AC:
endpoint.anyconnect.clientversion = "5.0.03085";
endpoint.anyconnect.platform = "android";
endpoint.anyconnect.devicetype = "samsung SM-N986U";
endpoint.anyconnect.platformversion = "13";
endpoint.anyconnect.deviceuniqueid = "FC3XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXC2";
endpoint.anyconnect.deviceuniqueidglobal = "FCXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX8C2";
endpoint.anyconnect.phoneid = "unknown";
endpoint.anyconnect.macaddress["0"] = "unknown";
endpoint.anyconnect.useragent = "AnyConnect Android 5.0.03085";
endpoint.anyconnect.session_token_security = "true";

DAP_TRACE: Username: Tom, dap_aggregate_attr: rec_count = 1
DAP_TRACE: Username: Tom, Selected DAPs: DfltAccessPolicy
DAP_TRACE: Username: Tom, DAP_close: 4C

Hopefully someone has an easy resolution for this 

Thanks

Labels:
4 Replies 4

M02@rt37
VIP
VIP

‎10-17-2023 08:33 AM

Hello @00u18jg7x27DHjRMh5d7,

Do you check if on your Cisco ASA/Firepower policiies are configured correctly and allow access on the new port you've configured.

Ensure there are no DAP exclusion rules preventing the user from connecting on the modified port.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

00u18jg7x27DHjRMh5d7
Level 1
Level 1
In response to M02@rt37

‎10-17-2023 09:24 AM

Currently have it accepting ANY port in the ACL. I will look into the DAP.

00u18jg7x27DHjRMh5d7_1-1697559802245.png

 

0 Helpful

MHM Cisco World
VIP
VIP

‎10-17-2023 08:39 AM

can I see the command you use to change the port of anyconnect VPN 

00u18jg7x27DHjRMh5d7
Level 1
Level 1
In response to MHM Cisco World

‎10-17-2023 09:20 AM

It was threw the GUI of FMC.  

00u18jg7x27DHjRMh5d7_0-1697559564016.png

 

0 Helpful
Customers Also Viewed These Support Documents