ASDM and WebVPN Enabled on the Same Interface of ASA

Document ID: 72893

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Problem
Solution(s)
      Solution 1
      Solution 2
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

This document provides information on how Adaptive Security Device Manager (ASDM) and WebVPN are enabled on the same interface of the Cisco 5500 Series Adaptive Security Appliances (ASA).

Note: This document is not applicable for the Cisco 500 Series PIX Firewall, because it does not support WebVPN.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

WebVPN configuration—Refer to the ConfiguringWebVPN section of Cisco Security Appliance Command Line Configuration Guide for more information.
Basic configuration required to launch ASDM—Refer to the Configuring the Security Appliance for ASDM Access section of Cisco Security Appliance Command Line Configuration Guide for more information.

Components Used

The information in this document is based on the Cisco 5500 Series ASA.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Problem

ASDM and WebVPN cannot be enabled on the same interface of the ASA, as both are listening on the same port, 443, by default.

Solution(s)

You can either change the https server port number for launching ASDM, or the listening port for WebVPN in order to overcome this problem.

Solution 1

Complete these steps:

Enable the https server to listen on a different port in order to change the configuration related to the ASDM in ASA, as shown here:

ASA(config)#http server enable <1-65535>


configure mode commands/options:
  <1-65535>  The management server's SSL listening port. TCP port 443 is the
             default.

This is an example:

ASA(config)#http server enable 65000

After you change the default port configuration, launch the ASDM from a supported web browser on the security appliance network as the format shown:
```
https://interface_ip_address:<customized port number>
```
This is an example:
```
https://192.168.1.1:65000
```

Solution 2

Complete these steps:

Allow WebVPN to listen on a different port in order to change the configuration related to WebVPN in ASA, as shown here:


!--- Enable the WebVPN feature on the ASA.

ASA(config)#webvpn

!--- Enables WebVPN for the outside interface of ASA.

ASA(config-webvpn)#enable outside

!--- Allow the ASA to listen to the WebVPN traffic on the customized 
!--- port number.

ASA(config-webvpn)#port <1-65535>

webvpn mode commands/options:
  <1-65535>  The WebVPN server's SSL listening port. TCP port 443 is the
             default.

This is an example:

ASA(config)#webvpn
ASA(config-webvpn)#enable outside
ASA(config-webvpn)#port 65010

After you change the default port configuration, open a supported web browser and connect to the WebVPN server as the format shown:
```
https://interface_ip_address:<customized port number>
```
This is an example:
```
https://192.168.1.1:65010
```

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.

NetPro Discussion Forums - Featured Conversations for Security

Security: Intrusion Detection [Systems]

Security: AAA

Security: General

Security: Firewalling

Related Information

Updated: Jan 11, 2007

Document ID: 72893

Hierarchical Navigation

Cisco ASA 5500 Series Adaptive Security Appliances