10-17-2008 02:16 AM - edited 02-21-2020 03:59 PM
Hello,
My ASA 8.0.4 is working fine for UDP-over-IPSEC connectinos. However TCP-over-IPSEC over 443 is not working. I did configure port 443 in the ASA. ASDM error I get:(although i am not sure this has anything to do with it) Duplicate phase 2 packet detected.
Anybody an idea ?
thanks Karien
10-17-2008 02:19 AM
The ASA listens on port 443 for secure ASDM connections. Change this port to the default 10000 and re-test.
Also if the ASA is behind a firewall - allow TCP 10000 thru to the ASA.
HTH>
10-17-2008 02:44 AM
Hi Andrew,
Thanks for your reply.
However, I forgot to tell, ASDM is running on port 456. So it should not conflict with IPSEC-over-TCP.
Any other idea?
thx Karien
10-17-2008 02:49 AM
Do you have WebVPN enabled, as that also uses 443.
For the sake of testing, I would change the port to 10000
crypto isakmp ipsec-over-tcp port 10000
The re-test, if it works - then the issue is with something else on the ASA trying to use 443. if it does not work - then you also have an issue somewhere else.
Are you actually forcing the VPN client to use IPSEC pver TCP - and the client is configured to use 443??
10-17-2008 03:55 AM
Hello Andrew,
Unfortunately the production firewall in front doesn't allow port 10000 in. I would have to make request for a change.
Did anybody else have this issue ?
thx Karien
03-15-2010 05:46 AM
Andrew,
Qtn about this command ' crypto isakmp ipsec-over-tcp port 10000 '
I have an ASA 5520 doing Cisco client VPN, WebVPN (SSL) and responding to ASDM. So which one of these services is the above command changing?
thanks
Ajaz
03-15-2010 06:31 AM
Ajaz,
It changes any connection via the VPN Remote client/Hardware Client - where the remote end NAT device does not support/understand NAT-T/VPN PassThru. It also enables you to allow IPSEC connections on ISP/3rd Party/Provider networks, that block the normal RFC NAT-T UDP 4500.
The port can be changed from 10000 to whatever you want, if you have a firewall that sites in front of the VPN device, the TCP port must be allowed thru.
This does not apply Web SSL & ASDM connections.
HTH>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide