Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 7.2(2) ssl vpn (full tunnel mode)


After changing the default port 443 to e.g. 442 for the WebVPN access I see the following behaviour:

- clientless access mode is working as befor

- full tunnel client access mode gives the following error message:

"The SSL VPN to the remote peer was disrupted and could not automatically be re-established. A new connection requires re-authentication and must be started manually."

After changing the port nbr. back to 443, everything was working fine again. Beside changing the port number, ist there any thing else to consider?

Thank's for any reply,


ASA Version 7.2(2)


hostname fwrexu01

domain-name xy.local

enable password x encrypted



interface Vlan1

description LAN

nameif inside

security-level 100

ip address


interface Vlan3

description Outside, WebServer

nameif outside

security-level 0

ip address


access-list outside_access_in extended permit tcp any host eq https

access-list outside_access_in extended permit tcp any host eq smtp

access-list outside_access_in extended permit icmp any any echo-reply

access-list inside_access_in extended permit ip any any

access-list inside_access_in extended permit icmp any any echo

access-list inside_nat_outbound extended permit ip 19

access-list backup_access_in extended permit icmp any any echo-reply

pager lines 24

logging enable

mtu inside 1500

mtu backup 1500

mtu outside 1500

ip local pool WebVPN mask

arp timeout 14400

global (backup) 1 interface

nat (inside) 1 access-list inside_nat_outbound norandomseq

access-group inside_access_in in interface inside

access-group outside_access_in in interface outside

route outside 1 track 1

group-policy WebVPN-Policy internal

group-policy WebVPN-Policy attributes

dns-server value

vpn-tunnel-protocol webvpn


functions url-entry file-access file-entry file-browsing

url-list value Servers

customization value Rexult-WebLogin

svc enable

svc keep-installer installed

svc rekey time 30

svc rekey method ssl

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool WebVPN

authentication-server-group RADIUS LOCAL

default-group-policy WebVPN-Policy

tunnel-group DefaultWEBVPNGroup webvpn-attributes

customization Rexult-WebLogin

nbns-server timeout 2 retry 2

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

console timeout 0

management-access inside


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


message-length maximum 512


service-policy global_policy global

ntp server source inside


port 442

enable outside

csd image disk0:/securedesktop-asa-

csd enable

svc image disk0:/sslclient-win- 1

svc enable

customization Rexult-WebLogin

title text Rexult WebVPN Service

logo none

url-list Servers "Outlook WebAccess" 4

prompt hostname context

: end


Re: ASA 7.2(2) ssl vpn (full tunnel mode)

Refer to the "ASA Clientless SSL VPN (WebVPN) Troubleshooting Tech Note" present in the following url for more info on ssl vpn troubleshooting:

New Member

Re: ASA 7.2(2) ssl vpn (full tunnel mode)

Thank's for the link. But my problem is not the clientless SSL VPN mode. The SVC is not working afer changing the port. Does the scv client needs to be installed again after the port change?