Hi,
I am not sure how you currently manage your firewall. Do you perhaps do it from the public network also or only from the LAN? If you are doing it remotely then I would suggest that you first confirm that you have SSH connectivity to the ASA incase there is any problems when doing these changes so that you dont cut yourself off from any type of management connection.
The ASDM port used can be set in the command you already have active on the ASA.
http server enable
You probably only have "http server enable" at the moment. You can simply specify the used port after the command to change the port.
You can use the following command to view on what ports the ASA is listening on.
show asp table socket
I have not changed the ASDM port from ASDM itself. I would imagine that you might be able to change it through there but I would also guess that the connection to the ASA will be cut after that and you will have to form the new connection with using the IP address and port in the field when logging on with the ASDM
For example enter to the ASDM log in window
1.1.1.1:4443
Where the 4443 would be the new port to which you connect instead of the default 443
I am not really sure if there is a good practise for choosing the port. I guess it would be avoiding the most typical ones. On the other hand its about convinience since you now have to mention the port when connection to the device either with ASDM or SSL VPN.
You can find the section to change the ASDM port from Configuration -> Device Management -> Management Access -> ASDM/HTTPS/Telnet/SSH and the view that opens will have the section for the port used.
I think regarding the SSL VPN Client/Clientless the port can be changed from
Configuration -> Remote Access VPN -> Network (Client) Access -> AnyConnect Connection Profiles -> Port Settings -button
OR
Configuration -> Remote Access VPN -> Clientless SSL VPN Access -> Connection Profiles -> Port Settings -button
Hope this helps
- Jouni
