Did you have an extra public IP address for this or did you need to use your interface IP address? I guess it was the interface IP address?
The other discussion seemed to use Manual NAT configuration format to achieve the Static PAT (Port Forward) configuration. I would personally use Auto NAT
The problem with TCP/443 port forwarding and using the "interface" IP address is that your ASDM and SSL VPN also uses that port. Creating the Static PAT using the interface IP address would then probably cause problems. There is option to change both the ASDM and SSL VPN port on the ASA but this naturally causes some inconvinience since it doesnt use the default port anymore.
The usual configuration format for Static PAT would be
object network OWA-HTTPS
nat (inside,outside) static interface service tcp 443 443
Thanks for the fast reply, I don't have an extra IP address at this stage, I would prefer to use the interface IP address (provided by the ISP) for the time being until we can get another IP. I will def look at changing over to Auto NAT for a better solution to the other discussion.
I assumed that I would have to change the default ASDM and SSL VPN port on the ASA, how can this be achieved in ASDM?
Also what port is best practice to change this to if I do go down that path??
I am not sure how you currently manage your firewall. Do you perhaps do it from the public network also or only from the LAN? If you are doing it remotely then I would suggest that you first confirm that you have SSH connectivity to the ASA incase there is any problems when doing these changes so that you dont cut yourself off from any type of management connection.
The ASDM port used can be set in the command you already have active on the ASA.
http server enable
You probably only have "http server enable" at the moment. You can simply specify the used port after the command to change the port.
You can use the following command to view on what ports the ASA is listening on.
show asp table socket
I have not changed the ASDM port from ASDM itself. I would imagine that you might be able to change it through there but I would also guess that the connection to the ASA will be cut after that and you will have to form the new connection with using the IP address and port in the field when logging on with the ASDM
For example enter to the ASDM log in window
Where the 4443 would be the new port to which you connect instead of the default 443
I am not really sure if there is a good practise for choosing the port. I guess it would be avoiding the most typical ones. On the other hand its about convinience since you now have to mention the port when connection to the device either with ASDM or SSL VPN.
You can find the section to change the ASDM port from Configuration -> Device Management -> Management Access -> ASDM/HTTPS/Telnet/SSH and the view that opens will have the section for the port used.
I think regarding the SSL VPN Client/Clientless the port can be changed from
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :