Re: IPSec over TCP fails on ASA 7.2(1)24

limtohsoon · ‎11-20-2006

Hi Sir,

I used to be able to configure IPSec over TCP (port 443) using the following command on an ASA 7.1(2):

isakmp ipsec-over-tcp port 443

Lately I upgraded the ASA to version 7.2(1)24. After rebooted, the above command went missing. I configured it back and got the following error message:

-----------------------------------------------------------------

asa5540(config)# isakmp ipsec-over-tcp port ?

configure mode commands/options:

<1-65535> IPSec over TCP port

<cr>

asa5540(config)# isakmp ipsec-over-tcp port 443 ?

configure mode commands/options:

<1-65535> IPSec over TCP port

<cr>

asa5540(config)# isakmp ipsec-over-tcp port 443

ERROR: Port 443 is already configured for management and will not be added. Please Choose a different port for ipsec-over-tcp.

asa5540(config)#

-----------------------------------------------------------------

It doesn't allow me to configure the command. Is there any workaround? Please advise.

Thank you.

B.Rgds,

Lim TS

m.sir · ‎11-20-2006

Why do you need IPsec over port 443...

This is used by SSL (for ssl VPN and https acess for ASDM)

If you really need IPsec over 443 you need turn change port for http server with command (for example to 8080)

http server enable 8080

than you can run command

isakmp ipsec-over-tcp port 443

Now initiate ASDM sessions by entering https://:8080 in the browser

M.

Hope that helps rate if it does