Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Enabling WebVPN while NAT port 443


a client has a small 877W Router running the Advanced IP Service IOS.

It connects to the Internet using a standard ADSL2 connection with a single static IP address.

Currently, Outlook Web Access is available from the Internet by NAT configured to forward HTTPS traffic to an internal W2K3 SBS Server.

I would like to configure WebVPN but having played with it on this device realise that while I have NAT configured for port 443 to the internal server, the WebVPN portal won't work as it uses the same port.

Is there anyway to have WebVPN configured and while still allowing access to OWA web access from the Internet? Please note, I would rather not do the following:

- Change to a non-standard port for either service as this will just confused the non-technical users

- Restrict OWA access to just inside the WebVPN portal as some users have notebooks and connect their full Outlook clients via RPC-over-HTTPS so OWA needs to be accessible outside of the portal also.

Thanks for any assistance.


Community Member

Re: Enabling WebVPN while NAT port 443

I suppose further clarification on this may be required.

I want to allow two types HTTPS connections to the same, single, public IP on the router.

The first is to the internal OWA website and hence terminates behind the router at the SBS server.

The second is to the router for WebVPN and should terminate on the router.

The issue obviously is that if only inspecting the incoming connections up to Layer 4, both will look identical and there is no way of differeniating the two connections.

Is there a way to implement a higher layer of inspection so that connections to goes to the internal OWA server and connections to goes to the router and either the portal or SSL VPN connection is accessed?

Any ideas would be appreciated.



Community Member

Re: Enabling WebVPN while NAT port 443

Do you already have a webserver running on ? If so then you could write a little script that site at /exchange that simply does an http-redirect to which is port forwarding to the internal exchange server on 443 and have the script do /webvpn as an http-redirect to

I am not sure if you can do it as "inspection" on the router though. Http-redirect scripts are pretty easy to do if you control the content on your companies web server. Other than that you can run WebVPN on a non standard port too if you want to keep exchange on 443 but I think you are better off using the method I described above if you want to use the URI portion of a URL for redirection.

Is there a reason to no have OWA:443 running on a different IP than the WebVPN connection? Seems like letting DNS take care of the whole thing might be simpler.

Hope that helps :)

Community Member

Re: Enabling WebVPN while NAT port 443

Just saw that there is only a single static IP, missed that through the first read...apologies.

CreatePlease to create content