Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

IPSEC over TCP & SSL VPN

We have a pair of ASA5550's running 8.0(3) that are configured for ipsec-over-tcp on port 443. I'd like to enable and test ssl vpn (Anyconnect) functionality on the same ASAs - do I have to use a different port for the ssl vpns or can both services coexist on the same port?

7 REPLIES

Re: IPSEC over TCP & SSL VPN

Both services can coexist on outside interface as it is also part of SSL clienless vpn.

Rgds

-Jorge

Re: IPSEC over TCP & SSL VPN

I think that would be analogous to expecting an FTP server to be able to share the same port number with a Web server.

One process, one port.

Use a separate port.

Re: IPSEC over TCP & SSL VPN

Michael, we are not talking about FTP, it is simply understanding Annyconnect and WebVPN, both are SSL based .

here are couple of links for reference, if I was not sure I would have not answered to the thread, I run both Anyconnect and WebVPN.

Anyconnect

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml#req

Webvpn

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml

Rgds

-Jorge

Re: IPSEC over TCP & SSL VPN

The guy is talking about "ipsec-over-tcp on port 443. " Please read the initial question carefully. This will require different ports AFAIK.

Regards

Farrukh

Re: IPSEC over TCP & SSL VPN

Jorge:

You mis-understood my reply.

I was providing an "analogy", that you can't expect two different processes to share the same TCP port number.

He was indicating that he was encapsulating his existing IPSec tunnels within TCP (port 443), and was wondering whether he could "also" terminate SSL VPN tunnels on the same TCP port of the endpoint.

I was suggesting that he needs to terminate these two different processes on different TCP port numbers.

I read his post carefully, did you read mine carefully?

Another thought: He did not say his pre-existing IPsec tunnels were web-based. He may have chosen port 443 so that his VPN clients could get through a port commonly open on most firewalls.

Re: IPSEC over TCP & SSL VPN

Michael, take my apologies, indeed I did not read the Ipsec/TCP portion, misunderstanding on my part thus treated the answer on a different perspective. Your approach is logical.

Rgds

-Jorge

Re: IPSEC over TCP & SSL VPN

Jorge:

Thank you for the gracious response.

269
Views
0
Helpful
7
Replies
CreatePlease to create content