Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to configure WebVPN and ASDM on the same interface on ASA, and the "ERROR: Port 443 is already configured for WebVPN and will not be added" error message appears

Core issue

This issue is due to the presence of Cisco bug ID CSCsg05519.

When Internet Protocol Security (IPsec) over Transmission Control Protocol (TCP) is configured, the PIX/ASA rejects TCP/443 as an option because that port is already in use by WebVPN. This even occurs on the ASA when WebVPN is not enabled and on the PIX platforms that do not support WebVPN.

RTP-FW(config)#isakmp ipsec-over-tcp port 443

The use of this command returns the error message:

ERROR: Port 443 is already configured for WebVPN and will not be added. Please Choose a different port for ipsec-over-tcp.

Resolution

The security appliance can support both WebVPN and an Adaptive Security Device Manager (ASDM) administrative session simultaneously on the same interface, but by default, both WebVPN and ASDM listen on port 443.

In order to resolve this, assign different port numbers to one of these functions.

Enable ASDM to listen on a different port with this command:

ASA(config)#http server enable <1-65535>

Enable WebVPN to listen on a different port with these commands:

vpn-asa-1(config)#webvpn
vpn-asa-1(config-webvpn)#port <1-65535>

An alternative is to configure WebVPN and access to ASDM on different interfaces.

2392
Views
0
Helpful
0
Comments