This issue is due to the presence of Cisco bug IDCSCsg05519.
When Internet Protocol Security (IPsec) over Transmission Control Protocol (TCP) is configured, the PIX/ASA rejects TCP/443 as an option because that port is already in use by WebVPN. This even occurs on the ASA when WebVPN is not enabled and on the PIX platforms that do not support WebVPN.
The use of this command returns the error message:
ERROR: Port 443 is already configured for WebVPN and will not be added. Please Choose a different port for ipsec-over-tcp.
The security appliance can support both WebVPN and an Adaptive Security Device Manager (ASDM) administrative session simultaneously on the same interface, but by default, both WebVPN and ASDM listen on port 443.
In order to resolve this, assign different port numbers to one of these functions.
Enable ASDM to listen on a different port with this command: