Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISA550 permit HTTPS inbound, error that SSLVPN is already using port

I'm trying to permit HTTPS from anywhere to an internal web server. The ISA is running SSLVPN on one IP address. I am trying to create an ACL and NAT that allows HTTPS on a totally different IP address than the SSLVPN runs on. If I go to Firewall>NAT>Port Forwarding and create a port forwarding rule as follows:

Original Service: HTTPS

Translated Service: HTTPS

Translated IP: Internal server IP address


WAN IP: External server IP address - not the same as the interface IP address


I get the following error:

The service HTTPS already is used by SSLVPN. Please use another service.


I feel like I'm missing something simple/stupid as I can't imagine that you can't have both SSLVPN and an internal HTTPS server running on two totally different IP addresses at the same time. TIA.



Hi,You can try with :Original


You can try with :

Original Service: 8080

Translated Service: HTTPS

Translated IP: Internal server IP address






New Member

The problem is that the

The problem is that the original service needs to be HTTPS. I can't use a different port number for that, and I also can't run the VPN on a different port. I would think that since I'm using 2 different IP addresses, it would work just fine. I know with an ASA I can have as many HTTPS rules as I have unique external IP addresses. Thanks for the response though!

New Member

I also tried just doing a 1-1

I also tried just doing a 1-1 NAT from the external IP to the internal IP and it gives me the exact same error.

New Member

More info. Just to test, I

EDIT - nevermind, needed to match TCP on both sides.


More info. Just to test, I decided to try what you suggested. When I do that (original 8443, translated HTTPS) I get the error "protocol of selected service object is not the same". Ugh.