Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SSL VPN Port Change

We currently have SSL VPN configured for users that goes to https://website.domain.com/portal/sslvpn.  However, now some of our users want to be able to use OWA/Active Sync.  Since port 443 is being used by the SSL VPN, how do I change the SSL VPN to another port so that OWA will use port 443.  We only have one external IP, we I was thinking we could change the port that the SSL VPN does not use 443.  This way Exchange can use 443.

Any thoughts on how to do this?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: SSL VPN Port Change

Hi Caleb,

You can change the port of the SSL VPN portal. On the SA 520W's web Security Appliance Configuration Utility, navigate to the Network Management Menu ->Remote Management; on the Remote management page, change the port number from 443 to 60443.  This way your SSL VPN clients will come in as:

https://:60443/Portal/SSLVPN

instead of

https:///Portal/SSLVPN

Alternatively, you can use a different port (other than 443 or 60443) but you will use a port forward from the WAN to the LAN as described on the document attached by trabb.

With the procedure on the document, you would basically be connecting to the following SSL portal:

https://:60444/Portal/SSLVPN

and be forwarded to:

https:///Portal/SSLVPN

Both should work.  Let us know if this help resolve your issues.

Cheers,

Julio

6 REPLIES

Re: SSL VPN Port Change

On an IOS device that supports SSL VPN, you can modify the port under the WebVPN gateway configuration.  For example, the config below will instruct the router to listen on port 4443 for SSL connections.  Users will then access the test gateway below using https://1.1.1.1:4443.


webvpn gateway ciscossl
ip address 1.1.1.1 port 4443
ssl trustpoint ciscossl
inservice
end

On the ASA platform, you can achieve the same result using the configuration below:

webvpn

  port 4443

  dtls port 4443

New Member

Re: SSL VPN Port Change

I forgot to mention.  This is a SA520W K9.  There is no IOS.

New Member

Re: SSL VPN Port Change

Good Day Caleb,

Take a peek at the document listed below that provides a 'How To' for changing SSL VPN port for Portal Access. Maybe it will help a bit.

Thanks!

New Member

Re: SSL VPN Port Change

I ended up calling TAC.  Turns out that the SA520W will not let you change the port for the SSLVPN.  It has to stay as 443.  The fix is to add a second external IP (via aliases) and point that https to the exchange server.

If you need Owa/Active Sync and the SSLVPN (that comes on the SA 520W)...than you have to have two external IP's.  There is no way around it unless you setup a 3rd party SSLVPN.

Cisco Employee

Re: SSL VPN Port Change

Hi Caleb,

You can change the port of the SSL VPN portal. On the SA 520W's web Security Appliance Configuration Utility, navigate to the Network Management Menu ->Remote Management; on the Remote management page, change the port number from 443 to 60443.  This way your SSL VPN clients will come in as:

https://:60443/Portal/SSLVPN

instead of

https:///Portal/SSLVPN

Alternatively, you can use a different port (other than 443 or 60443) but you will use a port forward from the WAN to the LAN as described on the document attached by trabb.

With the procedure on the document, you would basically be connecting to the following SSL portal:

https://:60444/Portal/SSLVPN

and be forwarded to:

https:///Portal/SSLVPN

Both should work.  Let us know if this help resolve your issues.

Cheers,

Julio

New Member

Re: SSL VPN Port Change

The TAC did the portion under Network Management...but did not adjust the portal layouts.  That should do it....thanks!

9072
Views
15
Helpful
6
Replies
CreatePlease to create content