Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ssl vpn denied

Hi,

little problem. I have a ssl vpn configured and if i try to connect to the ssl vpn the following message appears in asdm log viewer:

3    Oct 21 2010    00:37:59    710003    <source ip>    5909    <destination ip>    443    TCP access denied by ACL from <source ip>/5909 to outside:<destination ip>/443

I i perform a packet trace i see that an ACL is  blogging the traffic but i dont know which ACL

Type -
ACCESS-LIST
Action -
DROP
Show rule in Access Rules table.
Config
Implicit Rule

if i click show rule in access rules table it jumps to outside, there is no rule configured. I^m using asa 8.3

Any help?

For information http server is enabled on port 8443 , maybe this is the problem?

4 REPLIES
Cisco Employee

Re: ssl vpn denied

Hi,

I assume the "destination IP" you see is the outside interface IP address of the ASA. Please share a sanitized config from your ASA. Check if webvpn is enabled on the outside interface.

Also, share the output of "show asp table socket" with modified addresses if needed.

Regards,

Prapanch

New Member

Re: ssl vpn denied

Yes you are right, its the outside ip. Wich parts of the config do you need?

here is a show asp table socket

Protocol  Socket    Local Address               Foreign Address         State
SSL       0003a04f  192.168.52.1:8443           0.0.0.0:*               LISTEN
TCP       0007ee3f  192.168.52.1:22             0.0.0.0:*               LISTEN
DTLS      000a45af  :443           0.0.0.0:*               LISTEN
SSL       05819758  192.168.52.1:8443           192.168.52.11:44535     ESTAB
SSL       05fd1928  192.168.52.1:8443           192.168.52.11:6139      ESTAB
SSL       0608f438  192.168.52.1:8443           192.168.52.11:6145      ESTAB
SSL       06366a78  192.168.52.1:8443           192.168.52.11:6175      ESTAB
TCP       06841308  192.168.52.1:22             192.168.52.11:50786     ESTAB

New Member

Re: ssl vpn denied

It`s working now. I have changed the ASDM port (althoug it was another port than 443) and disabled the outside interface for ssl vpn. Changed than the port to another and tested it. Working fine. Changed than the port back to 443 and it worked again.

Seemed the asdm port and the webvpn port are in trouble or some configuration in cache??

Cisco Employee

Re: ssl vpn denied

Hi,

Indeed looks like some kind of problem though may not be what you are mentioning. The socket information shows that we were listening for ASDM on port 8443 and for SSL connections on port 443.

If you do see this happening again, it might be better to open a TAC case for investigation. Anyways, good that you managed to get it working.

Regards,

Prapanch

448
Views
0
Helpful
4
Replies
CreatePlease login to create content