Solved

will Port forwarding 443 no longer allow me to access my ASA VPN login page

Posted on 2011-03-24
5
1,124 Views
Last Modified: 2012-05-11
If I only have one public IP and I forward 443 to a nat ip behind the firewall would I still be able to access the VPN login page?

Currently xxx.xxx.xxx.xxx = my asa vpn login page if forwarded to 192.168.2.1 would I still see my vpn page. I am guessing nope.
0
Comment
Question by:newbsauce
5 Comments
 
LVL 1

Assisted Solution

by:Le_Rocca
Le_Rocca earned 166 total points
ID: 35210664
If you only forward 443 then you dont have http forwarded so you will not see the vpn login page i guess thats a webpage ? then you should also forward port 80
0
 

Author Comment

by:newbsauce
ID: 35210767
I have not forwarded anything at this point. I currently login using the asa web vpn. https://xxx.xxx.xxx.xxx

Some one wants me to forward 443 to an internal machine. I am thinking then no one could access our web vpn. Name says it all. I am newbsauce at this. Thank you for responding.
0
 
LVL 7

Accepted Solution

by:
expert1010 earned 167 total points
ID: 35210822
No. You shouldn't. In this case you're sending a packet with destination IP to your external adress with the port 443. The firewall sees nothing else.

What you can do is run the webserver on another port and specify that when you want to reach it.

For instance 4443 instead of 443. And reach it by this.

https://v.x.y.z:4443

You'll have to configure ASA to run on 4443 before you configure port forwarding of 443. ASA will complain with someting like this otherwise:

static (inside,outside) tcp interface 443 1.1.1.1 443 netmask 255.255.255.255 tcp 0 0 udp 0 unable to reserve port 443 for static PAT

Or similar.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 35213926
You can of course change the port that the VPN is running on!
Also be aware that ASDM access will need to be on another port if you access it from outside.
Like so http://www.petenetlive.com/KB/Article/0000268.htm
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 167 total points
ID: 35214275
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now