Cisco Cisco ASA 5555-X Adaptive Security Appliance - No Payload Encryption Guía Para Resolver Problemas
Solution
In order to resolve this issue, you can either use the appropriate URL in order to access the respective service
or change the port on which the services are accessed.
or change the port on which the services are accessed.
Note: One disadvantage with the latter solution is that the port is changed globally, so every interface is
affected by the change.
affected by the change.
Use the Appropriate URL
In the example configuration data provided in the Problem section, the outside interface of the ASA can be
reached by HTTPS via these two URLs:
reached by HTTPS via these two URLs:
https://<ip−address> <=> https://10.150.172.46
https://<domain−name> <=> https://rtpvpnoutbound6.cisco.com
However, if you attempt to access these URLs while WebVPN service is enabled, the ASA redirects you to
the WebVPN portal:
the WebVPN portal:
https://rtpvpnoutbound6.cisco.com/+CSCOE+/logon.html
In order to access ASDM, you can use this URL:
https://rtpvpnoutbound6.cisco.com/admin
Note: As shown in the example configuration data, the default tunnel group has a group−url defined with use
of the group−url https://rtpvpnoutbound6.cisco.com/admin enable command, which should conflict with the
ASDM access. However, the URL https://<ip−address/domain>/admin is reserved for ASDM access, and if
you set it under the tunnel group, there is no effect. You are always redirected to
https://<ip−address/domain>/admin/public/index.html.
of the group−url https://rtpvpnoutbound6.cisco.com/admin enable command, which should conflict with the
ASDM access. However, the URL https://<ip−address/domain>/admin is reserved for ASDM access, and if
you set it under the tunnel group, there is no effect. You are always redirected to
https://<ip−address/domain>/admin/public/index.html.
Change the Port on which Each Service Listens
This section describes how to change the port for both the ASDM and WebVPN services.
Change the Port for the HTTPS Server Service Globally
Complete these steps in order to change the port for the ASDM service:
Enable the HTTPS server to listen on a different port in order to change the configuration that is
related to the ASDM service on the ASA, as shown here:
related to the ASDM service on the ASA, as shown here:
ASA(config)#http server enable <1−65535>
configure mode commands/options:
<1−65535> The management server's SSL listening port. TCP port 443 is the
default.
Here is an example:
ASA(config)#http server enable 65000
1.
After you change the default port configuration, use this format in order to launch the ASDM from a
supported web browser on the security appliance network:
supported web browser on the security appliance network:
https://interface_ip_address:<customized port number>
2.