Cisco Cisco ASA 5520 Adaptive Security Appliance Guía Para Resolver Problemas
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Problem
In ASA versions earlier than Version 8.0(2), ASDM and WebVPN cannot be enabled on the same interface of
the ASA, as both listen on the same port (443) by default. In Versions 8.0(2) and later, the ASA supports both
clientless Secure Sockets Layer (SSL) VPN (WebVPN) sessions and ASDM administrative sessions
simultaneously on Port 443 of the outside interface. However, when both services are enabled together, the
default URL for a particular interface on the ASA always defaults to the WebVPN service. For example,
consider this ASA configuration data:
the ASA, as both listen on the same port (443) by default. In Versions 8.0(2) and later, the ASA supports both
clientless Secure Sockets Layer (SSL) VPN (WebVPN) sessions and ASDM administrative sessions
simultaneously on Port 443 of the outside interface. However, when both services are enabled together, the
default URL for a particular interface on the ASA always defaults to the WebVPN service. For example,
consider this ASA configuration data:
rtpvpnoutbound6# show run ip
!
interface Vlan1
nameif inside
security−level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security−level 0
ip address 10.150.172.46 255.255.252.0
!
interface Vlan3
nameif dmz
security−level 50
ip address dhcp
!
interface Vlan5
nameif test
security−level 0
ip address 1.1.1.1 255.255.255.255 pppoe setroute
!
rtpvpnoutbound6# show run web
webvpn
enable outside
enable dmz
anyconnect image disk0:/anyconnect−win−3.1.06078−k9.pkg 1
anyconnect image disk0:/anyconnect−macosx−i386−3.1.06079−k9.pkg 2
anyconnect enable
tunnel−group−list enable
tunnel−group−preference group−url
rtpvpnoutbound6# show run http
http server enable
http 192.168.1.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 dmz
http 0.0.0.0 0.0.0.0 outside
rtpvpnoutbound6# show run tun
tunnel−group DefaultWEBVPNGroup general−attributes
address−pool ap_fw−policy
authentication−server−group ldap2
tunnel−group DefaultWEBVPNGroup webvpn−attributes
group−url https://rtpvpnoutbound6.cisco.com/admin enable
without−csd