Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ottawacanada150
Advisor

Changing a port for vpn portal

Jump to solution

Hello everyone,

 

I know this may sound like a silly question, but cant seem to find way to do this. Customer asked me if there is a way to actually change default port for vpn portal. They dont have mobile access enabled, but what they want to do is this (I will just give bogus example, but you will get an idea, as they use same port 4443 for Cisco vpn portal currently). This is strictly related to remote access client to site VPN.

Say their public IP is 40.50.60.70 and current vpn portal is vpn.acmecorporation.com:4443

I cant seem to find a way to do the same on CP side...I dont believe doing this on gateway properties under visitor mode worked and there does not appear to be any other option in GUI that I can tell to change this. Is there a file that has to be modified? They also wanted to know if default 443 port for vpn portal can be disabled, but not too sure about that either.

Also, on unrelated note, Im pretty sure in older R77 and before code, you were able to add tcp or udp protocols into the rules, but I dont see that any longer in R80. Was it taken away?

 

Thanks in advance.

0 Kudos
Reply
1 Solution

Accepted Solutions
G_W_Albrecht
Champion
Champion

Not possible - enabling Mobile Access Portal locks Visitor Mode to TCP 443. Only without MAB, RA IPSec VPN can use Visitor mode on another port (see sk103107). Usually, when the Endpoint VPN Client connects to the Security Gateway, the VPN tunnel is established on port 4500. When this port is unreachable for some reason, the Endpoint VPN Client switches automatically to Visitor Mode (Roaming), where the port 4500 packets are encapsulated and redirected to port 443.

And the MAB portal default link is https://vpn.acmecorporation.com/sslvpn.

View solution in original post

0 Kudos
Reply
8 Replies
G_W_Albrecht
Champion
Champion

I do not understand what you want to achieve - SSL VPN portal will use https on port 443 if enabled - but you can disable all portals.

0 Kudos
Reply
ottawacanada150
Advisor

Hi there and thanks for your response. What customer would like to test is have ssl vpn portal use port 4443 INSTEAD of default port 443...thats what we were trying to test. Whats best way to do this?

0 Kudos
Reply
G_W_Albrecht
Champion
Champion

Not possible - enabling Mobile Access Portal locks Visitor Mode to TCP 443. Only without MAB, RA IPSec VPN can use Visitor mode on another port (see sk103107). Usually, when the Endpoint VPN Client connects to the Security Gateway, the VPN tunnel is established on port 4500. When this port is unreachable for some reason, the Endpoint VPN Client switches automatically to Visitor Mode (Roaming), where the port 4500 packets are encapsulated and redirected to port 443.

And the MAB portal default link is https://vpn.acmecorporation.com/sslvpn.

View solution in original post

0 Kudos
Reply
ottawacanada150
Advisor

They are not using mobile access though...

0 Kudos
Reply
ottawacanada150
Advisor

K, let me check that sk

0 Kudos
Reply
ottawacanada150
Advisor

Ok, sorry about the confusion...yes, thats what we actually changed yesterday, same procedure from the sk mentioned. I believe its working currently, as I tried it on port 4443 and it was fine.

 

Tx!!

0 Kudos
Reply
G_W_Albrecht
Champion
Champion

That is hown it should be - just fine 😎!

0 Kudos
Reply
ottawacanada150
Advisor

Thank you, appreciated. Vielen Dank...hope I said that right :))

0 Kudos
Reply