Solved: Changing a port for vpn portal

the_rock · ‎2020-12-04

Hello everyone,

I know this may sound like a silly question, but cant seem to find way to do this. Customer asked me if there is a way to actually change default port for vpn portal. They dont have mobile access enabled, but what they want to do is this (I will just give bogus example, but you will get an idea, as they use same port 4443 for Cisco vpn portal currently). This is strictly related to remote access client to site VPN.

Say their public IP is 40.50.60.70 and current vpn portal is vpn.acmecorporation.com:4443

I cant seem to find a way to do the same on CP side...I dont believe doing this on gateway properties under visitor mode worked and there does not appear to be any other option in GUI that I can tell to change this. Is there a file that has to be modified? They also wanted to know if default 443 port for vpn portal can be disabled, but not too sure about that either.

Also, on unrelated note, Im pretty sure in older R77 and before code, you were able to add tcp or udp protocols into the rules, but I dont see that any longer in R80. Was it taken away?

Thanks in advance.

G_W_Albrecht · ‎2020-12-04

Not possible - enabling Mobile Access Portal locks Visitor Mode to TCP 443. Only without MAB, RA IPSec VPN can use Visitor mode on another port (see sk103107). Usually, when the Endpoint VPN Client connects to the Security Gateway, the VPN tunnel is established on port 4500. When this port is unreachable for some reason, the Endpoint VPN Client switches automatically to Visitor Mode (Roaming), where the port 4500 packets are encapsulated and redirected to port 443.

And the MAB portal default link is https://vpn.acmecorporation.com/sslvpn.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

G_W_Albrecht · ‎2020-12-04

I do not understand what you want to achieve - SSL VPN portal will use https on port 443 if enabled - but you can disable all portals.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

the_rock · ‎2020-12-04

Hi there and thanks for your response. What customer would like to test is have ssl vpn portal use port 4443 INSTEAD of default port 443...thats what we were trying to test. Whats best way to do this?

G_W_Albrecht · ‎2020-12-04

Not possible - enabling Mobile Access Portal locks Visitor Mode to TCP 443. Only without MAB, RA IPSec VPN can use Visitor mode on another port (see sk103107). Usually, when the Endpoint VPN Client connects to the Security Gateway, the VPN tunnel is established on port 4500. When this port is unreachable for some reason, the Endpoint VPN Client switches automatically to Visitor Mode (Roaming), where the port 4500 packets are encapsulated and redirected to port 443.

And the MAB portal default link is https://vpn.acmecorporation.com/sslvpn.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

the_rock · ‎2020-12-04

They are not using mobile access though...

the_rock · ‎2020-12-04

K, let me check that sk

the_rock · ‎2020-12-04

Ok, sorry about the confusion...yes, thats what we actually changed yesterday, same procedure from the sk mentioned. I believe its working currently, as I tried it on port 4443 and it was fine.

Tx!!

G_W_Albrecht · ‎2020-12-05

That is hown it should be - just fine 8)!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

the_rock · ‎2020-12-05

Thank you, appreciated. Vielen Dank...hope I said that right :))

Are you a member of CheckMates?

Changing a port for vpn portal