Remote Access via AnyConnect Fails

Security ASA
1

I have AnyConnect configured on ASA 5505, and I can successfully connect from outside interface of ASA. Windows 7 PC is connected to outside interface subnet of ASA. The windows 7 PC downloads the AnyConnect software after I entered the url that was configured on the ASA, and receives an IP address from VNP pool configured on ASA 5505.

When I tried to connect from Internet using my public IP address of my ISP, it fails.

I configured my Actiontec C1000A Modem to forward TCP port 443, and UDP port 443.

I used Port Forwarding Tester to determine if my public IP address port 443 is open. Unfortunately, it is closed. Has anyone able to get AnyConnect to work using CenturyLink as their ISP?

I was chatting with CenturyLink technical support, but technical support wasn’t helpful. They ask me did I have port forwarding configured on the modem, and I told them yes. I haven’t received a response back after responding to them.

I don’t think I can access my LAN from Internet using AnyConnect if port 443 is not open. I have Port 22 forward, and I can SSH into my device from the Internet because this port is open on my public IP address from my ISP after running the Port Forwarding Tester.

Any assistance would be appreciated.

Tim

2

Hi Tim,

If you connect your computer directly to the outside interface of your ASA, you are able to establish the anyconnect VPN correct? If so, it sounds like your ISP is blocking your ports and/or port forwarding is configured incorrectly.

I don’t have any experience with CenturyLink but maybe it’s possible to put your modem in bridge mode so your ASA gets the public IP? That’ll save you the hassle of forwarding ports.

Otherwise, trying another port number might also work.

Rene

3

Rene,

I’m now able to connect to my network from Internet via AnyConnect. My ISP is blocking port 443. I changed the port on my ASA to an open port that wasn’t being block by my ISP, and changed the TCP Port Forwarding on my DSL Modem.

I appreciate your vast knowledge on networking. Your forum is great because its align scenarios to real world compared to other forums I’ve used.

Tim