cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


419
Views
0
Helpful
7
Replies
Beginner

cisco anyconnect ikev2 wiill support hotscan

i am using cisco anyconnect with IKEv2 (ios 9.5,anyconnect 4.2) .this configuration will support hotscan and CSD.

7 REPLIES 7
Highlighted
Beginner

Hello,

Hello,

You can refer to this documentations:

http://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/qa_c67-712937.html

Q.    Why does the Cisco AnyConnect Secure Mobility Client support IKEv2 and not IKEv1?
A.     IKEv2 offers greater security and mobility capabilities when compared to the older IKEv1. Unlike IKEv1, IKEv2 is capable of supporting AnyConnect features such as HostScan and secure mobility. However, HostScan and client policy and software updates will be performed over a SSL connection.
The CSD is already deprecated you dont need it anymore the hostscan image will contain all the supported features you just need hostscan. Make sure that the hostscan image is the same or newer than the anyconnect image that you are going to use.
Regards, please rate.
Beginner

as per this HostScan and

as per this HostScan and client policy will be port 443

Beginner

Yes hostscan will still use

Yes hostscan will still use SSL on port 443.

Participant

Hello Akhil,

Hello Akhil,

To add to what my peer just told you, the IKEv2 tunnel will be working just fine for the users and the way how they connect will use IKEv2, but the XML profile updates(Download of the updates from the Server to the client) hostScan posture module and so on will be performed over a SSL connection, but it should work just fine!

Please proceed to rate and mark as correct the helpful posts! keep me posted if something comes up!

Regards,

David Castro, 

Beginner

i configured ,any connect

i configured ,any connect ipsec is working . i blocked 443 firewall level .After that anyconnect ipsec is not connecting to firewall even.

Participant

If you block port 443, the

If you block port 443, the AnyConnect XML profile wont be able to update its components, how did you block it? as control plane?

Beginner

topology

topology

internet -> router->firewall

router inbound acl(traffic towards firewall) we blocked only 443 and 80 ,allow all other traffic.before asking password error will popup(connection attempt was timeout ).can conform this is due certificate or not.after entering credential product will update.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here