Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1059
Views
0
Helpful
7
Replies

cisco anyconnect ikev2 wiill support hotscan

Akhil Raj k
Level 1
Level 1

‎02-17-2016 10:40 PM - edited ‎02-21-2020 05:44 AM

i am using cisco anyconnect with IKEv2 (ios 9.5,anyconnect 4.2) .this configuration will support hotscan and CSD.

Labels:
0 Helpful
7 Replies 7

Diego Lopez
Level 1
Level 1

‎02-18-2016 07:47 AM

Hello,

You can refer to this documentations:

http://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/qa_c67-712937.html

Q.    Why does the Cisco AnyConnect Secure Mobility Client support IKEv2 and not IKEv1?
A.     IKEv2 offers greater security and mobility capabilities when compared to the older IKEv1. Unlike IKEv1, IKEv2 is capable of supporting AnyConnect features such as HostScan and secure mobility. However, HostScan and client policy and software updates will be performed over a SSL connection.
The CSD is already deprecated you dont need it anymore the hostscan image will contain all the supported features you just need hostscan. Make sure that the hostscan image is the same or newer than the anyconnect image that you are going to use.
Regards, please rate.
0 Helpful

Akhil Raj k
Level 1
Level 1
In response to Diego Lopez

‎02-19-2016 03:05 AM

as per this HostScan and client policy will be port 443

0 Helpful

Diego Lopez
Level 1
Level 1
In response to Akhil Raj k

‎02-19-2016 08:15 AM

Yes hostscan will still use SSL on port 443.

0 Helpful

David Castro F.
Spotlight
Spotlight
In response to Akhil Raj k

‎03-08-2016 02:45 PM

Hello Akhil,

To add to what my peer just told you, the IKEv2 tunnel will be working just fine for the users and the way how they connect will use IKEv2, but the XML profile updates(Download of the updates from the Server to the client) hostScan posture module and so on will be performed over a SSL connection, but it should work just fine!

Please proceed to rate and mark as correct the helpful posts! keep me posted if something comes up!

Regards,

David Castro, 

0 Helpful

Akhil Raj k
Level 1
Level 1
In response to Diego Lopez

‎03-09-2016 03:35 AM

i configured ,any connect ipsec is working . i blocked 443 firewall level .After that anyconnect ipsec is not connecting to firewall even.

0 Helpful

David Castro F.
Spotlight
Spotlight
In response to Akhil Raj k

‎03-09-2016 04:41 AM

If you block port 443, the AnyConnect XML profile wont be able to update its components, how did you block it? as control plane?

0 Helpful

Akhil Raj k
Level 1
Level 1
In response to David Castro F.

‎03-09-2016 09:00 AM

topology

internet -> router->firewall

router inbound acl(traffic towards firewall) we blocked only 443 and 80 ,allow all other traffic.before asking password error will popup(connection attempt was timeout ).can conform this is due certificate or not.after entering credential product will update.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card