https://www.cisco.com/c/en/us/td/docs/routers/access/isr4400/software/configuration/xe-17/isr4400-sw-config-xe-17/m_sec-conn-sslvpn-ssl-vpn-xe.html

check this link

Thanks so much MHM Cisco World .

I am getting the below error . Do you notice anything wrong in the debug

##########################################################

VID Next payload: NOTIFY, reserved: 0x0, length: 29
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
VID Next payload: CFG, reserved: 0x0, length: 20
CFG Next payload: NOTIFY, reserved: 0x0, length: 14
cfg type: CFG_REQUEST, reserved: 0x0, reserved: 0x0

Oct 30 03:03:45.162: attrib type: Unknown - 28728, length: 2
NOTIFY(REDIRECT_SUPPORTED) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: Unknown - 0, spi size: 0, type: REDIRECT_SUPPORTED

Oct 30 03:03:45.166: IKEv2-ERROR:(SESSION ID = 22,SA ID = 4):Received Policies: : Failed to find a matching policyProposal 1: AES-GCM-256 AES-GCM-192 AES-GCM-128 SHA384 SHA512 SHA256 SHA1 None DH_GROUP_256_ECP/Group 19 DH_GROUP_384_ECP/Group 20 DH_GROUP_521_ECP/Group 21 DH_GROUP_3072_MODP/Group 15 DH_GROUP_4096_MODP/Group 16
Oct 30 03:03:45.166:
Oct 30 03:03:45.166: Proposal 2: AES-CBC-256 AES-CBC-192 AES-CBC-128 SHA384 SHA512 SHA256 SHA1 SHA256 SHA384 SHA96 SHA512 DH_GROUP_256_ECP/Group 19 D H_GROUP_384_ECP/Group 20 DH_GROUP_521_ECP/Group 21 DH_GROUP_3072_MODP/Group 15 DH_GROUP_4096_MODP/Group 16
Oct 30 03:03:45.167:
Oct 30 03:03:45.167:
Oct 30 03:03:45.167: IKEv2-ERROR:(SESSION ID = 22,SA ID = 4):Expected Policies: : Failed to find a matching policyProposal 1: AES-CBC-256 SHA512 SHA5 12 DH_GROUP_2048_MODP/Group 14
Oct 30 03:03:45.167:
Oct 30 03:03:45.167:
Oct 30 03:03:45.167: IKEv2-ERROR:(SESSION ID = 22,SA ID = 4):: Failed to find a matching policy
Oct 30 03:03:45.167: IKEv2-PAK:(SESSION ID = 22,SA ID = 4):Next payload: NOTIFY, version: 2.0 Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONS E Message id: 0, length: 36
Payload contents:
NOTIFY(NO_PROPOSAL_CHOSEN) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: Unknown - 0, spi size: 0, type: NO_PROPOSAL_CHOSEN

Oct 30 03:03:45.168: IKEv2-ERROR:(SESSION ID = 22,SA ID = 4):Initial exchange failed: Initial exchange failed
Oct 30 03:04:01.661: %SEC-6-IPACCESSLOGP: list DIA denied udp 10.5.50.105(60215) -> 255.255.255.255(5246), 6 packets
Oct 30 03:04:01.661: %SEC-6-IPACCESSLOGP: list DIA denied udp 10.5.50.101(54739) -> 255.255.255.255(5246), 6 packets
Oct 30 03:04:01.661: %SEC-6-IPACCESSLOGP: list DIA denied udp 10.5.50.104(54715) -> 255.255.255.255(5246), 6 packets
Oct 30 03:04:19.801: IKEv2-PAK:(SESSION ID = 19,SA ID = 3):Next payload: ENCR, version: 2.0 Exchange type: INFORMATIONAL, flags: RESPONDER Message id: 3, length: 96
Payload contents:
ENCR Next payload: NONE, reserved: 0x0, length: 68

Oct 30 03:04:19.814: IKEv2-PAK:(SESSION ID = 19,SA ID = 3):Next payload: ENCR, version: 2.0 Exchange type: INFORMATIONAL, flags: INITIATOR MSG-RESPONSE Message id: 3, length: 96
Payload contents:

#################################################

Thanks

If I am trying to connect via IP address I am getting the below error

Hello,

there is at least one error in your FlexVPN configuration. Add the line marked in bold:

crypto ikev2 policy IKEV_POLICY
! Policy Incomplete(MUST have atleast one complete proposal attached)
--> proposal IKEV2_PROPOSAL
match fvrf any

Also, which AnyConnect client version do you have, and on which clients (e.g. Windows 11) are those clients installed ?

Thanks Georg,

Sorry I didn't add it in the forum but I have that fixed before the post . I am using Cisco ISR 4321 and on windows 10 with the latest Anyconnect version 4.10

I can only think it as the device itself not supporting ?

Thanks