I did, but anything you do to that string, results in no profile matching:
009801: *Nov 9 12:09:37.254 EET: IKEv2:(SESSION ID = 110,SA ID = 1):Searching policy based on peer's identity '*$AnyConnectClient$*' of type 'key ID'009802: *Nov 9 12:09:37....
Found out that those error messages are also in the debug output of a working profile (EAP-MD5). So, those are not necesarly a problem.
I found out though:
007761: *Nov 6 01:11:12.962 EET: IKEv2:(SESSION ID = 96,SA ID = 1):Error in settig received co...
I did edit the AnyconnectLocalPolicy.xml:
<BypassDownloader>true</BypassDownloader>
I compared my config with yours and they look similar.
The main difference is that i really need to have:
match identity remote key-id *$AnyConnectClient$*
instead ...
Hi,
I also noticed auth proto is PAP. Wonder if it can be changed.
We've done the following steps:
1) Upgraded to 3.16.
2) Used your config, but noticed that we need to add to your suggested config:
crypto ikev2 profile AC match identity remote key-...
Hi,
We will test it tonight and update here.
Authentication method in Anyconnect, I guess it must be: EAP-Anyconnect.
Authentication protocol in ISE, must be? I'll check them all anyway to see which one it picks up.
Thanks,
C