Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4082
Views
10
Helpful
16
Replies

anyconnect IKEv2

Go to solution
Benjamin Saito
Level 1
Level 1

‎01-13-2016 10:10 AM - edited ‎02-21-2020 08:37 PM

I am configuring a new connection profile for remote access using IKEv2 instead of ssl. I used the following link for guidelines:

https://supportforums.cisco.com/document/74111/asa-anyconnect-ikev2-configuration-example

It is pretty straightforward but it's not working for me. When I try to connect to the connection profile I get the following error:

"Login denied, unauthorized connection mechanism, contact your administrator"

I haven't configured any DAP records to it's just using the default one that allows all connections. I am not really finding too much information on that error, anyone know what I can do to fix this? Thanks!

Labels:
0 Helpful
16 Replies 16

Go to solution
Benjamin Saito
Level 1
Level 1
In response to Philip D'Ath

‎01-14-2016 07:01 AM

I have fixed the problem. It was with the xml profile. I had to import it into the "Profile" folder on my local PC. I did this yesterday but I don't think the xml profile was configured correctly. Here is the path to put it in the correct folder on a windows 7 machine:

%PROGRAMDATA%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

The link I pasted in my original comment has that information. After I pasted it in I changed the XML profile to look like this:

<?xml version="1.0" encoding="UTF-8"?>

<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/">

  <ServerList>

    <HostEntry>

      <HostName>vpn.customer.com</HostName>

      <HostAddress>vpn.customer.com</HostAddress>

      <PrimaryProtocol>IPsec</PrimaryProtocol>

    </HostEntry>

  </ServerList>

</AnyConnectProfile>

It works if I put the IP address in for the <HostAddress> section but then I get a certificate error since the dns lookup is being done by the host file on my local machine. I am not a fan of this as each person who is going to connect in this manner will have to put that xml file in the profile folder. According to the link I was working with, it will automatically install the xml profile in the profile folder if they use the web deployment, I was unable to test this out though as I am getting a JAVA error when trying that method. Either way, the issue is resolved. Thanks for you help Philip!

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to Benjamin Saito

‎01-14-2016 12:46 PM

You're welcome.  It would be great if you could mark the answer and rate it if you think it is correct.  :-)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents