Easy VPN server Anyconnect compatibility

c.holloway · ‎04-26-2016

Quick question and sorry if it is a dumb one.

I have a client that wants a VPN set up, OK no sweat I rolled out an IPSec VPN using the Easy VPN wizard. Now the issue I run into is I'm testing on a windows 10 machine which won't let me install the oldschool client and Cisco's page for the client directs me to anyconnect.

Now to the question...can anyconnect even be used on IPSec tunnels? I see none of the pertinent configuration options and trying to connect to the public IP with anyconnect (using version 4.1.04) just throws an error about no valid certificate (duh, its not an SSL VPN).

I would ordinarily just set up an SSL VPN but they aren't licensed for it.

Kanwaljeet Singh · ‎04-28-2016

Hi,

AnyConnect client can be used to connect both SSL VPN as well as IKEv2 IPSec VPN.

I am pasting couple of links for your reference:

http://www.networkgalaxy.org/2013/07/ikev2-ipsec-remote-access-vpn-with.html

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/113692-technote-anyconnect-00.html

Let me know if you have any questions.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

mibricen · ‎05-02-2016

Hello c.holloway,

Indeed, AnyConnect can be used with IPSec using IKEv2 configuration. Below a document with configuration example.

https://supportforums.cisco.com/document/74111/asa-anyconnect-ikev2-configuration-example

Note that there are certain features(named client-services) like software and profile upgrades, customization, among others , that do require ssl for working. However, you may complete a pure IPSec configuration which will require manual deployment of .xml profiles and upgrades if you decide to not enable client-services.

Below the command reference, look for the "crypto ikev2 enable" command.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/c5.html

Regards,

Miguel