Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4220
Views
0
Helpful
2
Replies

Anyconnect client profile issues

Go to solution
eekman
Level 1
Level 1

‎10-11-2016 11:50 PM - edited ‎02-21-2020 09:00 PM

I've been fighting AnyConnect IKEv2 RA-VPN for a few days. I can't get it to work. The client always connect using SSL. If I disable SSL in the Connection Profile the client can't connect at all (it says "login mechanism not allowed" or something like that).

The changed the connection profile to "IPSec", but I get the feeling the client profile is not pushed to the client after the change.

Info about setup:

- I use ASA 9.4(2), on a 5515-x in failover config. AnyConnect client is version 4.3, on Windows.

- VPN is the only module used

- The local database is used atm, while experimenting (will use DAP later on when it's in production)

Is there a way to force an updated client profile to the client? I thought it was downloaded to the client when you try to login. Or is there a way to see the client profile on the client?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎10-12-2016 09:16 AM

Hi Erik Ekman,

You can check the profile on the client going to this path:

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

The profile should be downloaded or updated when you establish a connection with AnyConnect.

This config guide can help you a lot in case you are missing any step:

https://supportforums.cisco.com/document/74111/asa-anyconnect-ikev2-configuration-example

Hope this info helps!!

Rate if helps you!! 

-JP-

View solution in original post

0 Helpful
2 Replies 2

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎10-12-2016 09:16 AM

Hi Erik Ekman,

You can check the profile on the client going to this path:

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

The profile should be downloaded or updated when you establish a connection with AnyConnect.

This config guide can help you a lot in case you are missing any step:

https://supportforums.cisco.com/document/74111/asa-anyconnect-ikev2-configuration-example

Hope this info helps!!

Rate if helps you!! 

-JP-

0 Helpful

Go to solution
stsargen
Cisco Employee
Cisco Employee

‎10-18-2016 02:16 PM

Hi Erik,

If this is a pure IKEv2 environment and no SSL is allowed, the VPN profile will not be downloaded upon connection.  The VPNdownloader requires SSL access to the ASA to download the profile.  I would reccomend that you pre-deploy the client profile to the PC and test.

Steve S.

0 Helpful
Customers Also Viewed These Support Documents