cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4214
Views
0
Helpful
2
Replies

Anyconnect client profile issues

eekman
Level 1
Level 1

I've been fighting AnyConnect IKEv2 RA-VPN for a few days. I can't get it to work. The client always connect using SSL. If I disable SSL in the Connection Profile the client can't connect at all (it says "login mechanism not allowed" or something like that).

The changed the connection profile to "IPSec", but I get the feeling the client profile is not pushed to the client after the change.

Info about setup:

- I use ASA 9.4(2), on a 5515-x in failover config. AnyConnect client is version 4.3, on Windows.

- VPN is the only module used

- The local database is used atm, while experimenting (will use DAP later on when it's in production)

Is there a way to force an updated client profile to the client? I thought it was downloaded to the client when you try to login. Or is there a way to see the client profile on the client?

1 Accepted Solution

Accepted Solutions

JP Miranda Z
Cisco Employee
Cisco Employee

Hi Erik Ekman,

You can check the profile on the client going to this path:

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

The profile should be downloaded or updated when you establish a connection with AnyConnect.

This config guide can help you a lot in case you are missing any step:

https://supportforums.cisco.com/document/74111/asa-anyconnect-ikev2-configuration-example

Hope this info helps!!

Rate if helps you!! 

-JP-

View solution in original post

2 Replies 2

JP Miranda Z
Cisco Employee
Cisco Employee

Hi Erik Ekman,

You can check the profile on the client going to this path:

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

The profile should be downloaded or updated when you establish a connection with AnyConnect.

This config guide can help you a lot in case you are missing any step:

https://supportforums.cisco.com/document/74111/asa-anyconnect-ikev2-configuration-example

Hope this info helps!!

Rate if helps you!! 

-JP-

stsargen
Cisco Employee
Cisco Employee

Hi Erik,

If this is a pure IKEv2 environment and no SSL is allowed, the VPN profile will not be downloaded upon connection.  The VPNdownloader requires SSL access to the ASA to download the profile.  I would reccomend that you pre-deploy the client profile to the PC and test.

Steve S.