Hello Guys,
I am working with @MriduD on this case and I will try to explain the scenario with our configs.
We have two Cisco 1121 routers (IOS-XE Version 17.09.03a) and we have configured Anyconnect IKEv2 remote VPN using the below link.
https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html
The Anyconnect works fine when we tested the connection individually in the client side for both the routers (primary and backup). Also, when we shutdown the primary link, we got the message saying "Failed connecting to 1.1.1.1, trying backup 2.2.2.2" and we got the login prompt for the backup router. After getting authenticated, we got the following error ""Automatic profile updates are disabled and the local VPN profile does not match the secure gateway VPN profile. Contact your system administrator."
The profile names are similar in both the routers and in the client computer as well i.e., acvpn.xml. Any alternate names did not help in establishing the VPN individually to these routers. We use the public IP instead of the FQDN under Server list -> Primary Server.
The primary router's VPN profile has only 1.1.1.1 configured and backup router's profile has 2.2.2.2. The client side VPN profile under Anyconnect folder of C:/ProgramData has 1.1.1.1 as primary and 2.2.2.2 as backup server (please refer 1.png and 2.png file).
Also, we tried adding the backup server IP in the "Backup servers" tab as well, but it didnt work (refer 3.png and 4.png file).
We see the failover is initiated from the client side but it is unable to connect to the router to profile mismatch I believe. Also, the following commands are disabled and the Bypassdownloader is set to True in the AnyconnectLocalPolicy XML profile.
Kindly review the attachments, configurations and any leads will be much appreciated.
