cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2363
Views
5
Helpful
2
Replies

Anyconnect - Ipsec primary ssl backup?

mraljevic
Level 1
Level 1

Hi,

so what I would like to implement is IPsec as primary protocol and SSL as backup. Would this be possible?

Both IPsec and SSL/DTLS are enabled on the ASA.

The client can establish the SSL connection and once the Profile is updated so that IPsec is the primary protocol it is no longer possible.

We see that once we block the IPsec ports that the client starts the SSL connection but then just drops the connection. 

Any input would be very wellcome.

2 Accepted Solutions

Accepted Solutions

GioGonza
Level 4
Level 4

Hello @mraljevic

 

That feature is not enabled on the ASA, you cannot perform that change. Choosing the protocol to use is either IPSec/SSL but you cannot implement a fallback in case the primary goes down. 

 

This is the information you have from Cisco:

 

Primary Protocol—Specifies the protocol for connecting to this server, either SSL or IPsec with IKEv2. The default is SSL.

 

Link for reference: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/anyconnect-profile-editor.html#ID-1430-00000061

 

HTH

Gio

View solution in original post

2 Replies 2

GioGonza
Level 4
Level 4

Hello @mraljevic

 

That feature is not enabled on the ASA, you cannot perform that change. Choosing the protocol to use is either IPSec/SSL but you cannot implement a fallback in case the primary goes down. 

 

This is the information you have from Cisco:

 

Primary Protocol—Specifies the protocol for connecting to this server, either SSL or IPsec with IKEv2. The default is SSL.

 

Link for reference: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/anyconnect-profile-editor.html#ID-1430-00000061

 

HTH

Gio

Thanks GioGonza!