11-20-2017 01:15 AM - edited 03-12-2019 06:23 PM
Hi,
so what I would like to implement is IPsec as primary protocol and SSL as backup. Would this be possible?
Both IPsec and SSL/DTLS are enabled on the ASA.
The client can establish the SSL connection and once the Profile is updated so that IPsec is the primary protocol it is no longer possible.
We see that once we block the IPsec ports that the client starts the SSL connection but then just drops the connection.
Any input would be very wellcome.
Solved! Go to Solution.
11-20-2017 11:07 AM
Hello @mraljevic,
That feature is not enabled on the ASA, you cannot perform that change. Choosing the protocol to use is either IPSec/SSL but you cannot implement a fallback in case the primary goes down.
This is the information you have from Cisco:
Primary Protocol—Specifies the protocol for connecting to this server, either SSL or IPsec with IKEv2. The default is SSL.
HTH
Gio
11-30-2017 01:03 AM
11-20-2017 11:07 AM
Hello @mraljevic,
That feature is not enabled on the ASA, you cannot perform that change. Choosing the protocol to use is either IPSec/SSL but you cannot implement a fallback in case the primary goes down.
This is the information you have from Cisco:
Primary Protocol—Specifies the protocol for connecting to this server, either SSL or IPsec with IKEv2. The default is SSL.
HTH
Gio
11-30-2017 01:03 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide