anyconnect-ipsec

elite2010 · ‎01-12-2016

Hi,

Anyconnect vpn -Is there a way to put double authentication .Planning to use AD authentication through ISE .

?

Or is there something like tunnel password like the old client ?

Thanks

ramyraj2 · ‎01-13-2016

Hi Elite2010,

You can use certificates along with other means of authentication to achieve dual factor authentication.

You can also refer the below link :

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116111-11611-config-double-authen-00.html

Let me know if that helps!

Marvin Rhoads · ‎01-13-2016

Sure - you can use two factor authentication (2FA) with AnyConnect. The usual scenario is something like AD + RSA SecureID or AD + external 2FA service like Duo Security.

Duo has some outstanding configuration guides for setting up a Cisco AnyConnect SSL VPN (both client-based and clientless). You can look there and get how it's setup in general from what they do:

https://duo.com/support/documentation/cisco

Most people use AnyConnect as a remote access SSL VPN but you can also configure it with IPsec IKEv2 as the transport.

cj-padiak · ‎10-29-2025

Hello,

In migrating our AnyConnect from SSL to IPsec on an old ASA5512, we are having trouble getting the AnyConnect client to contact the ASA thru IPsec. The client doesn't have a .xml file to add IPsec as the PrimaryProtocol, only a .xsd file. After configuring the new IPsec tunnel-group, I was assuming that a new IPsec .xml profile would have been downloaded to their AnyConnect client upon their next connection through SSL. But there are no new dropdowns in the AnyConnect client.

I realize that the dropdown choices are alias names configured under webvpn-attributes, but WebVPN is for SSL not IPsec.

Thanks!

cj-padiak · ‎10-31-2025

Hello again,

I found that I needed to use the ASDM to create and edit a new AnyConnect Client Profile which then showed up in flash. I exported the profile and the client placed it in their Secure Client Profile folder.

Thanks!