Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1692
Views
0
Helpful
9
Replies

Anyconnect Switching from SSL to IPSec

avilt
Level 3
Level 3

‎08-26-2013 12:19 AM - edited ‎02-21-2020 07:06 PM

I have just tried Anyconnect on a new ASA appliance, I am able to connect using Web and the client image is deployed. Now I would like to switch to IPSec mode instead of SSL mode. On the ASA side I have removed SSL from the connection profile. From the client side how can I force the client to use IPSec?

Labels:
0 Helpful
9 Replies 9

Karsten Iwen
VIP
VIP

‎08-26-2013 03:31 AM

You have to create an AnyConnect-Profile where you specify IPSec as the Security-Mechanism. This profile has to be attached to your groups. The steps to do that are described in the AnyConnect Admin-Guide:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac03vpn.html

If you need more help with that, just ask.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

avilt
Level 3
Level 3
In response to Karsten Iwen

‎08-26-2013 05:05 AM

I have enabled it at the Connection Profile ans also at the external interface. But still it does not work.

0 Helpful

Karsten Iwen
VIP
VIP
In response to avilt

‎08-26-2013 05:29 AM

that is not enough. You have to configure the AnyConnect Client-Profile.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

avilt
Level 3
Level 3
In response to Karsten Iwen

‎08-26-2013 05:41 AM

I have defined AnyConnect Client-Profile as well. Where do I define the IPSec settings in the

AnyConnect Client-Profile?

0 Helpful

Karsten Iwen
VIP
VIP
In response to avilt

‎08-26-2013 05:46 AM

There are no IPSec-Settings in the client profile. The IKEv2-config is in the ASA-config. Do you have that in place like in that example:

http://www.cisco.com/en/US/products/ps10884/products_tech_note09186a0080bd8106.shtml

There they have also certificates, but you can ignore that if you only use passwords.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

avilt
Level 3
Level 3
In response to Karsten Iwen

‎08-26-2013 06:01 AM

Where do I define that in ASDM?

0 Helpful

Karsten Iwen
VIP
VIP
In response to avilt

‎08-26-2013 06:14 AM

the easiest way is to run the AnyConnect VPN Wizard. With that, all the needed parameters are added to your config. You also can run that wizard with an alerady configured ASA

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

avilt
Level 3
Level 3
In response to Karsten Iwen

‎08-26-2013 06:26 AM

Let me try that again.

From the client side how can I force the client to use IPSec IKE V2 and not SSL?

0 Helpful

Karsten Iwen
VIP
VIP
In response to avilt

‎08-26-2013 06:34 AM

It's not ment to be done from the client-side. It should be done from the ASA-side. If you really want to tweak that from the client-side, you can manually place a profile in to the profilles-directory on the client. You find a sample-profile in the last link that I posted.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents