Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2096
Views
0
Helpful
2
Replies

ASA 5505 - IKEv2 remote VPN

frankorado
Level 1
Level 1

‎01-25-2016 01:19 AM

Hello,

I need help with configuring IKEv2 remote VPN on Cisco ASA 5505 (ASA version 9.2.4). Is it possible on this version to connect from native Microsoft Windows client (and any other standard-based IKEv2) or only from Cisco Anyconnect client?

Thank you.

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎01-25-2016 03:15 AM

Never tried it with anything else than AnyConnect, but at least the release notes state that the compatibility with third party clients started with 9.3(2) which is not available for the legacy ASAs:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/release/notes/asarn93.html#53205

0 Helpful

jagmeesi
Level 1
Level 1

‎01-25-2016 08:15 AM

It is supported for the ASA version => 9.3.2,But you have to keep the following in mind:

Neither the IKEv2 VPN client in Windows 7 nor on Windows 8 support pre-shared-keys for authentication purposes.

The clients supports authentication using machine store certificate(not user cert store) or the EAP with methods that use either EAP-MSCHAPv2 or with the certificate it uses user store  certificates EAP-TLS.

one of the examples for the same (EAP-MSCHAPv2) this example shows ISE being used as the RADIUS though i have tested it working with Free-Radius as well:

http://www.cisco.com/c/en/us/support/docs/security-vpn/webvpn-ssl-vpn/119208-config-asa-00.html

I hope it will help

Regards

Jagmeet

0 Helpful
Customers Also Viewed These Support Documents