ASA 8.4 and IPSEC Cisco VPN Client

WilberLaw · ‎02-01-2011

We have a number of remote employees who currently use the Cisco VPN Client (5.0.07.x and 5.0.06.x versions) to connect. From reading through the documentation for the new version 8.4 ASA firmware and the 3.0.x AnyConnect Secure Mobility Client, I see that these are both required to use the new IKE2 feature in 8.4.

If I were to upgrade now to 8.4, would my remote clients still be able to connect using the Cisco VPN Client and IKEv1?

jeffhochberg · ‎02-01-2011

I didn't realize that 8.4 was released!!!

WilberLaw · ‎02-01-2011

Yep, downloaded today. There's also ASDM 6.5. Just need to know about IPSEC backward compatibility. Would definately be an RGE if I upgraded and none of our remote folks could connect. :)

WilberLaw · ‎02-04-2011

Anybody know?

Gustavo Medina · ‎02-05-2011

Don't worry about the upgrade your VPN Clients still gonna work! we can still have IKEv1 policies on 8.4.

Regards.

m.kafka · ‎02-06-2011

Hi WilberLaw,

it's true that the new anyconnect will use IKEv2 but the ASA VPN server supports IKEv2 and IKE/ISAKMP in parallel, Both versions can coexist on the same configuration, even tunnel group. The IKE messages have different codes so the ASA can distinguish between incoming IKEv2 (Anyconnect) and IKE/ISAKMP (traditional IPsec client) and will respond with the correct IKE version.

I hope that clearifies you question.

Rgds,

MiKa