Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
686
Views
0
Helpful
0
Replies

ASA IPSec VPN - Apple Macos/IOS client works, but not AnyConnect

ronpiecyk
Level 1
Level 1

‎03-10-2021 07:20 AM

I have an ASA that I can connect to via VPN from any Apple IOS device using its Cisco IPSec client and also any MacOS computer using its Cisco IPSec VPN connection. However, I can't connect to it using AnyConnect, either from Windows or MacOS.

The error is:

Connection attempt has timed out. Please verify Internet connectivity.

The message history window shows the following:

9:17:48 AM Contacting 123.123.123.123.
9:18:01 AM Connection attempt has failed.
9:18:01 AM Unable to contact 12.123.123.123.

Is the AnyConnect client NOT able to connect to IPSec VPN? Below is crypto, tunnel group, and group-policy configs. Let me know if anyone has any thoughts. Thanks.

ASA5506X(config)# sh run cry
crypto ipsec ikev1 transform-set myset esp-aes-256 esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set myset
crypto map MY-CRYPTOMAP 1 match address SITE2SITE-ACL
crypto map MY-CRYPTOMAP 1 set peer 123.123.123.123
crypto map MY-CRYPTOMAP 1 set ikev1 transform-set myset
crypto map MY-CRYPTOMAP 1 set security-association lifetime kilobytes unlimited
crypto map MY-CRYPTOMAP 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map MY-CRYPTOMAP interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400

ASA5506X(config)# sh run tun
tunnel-group 123.123.123.123 type ipsec-l2l
tunnel-group 123.123.123.123 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group TESTTunnelGrp type remote-access
tunnel-group TESTTunnelGrp general-attributes
default-group-policy TESTGrpPol
tunnel-group TESTTunnelGrp ipsec-attributes
ikev1 pre-shared-key *****

ASA5506X(config)# sh run group-p
group-policy TESTGrpPol internal
group-policy TESTGrpPol attributes
dns-server value 8.8.8.8
vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL
default-domain value test.local
address-pools value TESTVPNPool
ASA5506X(config)#

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents