Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
1
Replies

Cisco AnyConnect IPSec/SSL Connection

mikiNet
Level 1
Level 1

‎10-23-2025 04:05 AM

Hi Team!

I have a question for you — is it possible to configure AnyConnect to work in the following way:
First, it tries to establish a connection using IPSec, but if it cannot (for example, because the user is at an airport where UDP ports 500/4500 are blocked), and after 2–3 failed attempts, it would then automatically try to establish a connection using SSL?

Or is it necessary to create separate tunnel-groups and group-policies for each connection method?

Labels:
0 Helpful
1 Reply 1

bweber1
Level 1
Level 1

‎11-09-2025 10:52 PM

Unfortunately, AFAIK the answer is no. AnyConnect will not fail-over to the SSL VPN if the IPsec tunnel is down or blocked. You have to create separate tunnel-groups for each transport method, which allows users to toggle between tunnel-groups if IKEv2 ports are blocked.

 

0 Helpful
Customers Also Viewed These Support Documents