Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
527
Views
1
Helpful
2
Replies

Cisco AnyConnect IPSec/SSL Connection

mikiNet
Level 1
Level 1

‎10-23-2025 04:05 AM

Hi Team!

I have a question for you — is it possible to configure AnyConnect to work in the following way:
First, it tries to establish a connection using IPSec, but if it cannot (for example, because the user is at an airport where UDP ports 500/4500 are blocked), and after 2–3 failed attempts, it would then automatically try to establish a connection using SSL?

Or is it necessary to create separate tunnel-groups and group-policies for each connection method?

Labels:
0 Helpful
2 Replies 2

Ben Weber
Level 1
Level 1

‎11-09-2025 10:52 PM

Unfortunately, AFAIK the answer is no. AnyConnect will not fail-over to the SSL VPN if the IPsec tunnel is down or blocked. You have to create separate tunnel-groups for each transport method, which allows users to toggle between tunnel-groups if IKEv2 ports are blocked.

 

- BW
Please rate posts if they have been helpful.

Aref Alsouqi
VIP
VIP

‎11-10-2025 06:09 AM

I agree with @Ben Weber, it's been my experience that there is no such a failover from IPsec to SSL, however, there is a failover mechanism with SSL VPN if port 443/udp in not allowed, in that case the SSL VPN will stick with port 443 in TCP. May I ask why would you want to use IPsec rather than SSL?

0 Helpful
Customers Also Viewed These Support Documents