11-20-2023 08:12 AM - edited 11-20-2023 08:16 AM
Hello community.
I am trying to implement IPSEC IKEv2 Remote Access VPN on ASA.
I have followed the guide on the link below, but I can't make it work.
Also I created via ASA the IPSEC profile that the client downloads via Anyconnect
When i try to connect to the server, the connection times out. If i enable the SSL access on the outside interface, I can connect to the VPN server but the authentication fails.
When I specify though on the group-policy the vpn tunnel protocol as ssl-client, it works as it should be but the tunnel is being built with a TLS/SSL handshake.
I have attached as a txt file the relevant configuration of the ASA.
Any help would be appreciated.
Thanks in advance.
11-20-2023 08:24 AM
You need to run the debug and see why is failing, what device you trying to connect
follow below simple steps :
https://www.packetswitch.co.uk/cisco-asa-anyconnect-vpn/
https://networklessons.com/cisco/asa-firewall/cisco-asa-anyconnect-remote-access-vpn
11-20-2023 08:30 AM
Hello bandi,
It is a Windows Client with Anyconnect.
I run the debug crypto ikev2 protocol 7 command on ASA, and when i try to connect, nothing appears on the screen.
I check the real time logging on ASDM, and the server initiates SSL handshake with the client.
11-20-2023 08:46 AM
check the guides i have suggested.also for IKEv2 below guide detailed step by step :
https://www.cisco.com/c/en/us/support/docs/security-vpn/webvpn-ssl-vpn/119208-config-asa-00.html
11-20-2023 08:31 AM - edited 11-20-2023 08:33 AM
Not work as I know
Anyconnect ikev2 need certificate to work.
MHM
11-20-2023 08:57 AM
@sakatzidisgiwrgos if you wish to use IKEv2/IPSec then you must configure an XML configuration profile and explictly enable the Primary Protocol as IPSec, otherwise it will use SSL/TLS as default. You can use the bulit-in profile editor in ASDM or download the AnyConnect Profile Editor to create the XML configuration profile. Example of configuration and XML profile requirements.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide