Re: IPSECv2 only client VPN

jeremy.renard · ‎11-09-2011

Hello,

I need to configure a VPN access for remote users. I need to use the Anyconnect client because of x64 users. I haev subscribed to the Anyconnect essential license.

I would like to know if there is a way to connect to the ASA using only IPSecV2, not SSL ?

My problem is that I cannot use the TCP 443 port because it is already used by another application, and I have only one public IP address.

Have you ever tried to do this with success ? In that case, could you provide the configuration I should setup ?

Thanks in advance

Jeremy

Richard Burts · ‎11-09-2011

Jeremy

I believe that it should be possible to do what you describe but I can not provide the configuration that you need since I have not actually done it your way. But I have done something similar and believe that it should work for you.

Configure the Remote Access VPN to use the AnyConnect client. Part of the group configuration is to specify the tunneling protocols. You should specify only the ikev2 option and not the ssl-client or ssl-clientless.

HTH

Rick

HTH

Rick

jeremy.renard · ‎11-10-2011

Hi Richard,

I have tried to configure the IPSecv2 only access with no success :(. The anyconnect client does not succeed to authenticate on the ASA. If I also enable the SSL access, eveything works fine (I have made those tests before the publication of the new application that requires the 443 port).

Then, if the client has associated once with the ASA, the IPSecv2 works fine... I have tried this with a client that has already been connected before the publication of the new application that uses the 443 port. So, the anyconnect client can do IPSecv2, but seems to need the SSL for the first association. Is there a specific parameter to configure in order to use only the IPSecv2, not SSL ?

Jeremy

jyoung · ‎11-09-2011

There is now a 64bit client VPN available. Save you the trouble and added config.

Sent from Cisco Technical Support iPhone App