cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
817
Views
0
Helpful
5
Replies

Use IKEv2 not SSL as RAVPN

fatalXerror
Level 5
Level 5

Hi Guys,

Good Day!

I want to use IKEv2 as the primary protocol of my RAVPN however, even though I configured the group-policy to ikev2 and the connection profile to IPSec, the AnyConnect client still uses SSL as its protocol. Should I have AnyConnect-Essential license for this to enable or I do have a misconfiguration?

Thanks

5 Replies 5

Diego Lopez
Level 1
Level 1

Hello,

Your definitely require a SSL license "now known as apex and plus" even if you use IPSEC as the protocol the connection will consume a license for Annyconnect Premium.

You can confirm if SSL or Ikev2 is in use with the command "show vpn-sessiondb detail anyconnect" look for protocol.

You can follow this documentation to review the configuration of your ASA:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/113692-technote-anyconnect-00.html

Regards, please rate!.

Hi Diego,

Good Day!

I mean I want to use IPSec instead of SSL as my primary protocol. As of now, I have a premium license and I configured my group-policy with ikev2 and configured my AnyConnect Connection Profile to have IPsec as my primary protocol. But the thing is, when my user connects to the VPN, it still uses SSL protocol instead of the IPSec.

Thanks.

Where do you see that SSL is still in use? 

Is the XML profile downloaded to the user's computer? you need to make sure that the users are actually connecting with the profile on Anyconnect they shouldn't be entering the IP address or the domain of the ASA.

 

Hi Diego,

Good Day!

I saw it using the command "show vpn-sessiondb anyconnect" command. I also made sure that the AnyConnect profile that the client is using the updated profile with the IPSec as its primary protocol.

Thanks

Ok in that case review your configuration you got to be missing something the previous link provided will give you a configuration example, Make sure that the XML profile is listed under the group policy and global webvpn configuration

this documentations may also help:

https://supportforums.cisco.com/document/74111/asa-anyconnect-ikev2-configuration-example

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: