I want to use IKEv2 as the primary protocol of my RAVPN however, even though I configured the group-policy to ikev2 and the connection profile to IPSec, the AnyConnect client still uses SSL as its protocol. Should I have AnyConnect-Essential license for this to enable or I do have a misconfiguration?
Your definitely require a SSL license "now known as apex and plus" even if you use IPSEC as the protocol the connection will consume a license for Annyconnect Premium.
You can confirm if SSL or Ikev2 is in use with the command "show vpn-sessiondb detail anyconnect" look for protocol.
You can follow this documentation to review the configuration of your ASA:
Regards, please rate!.
I mean I want to use IPSec instead of SSL as my primary protocol. As of now, I have a premium license and I configured my group-policy with ikev2 and configured my AnyConnect Connection Profile to have IPsec as my primary protocol. But the thing is, when my user connects to the VPN, it still uses SSL protocol instead of the IPSec.
Where do you see that SSL is still in use?
Is the XML profile downloaded to the user's computer? you need to make sure that the users are actually connecting with the profile on Anyconnect they shouldn't be entering the IP address or the domain of the ASA.
I saw it using the command "show vpn-sessiondb anyconnect" command. I also made sure that the AnyConnect profile that the client is using the updated profile with the IPSec as its primary protocol.
Ok in that case review your configuration you got to be missing something the previous link provided will give you a configuration example, Make sure that the XML profile is listed under the group policy and global webvpn configuration
this documentations may also help: