cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
473
Views
0
Helpful
5
Replies
Highlighted
Explorer

Use IKEv2 not SSL as RAVPN

Hi Guys,

Good Day!

I want to use IKEv2 as the primary protocol of my RAVPN however, even though I configured the group-policy to ikev2 and the connection profile to IPSec, the AnyConnect client still uses SSL as its protocol. Should I have AnyConnect-Essential license for this to enable or I do have a misconfiguration?

Thanks

5 REPLIES 5
Highlighted
Beginner

Hello,

Hello,

Your definitely require a SSL license "now known as apex and plus" even if you use IPSEC as the protocol the connection will consume a license for Annyconnect Premium.

You can confirm if SSL or Ikev2 is in use with the command "show vpn-sessiondb detail anyconnect" look for protocol.

You can follow this documentation to review the configuration of your ASA:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/113692-technote-anyconnect-00.html

Regards, please rate!.

Highlighted
Explorer

Hi Diego,

Hi Diego,

Good Day!

I mean I want to use IPSec instead of SSL as my primary protocol. As of now, I have a premium license and I configured my group-policy with ikev2 and configured my AnyConnect Connection Profile to have IPsec as my primary protocol. But the thing is, when my user connects to the VPN, it still uses SSL protocol instead of the IPSec.

Thanks.

Beginner

Where do you see that SSL is

Where do you see that SSL is still in use? 

Is the XML profile downloaded to the user's computer? you need to make sure that the users are actually connecting with the profile on Anyconnect they shouldn't be entering the IP address or the domain of the ASA.

 

Highlighted
Explorer

Hi Diego,

Hi Diego,

Good Day!

I saw it using the command "show vpn-sessiondb anyconnect" command. I also made sure that the AnyConnect profile that the client is using the updated profile with the IPSec as its primary protocol.

Thanks

Highlighted
Beginner

Ok in that case review your

Ok in that case review your configuration you got to be missing something the previous link provided will give you a configuration example, Make sure that the XML profile is listed under the group policy and global webvpn configuration

this documentations may also help:

https://supportforums.cisco.com/document/74111/asa-anyconnect-ikev2-configuration-example