02-14-2016 07:08 PM
Hi Guys,
Good Day!
I want to use IKEv2 as the primary protocol of my RAVPN however, even though I configured the group-policy to ikev2 and the connection profile to IPSec, the AnyConnect client still uses SSL as its protocol. Should I have AnyConnect-Essential license for this to enable or I do have a misconfiguration?
Thanks
02-14-2016 07:58 PM
Hello,
Your definitely require a SSL license "now known as apex and plus" even if you use IPSEC as the protocol the connection will consume a license for Annyconnect Premium.
You can confirm if SSL or Ikev2 is in use with the command "show vpn-sessiondb detail anyconnect" look for protocol.
You can follow this documentation to review the configuration of your ASA:
http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/113692-technote-anyconnect-00.html
Regards, please rate!.
02-14-2016 08:27 PM
Hi Diego,
Good Day!
I mean I want to use IPSec instead of SSL as my primary protocol. As of now, I have a premium license and I configured my group-policy with ikev2 and configured my AnyConnect Connection Profile to have IPsec as my primary protocol. But the thing is, when my user connects to the VPN, it still uses SSL protocol instead of the IPSec.
Thanks.
02-14-2016 08:49 PM
Where do you see that SSL is still in use?
Is the XML profile downloaded to the user's computer? you need to make sure that the users are actually connecting with the profile on Anyconnect they shouldn't be entering the IP address or the domain of the ASA.
02-14-2016 08:53 PM
Hi Diego,
Good Day!
I saw it using the command "show vpn-sessiondb anyconnect" command. I also made sure that the AnyConnect profile that the client is using the updated profile with the IPSec as its primary protocol.
Thanks
02-14-2016 09:11 PM
Ok in that case review your configuration you got to be missing something the previous link provided will give you a configuration example, Make sure that the XML profile is listed under the group policy and global webvpn configuration
this documentations may also help:
https://supportforums.cisco.com/document/74111/asa-anyconnect-ikev2-configuration-example
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide