Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3701
Views
0
Helpful
4
Replies

VPN Client : support IPSEC IKev1 & IKev2 simultaneously

Go to solution
FREDERIC FABRE
Level 1
Level 1

‎01-08-2018 02:21 AM - edited ‎03-12-2019 04:53 AM

Hello,

My purpose is to have a VPN configuration working for IPSEC IKEv1 and IKEV2 Client (VPN Cisco client & Cisco Anyconnect Secure Mobility Client).

Is it possible to connect our Anyconnect client with a pre-shared key without using Webvpn or an SSL certificate? In the same way as I do with the VPN Cisco client ?

Note : I don't want my firewall to be visible from the internet and my Cisco client VPN works well with IKEv1.

Thanking you in advance.

Romain

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni
In response to FREDERIC FABRE

‎01-08-2018 06:36 AM

In order to close the web portal for all tunnels, you could use:

webvpn

 keepout "your message"

The page will still be accessible, but unusable. 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/jk.html

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni

‎01-08-2018 03:03 AM

Hi Romain,

Unfortunately anyconnect does not support pre-shared key configuration.

There are other options available for anyconnect like 2 factor authentication, if security is a concern.

You could have 2 vpn tunnels one for anyconnect and one for vpn client, in order to maintain the old vpn client.

 

I am not sure what you mean by: "I don't want my firewall to be visible from the internet", maybe you can explain.

 

HTH

Bogdan

0 Helpful

Go to solution
FREDERIC FABRE
Level 1
Level 1
In response to Bogdan Nita

‎01-08-2018 06:04 AM

Hi Bogdan,

Thanks for your response.

Yes, I want to maintain the old vpn client and the L2TP client.

To be more precise, when I've implemented IPSEC Ikev1 and L2TP on my ASA, I didn't have to used the SSL protocol or a certificate to authenticate my user. I just needed to create crypto / groups / tunnels / local users and set up my VPN clients.

Now I try to do the same thing namely implement the Cisco Anyconnect Secure Mobility Client with IPSEC IKEv2 for a local user. But I don't want a WEB portal or certificate to be available when I try to contact my firewall from the outside. I don't want to be able to type https://mon_asa and reach it, I want to set up my Cisco Anyconnect Client and connect on my firewall directly. Is that possible with IKEv2?

I hope to be quite specific. Thanks.

 

Romain

0 Helpful

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni
In response to FREDERIC FABRE

‎01-08-2018 06:36 AM

In order to close the web portal for all tunnels, you could use:

webvpn

 keepout "your message"

The page will still be accessible, but unusable. 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/jk.html

0 Helpful

Go to solution
FREDERIC FABRE
Level 1
Level 1
In response to Bogdan Nita

‎01-09-2018 04:56 AM

Hello,

 

Thank you Bogdan, your post helped me..

 

Romain.

0 Helpful
Customers Also Viewed These Support Documents