Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5379
Views
0
Helpful
4
Replies

Windows IKEv2 Remote Access VPN with an ASA

Greg Focaccio
Level 1
Level 1

‎05-24-2017 05:31 AM - edited ‎02-21-2020 09:17 PM

Hi All,

I'd like to know if anyone has experience using the Windows built-it / native IKEv2 option to establish a remote access VPN connection with an ASA.

I know I am using general terms here and not being specific.  Perhaps it only works with Window 10 and ASA code versions above 

A Note in the introduction section of the following link seems to indicate that one can use Windows 7, but must be using ASA code 9.3(2)

http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115907-config-flexvpn-wcca-00.html

Can anyone verify this is correct in their experience?

Has anyone been able to get a remote access VPN established with Windows native IKEv2 and ASA?  (and not using ISE integrated services engine)

If so could you please share some config and/or links?

We are currently using a 5520 with 9.1(7)16  (beginning plans to upgrade to the -X series)

Thanks,

Greg

Labels:
0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎05-24-2017 08:41 PM

Only a sadistic person who loves having problems would go down this route.  it does work but is painful.

Trust me on this one - buy some AnyConnect licences (if you don't have them already) and use that approach.

0 Helpful

Greg Focaccio
Level 1
Level 1
In response to Philip D'Ath

‎05-25-2017 04:47 AM

Funny!  Yes, I did just upgrade the box from 2 to 10 Premium AnyConnect licenses and that is my preferred approach - which is already working.

I'm asking about Microsoft because I'd like to get that approach working as well -  even if it is painful.  We are working to automate and this approach would help.  I'm currently using local authentication, but will eventually be moving to LDAP authentication also.

Do you have any links or information about IKEv2 remote access VPNs with ASA?  What versions work or configs to share?

 

Thanks

0 Helpful

Greg Focaccio
Level 1
Level 1
In response to Philip D'Ath

‎05-25-2017 04:07 PM

Thanks Philip,

That is the second article that mentions: 

"for a Cisco Adaptive Security Appliance (ASA) Version 9.3.2 and later"

Seems like we are going to need to upgrade our ASA before IKEv2 is possible since the non -X ASA can not be upgraded beyond 9.1

0 Helpful
Customers Also Viewed These Support Documents