Our company has an IPSec VPN Setup on a Cisco ASA 5505. We previously were using the Cisco VPN Client - Version 5.0.07.0410. Everything worked fine with this client up until now. The problem is it is not supported in our Virtual Machine environment and with our newest version of our ParaVirtualized network Drivers we are getting HMAC mismatch problems and failing to connect.
I created a .pcf file with the following information for the 5.0.07.0410 client:
Connection Entry: VC VPN
Host: xxx.xxx.xxx.xxx (IP address of the ASA VPN Interface)
- Name: Group Name
- Password: Pre-Shared Key password
- Enable Transport Tunneling
- IPSec over UDP (NAT/PAT)
I import this .pcf file into the client, client connects, prompted for AD username - all worked well.
We have currently run into a need to use the Cisco AnyConnect Secure Mobility Client (3.0.0629) - I have tried to use the profile editor for this AnyConnect client and I cannot get all of the options for the profile. I leave all the defaults for Preferences (Part1), Preferences (Part2), Backup Servers, Certificate Matching, Certificate Enrollment, and Mobility Policy.
On the Servers List, I click Add. I enter in the hostname, Host address (IP address of hostname) and group. There are no backup servers, I change primary protocol to IPSec, save the profile and place it in C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile (Win7). Open the AnyConnect Secure Mobility Client and the profile is loaded. Trying to connect returns "The VPN Agent is unable to establish a connection". From the ASA, I don't even see a connection attempt from the outgoing IP address. From the client, I can ping the ASA and connect to it with the regular VPN Client.
I cannot find a place to enter a pre-shared key in the profile editor.
The AnyConnect client also seems to not read .pcf files. Am I missing something here?
Attached is my DART Bundle from the failing client. Any help would be greatly appreciated!
AC uses IKEv2 (for IPsec) which is not yet supported on ASA. Support is planned for ASA 8.4 which is still at least a few weeks away.