If your new group policy specifies ONLY IKEv2 and is your client AnyConnect 3.0, you should get an IKEv2 connection. You can check it in the client - click "Advanced" link and choose Statistics in the resultant window. (In ASDM, "Monitoring, VPN Sessions, Statistics" will show an active session under Anyconnect Client IKEv2 IPSec as well.)
If you verified the settings but are still not getting an IKEv2 connection, please post the configuration.
I'm not sure what you're asking about the old Cisco VPN Client for IPSec. It doesn't support IKEv2.
I'm not sure about my client only trying Ikev2 though ... in a nutshell, new config is below. (I'm not adding parts that are shared with other profiles as ip_pools, as those are not relevant for the case)
- I have Annyconnect 3.0.5 installed on my PC, which I installed as standalone (not distributed from ASA)
- I open it up and connect to the ASA using a URL
- Different profiles show up. I chose the one I'm using for testing IKEv2
- enter username and password, and it connects
When I check on ASA, there's no vpn connected using IKEv2. The connection I just made, shows on the monitoring tab as being a SSL connection
Yes, I do have the profile on the flash of the device
Now, some weird things.
a) the profile is never transferred to my local machine. I don't find any .xml on the "Cisco AnyConnect VPN Client"
b) the strangest thing is that on ASDM, when I create or edit the Annyconnect client profile, it doesn't look same as the standalone profile editor I installed on my PC from the Annyconnect 3.0.5 installatin ISO. On the one I have on my PC, I can define I want to use IPSEC on the list of servers, while on the ASDM I don't have that option. It's quite different
I tried to upload the profile I created locally to the ASA, but after it, it says there's an error as it doesn't recognize the XML tags for host entry
I am lost and planning to start all over on a fresh ASA, but I can't believe that would help
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :