Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AnyConnect - How do these different protocols start the session?

This is a new deployment using AnyConnect.

Can someone help me understand how a client comes in and then different protocols build these sessions with either IKEv2 or else Clientless?

The Group-Policy does offer either, but what determines which is in use for that session?

Here the Connection Profile is named MAIN-POLICY, the group-policy is named MAIN-POLICY-SALES.

As you can see here, one connection was made using DTLS and the other by IKEv2 IPsecOverNatT.

Protocol     : Clientless SSL-Tunnel DTLS-Tunnel

License      : AnyConnect Premium

Encryption   : Clientless: (1)RC4  SSL-Tunnel: (1)RC4  DTLS-Tunnel: (1)AES128

Hashing      : Clientless: (1)SHA1  SSL-Tunnel: (1)SHA1  DTLS-Tunnel: (1)SHA1

Bytes Tx     : 16357028               Bytes Rx     : 9656538

Group Policy : Main-Policy-Sales              Tunnel Group : Main-Policy

Protocol     : IKEv2 IPsecOverNatT AnyConnect-Parent

License      : AnyConnect Premium

Encryption   : IKEv2: (1)AES256  IPsecOverNatT: (1)AES256  AnyConnect-Parent: (1)none

Hashing      : IKEv2: (1)SHA1  IPsecOverNatT: (1)SHA1  AnyConnect-Parent: (1)none

Bytes Tx     : 20605341               Bytes Rx     : 2373973

Group Policy : Main-Policy-Sales              Tunnel Group : Main-Policy