We are in a process of replacing Cisco IPSec (IKEv1) VPN client with Cisco Secure Anyconnect Mobility Client using SSL technology. We are pre-deploying the VPN client with the vpnconfiguration.xml file to the end users. In this way we control the VPN settings for the users. We have also provided the FQDN (resolvable on the Internet) of our ASA firewall (VPN Concentrator) in the vpnconfiguration.xml file.
When the user tries to connect using the vpnconfiguration.xml file he receives a message “invalid host entry. please re-enter”. Even if we put the IP address of the ASA firewall in the vpnconfiguration.xml file we get the same error message.
However if we manually enter the FQDN in the Cisco Secure Anyconnect Mobility Client.
I do notice it is missing the "<PrimaryProtocol>SSL</PrimaryProtocol>" (or it could say IPsec for an IKEv2 VPN) that I would also expect within the ServerList section. I have 20 profiles on my client (yes 20 - I've worked on lots of client networks remotely) and every one of them has the PrimaryProtocol field populated. Here is a link the to the Admin Guide reference on that section.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :