I believe that it should be possible to do what you describe but I can not provide the configuration that you need since I have not actually done it your way. But I have done something similar and believe that it should work for you.
Configure the Remote Access VPN to use the AnyConnect client. Part of the group configuration is to specify the tunneling protocols. You should specify only the ikev2 option and not the ssl-client or ssl-clientless.
I have tried to configure the IPSecv2 only access with no success :(. The anyconnect client does not succeed to authenticate on the ASA. If I also enable the SSL access, eveything works fine (I have made those tests before the publication of the new application that requires the 443 port).
Then, if the client has associated once with the ASA, the IPSecv2 works fine... I have tried this with a client that has already been connected before the publication of the new application that uses the 443 port. So, the anyconnect client can do IPSecv2, but seems to need the SSL for the first association. Is there a specific parameter to configure in order to use only the IPSecv2, not SSL ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...