Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Problem with AnyConnect IPSEC IKEV2 connections!

Hello Experts,

      I have noticed and tested that Cisco IPSEC VPN IKEV1 works well through an IPSEC tunnel. However cisco IPSEC IKEV2 with AnyConnect fails to establish when passing through an IPSEC tunnel. What are the differences in protocols and port numbers which makes them different. In Cisco release notes I have read that we have to set the MTU to 1200 for IKEV2. I have done this and still no luck.

To clarify I explain a little bit about the scenario: (Please see the attached diagram)

        Users in location A, need to VPN to the ASA VPN concentrator in location B. Connection from location A to location B is through internet and there is already an IPSEC tunnel established via edge routers between location A and location B. users have two VPN clients. One is the cisco VPN client configured for IKEV1 and the other is Cisco AnyConnect client which is configured for IPSEC IKEV2. At this time all the tests are about IPSEC. SSL VPN is NOT the goal at this stage.   Here is what is happening:

a.       Users trying with cisco vpn client and IPsec IKEV1 are successfully connecting.

b.      Users trying with Cisco AnyConnect client and IPsec IKEV2 fail to even receive the prompt for credentials. The connection fails in IKE_SA_INIT stage.

c.       If the same user with Cisco AnyConnect client, tries from home to connect to ASA VPN concentrator at location B, all is good and successful. (probably because there is no extra IPSEC tunnel in the inetenet for the AnyConnect to pass through, but why cisco VPN client can establish an ipsec tunnel through an ipsec tunnel, but Anyconnect fails to establish an ipsec tunnel through an ipsec tunnel. The only difference I know is that the cisco VPN client is using IKEV1 and Cisco AnyConnect is using IKEV2, but does this make any difference in terms of ports and protocols across network?) Please see attached diagram.

Thank you,

Razi

1393
Views
0
Helpful
0
Replies
CreatePlease to create content