Solved: IPsec (IKEv2) with AnyConnect

learnsec · ‎03-28-2014

Dears,

the current configuration on the group policy attributes is to allow anyconnect through IPSEC and SSL (svc). if i disable svc by configuring the following:

group-policy test attributes

vpn-tunnel-protocol IPsec l2tp-ipsec

the CiscoAnnyconnect app does not work with "Login Failed, unauthorised connection mechanism, contact your admin".

my initial config is

webvpn

enable Outside

svc image disk1:/anyconnect-win-3.1.04072-k9.pkg 1

svc enable

group-policy test attributes

vpn-tunnel-protocol IPSec l2tp-ipsec svc

split-tunnel-policy tunnelall

webvpn

svc keep-installer installed

svc rekey time none

svc rekey method ssl

svc dpd-interval client 120

svc ask none default svc

smart-tunnel disable

with ios asa805-20-k8

can you please advise how to force the usage of only ipsec with the Cisco anyconnect application?

thx,

Marvin Rhoads · ‎03-28-2014

IPsec (IKEv2) with AnyConnect Secure Mobility Client requires ASA software 8.4(1) or later. Your 8.0(5.20) release does not support IKEv2.

Once you have an upgraded system to work on, please see the following posting that gives a complete guide to configuring a remote access VPN using IKEv2:

https://supportforums.cisco.com/document/74111/asa-anyconnect-ikev2-configuration-example

Hope this helps, please rate if it does.

View solution in original post

Marvin Rhoads · ‎03-28-2014

IPsec (IKEv2) with AnyConnect Secure Mobility Client requires ASA software 8.4(1) or later. Your 8.0(5.20) release does not support IKEv2.

Once you have an upgraded system to work on, please see the following posting that gives a complete guide to configuring a remote access VPN using IKEv2:

https://supportforums.cisco.com/document/74111/asa-anyconnect-ikev2-configuration-example

Hope this helps, please rate if it does.

Restrict Anyconnect to IPSEC