Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
731
Views
0
Helpful
5
Replies

IPSEC IKEv2 Remote access VPN issue

sakatzidisgiwrgos
Level 1
Level 1

‎11-20-2023 08:12 AM - edited ‎11-20-2023 08:16 AM

Hello community.

I am trying to implement IPSEC IKEv2 Remote Access VPN on ASA.

I have followed the guide on the link below, but I can't make it work.

Also I created via ASA the IPSEC profile that the client downloads via Anyconnect

CLI Book 3: Cisco ASA Series VPN CLI Configuration Guide, 9.1 - Configuring Remote Access VPNs [Cisco ASA 5500-X Series Firewalls] - Cisco

When i try to connect to the server, the connection times out. If i enable the SSL access on the outside interface, I can connect to the VPN server but the authentication fails.

When I specify though on the group-policy the vpn tunnel protocol as ssl-client, it works as it should be but the tunnel is being built with a TLS/SSL handshake.

I have attached as a txt file the relevant configuration of the ASA.

Any help would be appreciated.

Thanks in advance.

 

 

Preview file
2 KB
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎11-20-2023 08:24 AM

You need to run the debug and see why is failing, what device you trying to connect

follow below simple steps :

https://www.packetswitch.co.uk/cisco-asa-anyconnect-vpn/

https://networklessons.com/cisco/asa-firewall/cisco-asa-anyconnect-remote-access-vpn

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

sakatzidisgiwrgos
Level 1
Level 1
In response to balaji.bandi

‎11-20-2023 08:30 AM

Hello bandi,

 

It is a Windows Client with Anyconnect.

I run the debug crypto ikev2 protocol 7 command on ASA, and when i try to connect, nothing appears on the screen.

I check the real time logging on ASDM, and the server initiates SSL handshake with the client.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to sakatzidisgiwrgos

‎11-20-2023 08:46 AM

check the guides i have suggested.also for IKEv2 below guide detailed step by step :

https://www.cisco.com/c/en/us/support/docs/security-vpn/webvpn-ssl-vpn/119208-config-asa-00.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MHM Cisco World
VIP
VIP

‎11-20-2023 08:31 AM - edited ‎11-20-2023 08:33 AM

Not work as I know 

Anyconnect ikev2 need certificate to work.

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/113692-technote-anyconnect-00.html

MHM

0 Helpful

Rob Ingram
VIP
VIP

‎11-20-2023 08:57 AM

@sakatzidisgiwrgos if you wish to use IKEv2/IPSec then you must configure an XML configuration profile and explictly enable the Primary Protocol as IPSec, otherwise it will use SSL/TLS as default. You can use the bulit-in profile editor in ASDM or download the AnyConnect Profile Editor to create the XML configuration profile. Example of configuration and XML profile requirements.

0 Helpful
Customers Also Viewed These Support Documents