As promised, this post provides the second part of my experiences using the AnyConnect® 3.0 client with IKE version 2. This research was conducted using an ASA5520 with OS version 8.4(1) and ASDM version 6.4(1). Rather than illustrate a “how to” guide for a successful implementation (which is what I did in Part I), this follow-up will provide troubleshooting and research into an (as-of-yet) unsupported capability of the IKEv2 protocol.

Almost a year ago I posted a two-part series on IKE version 2 about the protocol and some fundamental implementation principles on the Cisco IOS® router. With the announcement toward the end of last year of AnyConnect® Secure Mobility Client version 3.0 along with this year’s availability of ASA OS 8.4 and 8.5, discussion of the security appliance implementation of IKEv2 is timely. Due to the volume of information, I’ll again separate this post into two parts.

This week’s post came at the (unknown to him!) encouragement from another Cisco instructor who mentioned that this product was available for download from Cisco Connection Online (CCO). The phrase in the title above “product for the future” is my own choice of words and certainly not any marketing language from Cisco Systems.

Just last week Cisco Systems announced the availability of the new version of the well-received AnyConnect VPN Client, now referred to as the Cisco AnyConnect Secure Mobility Client. I wanted to take a few paragraphs here to discuss the new features and direction for this product in light of past offerings. The first new feature […]

On April 13, Cisco Systems officially posted a 64-bit version of its popular IPSec VPN Software Client. (Unofficially, this was available in Beta from an unpublicized source). This very welcome and requested enhancement came even to the surprise of former students of mine who are Cisco Systems employees! This post will briefly comment on the impact […]

Unlike the Cisco IPSec VPN Client which relies upon .pcf (pre-configuration) files, the AnyConnect SSL VPN client utilizes XML-formatted profiles. This article will briefly discuss how such profiles can be created and stored on your ASA security appliance. First of all, Cisco was kind enough to provide an XML Profile Editor for use with their […]

A recent optional deployment of the Cisco AnyConnect® SSL VPN client is the choice to use a Diagnostic And Reporting Tool, or DART for short. This post will focus on what this tool provides as well as stepping through its installation process. The installation of the DART functionality can be accomplished either one of two basic […]

I recently was presented with the challenge of logging ALL of the pertinent connection, disconnection, and termination messages associated with the Cisco SSL AnyConnect client without overwhelming the syslog capture display with extraneous messages. This blog will briefly outline the applicable log messages and what they do, along with some screenshots displaying both the provisioning in […]

During a visit to a client last fall I encountered an interesting default property of some of the popular cellular wireless adapters marketed by such providers as AT&T, Sprint, and Verizon. Before I reveal what that property is, let me “set the stage” to depict the problem that the client was having. As the accompanying traces […]

The last blog entry I did we discussed re-skinning the Cisco AnyConnect VPN client. Since my current thoughts are still on the AnyConnect, I thought about tossing out some helpful hints regarding the AnyConnect profiles. Over the past few ASA courses, I’ve been asked about SSL VPN Profiles and if the option to configure profiles […]