IKEV2 with anyconnect secure mobility client 3.1

Hello guys!

Lately I configure a VPN implementation using IKEv2. the goal is to establish a VPN connection between the router and a remote client that is "anyconnect"

Unfortunately it doesn't work  and i don't know really  where is the problem [:(] if there is someone can help me i'll be gratefull.

this is my config:

crypto pki truspoint flexvpn-CA

enrollment selfsigned


ip addres

subject-name cn=flex-hub.jarsfe.test.ma

revocation-check none

crypto pki certificate map CMAP 10



ip local pool AC

crypto ikev2 authorization policy AC

pool AC

crypto ikev2 proposal pro

encryption 3des aes-cbc-128

integrity sha1

group 5 2


crypto ikev2 policy POL

match fvrf any 

proposal PRO


crypto ikev2 profile PRO

match certificate CMAP

identity local dn

authentication remote rsa-sig

authentication local rsa-sig

pki trustpoint flexvpn-CA

aaa authorization group cert list default AC

virtual-template 1

no crypto ikev2 http-url cert


crypto ipsec transform-set TRA  esp-3des esp-sha512-hmac


crypto ipsec profile PRO

set transform-set TRA

set ikev2-profile PRO


interface virtual-template1 type tunnel

ip unnumbered f0/1

tunnel mode ipsec ipv4

tunnel protection ipsec profile PRO


Sign In or Register to comment.