I just found out about this today. We apparently have a legacy asa that provides internet vpn capability to some remote users cisco ip phones using the old ipphone anyconnect technology. That asa is ancient, it cannot even be upgraded anymore. There have been some ugly asa vulnerabilities in the last few months and this thing needs to go. I am not interested in firepower. I need to come up with a better solution to handle these phones, has anyone else ran into this before? How did you handle it?
So this post doesn't get flagged as low effort, I have determined AnyConnect's IKEv2 mode only works against Cisco gear, AnyConnect uses an EAP scheme called "EAP-AnyConnect". The only devices that implement that are - you guessed it - Cisco.
The IKEv2 is also somewhat proprietary: https://wiki.strongswan.org/issues/2173
No comments:
Post a Comment