[c-nsp] Anyconnect VPN on IOS that supports TLS 1.2
Lukas Tribus
lists at ltri.eu
Fri Aug 7 15:05:28 EDT 2020
Hello,
On Fri, 7 Aug 2020 at 19:46, Chuck Church <chuckchurch at gmail.com> wrote:
>
> Hey all,
>
>
>
> I've got a small company I support occasionally that deploys
> Anyconnect VPN service on small ISR G2 models for customers. It seems that
> recently Chrome and it seems like Edge and IE are not allowing connections
> to TLS 1.0 or anything SSL. It appears that based on googling this is a
> known issue, that was resolved on ASA with a recent 9.x release. Anyone
> know a work-around for IOS 15.x? Once the users of the VPN login once to
> the portal page then can install the anyconnect client and never use the
> browser again. But that first time is an issue. The configs are good,
> works fine on older Firefox versions.
While CSCuv27265 ("ENH: Enable support for TLSv1.1 & TLSv1.2 for http
secure server/client") is fixed in 15.5(3)M4 (and 15.6(3)M of course),
CSCux73159 ("ENH: TLS1.2 Support for SSLVPN on IOS and IOS-XE") is
terminated (it's unclear why).
But maybe the former fix is enough to download the client? I suggest
you try the 15.6(3)M train or later.
lukas
More information about the cisco-nsp
mailing list