[c-nsp] Anyconnect VPN on IOS that supports TLS 1.2

Lukas Tribus lists at ltri.eu
Fri Aug 7 15:05:28 EDT 2020


Hello,

On Fri, 7 Aug 2020 at 19:46, Chuck Church <chuckchurch at gmail.com> wrote:
>
> Hey all,
>
>
>
>                 I've got a small company I support occasionally that deploys
> Anyconnect VPN service on small ISR G2 models for customers.  It seems that
> recently Chrome and it seems like Edge and IE are not allowing connections
> to TLS 1.0 or anything SSL.  It appears that based on googling this is a
> known issue, that was resolved on ASA with a recent 9.x release.  Anyone
> know a work-around for IOS 15.x?  Once the users of the VPN login once to
> the portal page then can install the anyconnect client and never use the
> browser again.  But that first time is an issue.  The configs are good,
> works fine on older Firefox versions.

While CSCuv27265 ("ENH: Enable support for TLSv1.1 & TLSv1.2 for http
secure server/client") is fixed in 15.5(3)M4 (and 15.6(3)M of course),
CSCux73159 ("ENH: TLS1.2 Support for SSLVPN on IOS and IOS-XE") is
terminated (it's unclear why).

But maybe the former fix is enough to download the client? I suggest
you try the 15.6(3)M train or later.



lukas


More information about the cisco-nsp mailing list