Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
0
Helpful
0
Replies

Anyconnect on Cisco 886 not working

gdanatzis
Level 1
Level 1

‎02-06-2023 01:04 AM

Hello team,

We are experiencing a really odd problem and I would like your help if it is possible.

I configured a Cisco 886VA router as a anyconnect server with anyconnect version 4.7.04056.
The router iOS is 157-3.M4a.

The configuration I used is the bellow:

crypto vpn anyconnect flash:/webvpn/anyconnect-win-4.7.04056-webdeploy-k9.pkg sequence 1
crypto key generate rsa label MY-KEYS modulus 2048
!
ip http server
ip http secure-server
!
!
crypto pki trustpoint SSL_CERT
enrollment selfsigned
serial-number
subject-name CN=vpn.trinity.gr
revocation-check crl
rsakeypair MY-KEYS
!
!
crypto pki enroll SSL_CERT

% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Generate Self Signed Router Certificate? [yes/no]: yes

Router Self Signed Certificate successfully created
!
aaa authentication login sslvpn local
!
ip access-list extended NAT_LIST
15 deny 10.5.0.0 0.0.0.255 192.168.100.0 0.0.0.255
!

!
ip local pool SSL_POOL 192.168.100.1 192.168.100.50

webvpn gateway SSLVPN-GATEWAY
ip address xx.xx.xx.xx port 8443
ssl encryption aes256-sha1
ssl trustpoint SSL_CERT
logging enable
inservice
!
webvpn context SSLVPN-CONTEXT
title "TESORO SSL VPN"
!
acl "SSL_SPLIT-ACL"
permit ip 10.5.0.0 0.0.0.255 any
aaa authentication list sslvpn
gateway SSLVPN-GATEWAY
logging enable
!
ssl authenticate verify all
!
url-list "rewite"
inservice
!
policy group WEB-VPN-POLICY
functions svc-enabled
svc address-pool "SSL_POOL" netmask 255.255.255.0
svc keep-client-installed
svc rekey method new-tunnel
svc split include 10.5.0.0 255.255.255.0
svc dns-server primary 8.8.8.8
default-group-policy WEB-VPN-POLICY
!

 

 

I try to connect to the device and I have the debug of webvpn enabled but I can see no log on the specific debug, although in the stats I can see connections starting and closing imediately.
When I opened debug on SSL I get the below entries. 
*Feb 6 08:46:48.946: CRYPTO_OPSSL: SSL3.0 is no longer supported.Enabling only TLS1.0
*Feb 6 08:46:48.966: opssl_SetPKIInfo entry
*Feb 6 08:46:48.966: CRYPTO_OPSSL: Can't find router cert.

I configured the below with no help

ip http tls-version tlsv1.2

Could anyone help?

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card