Hi,teams

I'm new to ASA and replacing an old ASA5516 with Firepower 1140 as VPN Gateway with AnyConnect.

The VPN configuration for AnyConnect is the same as on ASA5516.

When I attempt to connect VPN by using AnyConnect, It failed.

This is what syslog says

%ASA-6-725001: Starting SSL handshake with server outside:**.**.**.**/39973 to **.**.**.**/443 for unknown session
%ASA-7-725014: SSL lib error. Function: ssl_cipher_list_to_bytes Reason: internal error

It seems like SSL problems?

here is show ssl

Accept connections using SSLv3 or greater and negotiate to TLSv1.2 or greater
Start connections using TLSv1.2 and negotiate to TLSv1.2 or greater
SSL DH Group: group14 (2048-bit modulus, FIPS)
SSL ECDH Group: group19 (256-bit EC)

SSL trust-points:
Self-signed (RSA 2048 bits RSA-SHA256) certificate available
Self-signed (EC 256 bits ecdsa-with-SHA256) certificate available
Certificate authentication is not enabled

here is show version

Cisco Adaptive Security Appliance Software Version 9.16(2)7
SSP Operating System Version 2.10(1.175)
Device Manager Version 7.16(1)

Compiled on Wed 13-Oct-21 07:16 GMT by builders
System image file is "disk0:/installables/switch/fxos-k8-fp1k-lfbff.2.10.1.175.SPA"
Config file at boot was "startup-config"

ciscoasa up 1 hour 5 mins

Hardware: FPR-1140, 14336 MB RAM, CPU Atom C3000 series 1968 MHz, 1 CPU (16 cores)

Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.11.0
Number of accelerators: 6

1: Int: Internal-Data0/0 : address is 00a0.c900.0002, irq 10
3: Int: Not licensed : irq 0
4: Ext: Management1/1 : address is 1859.f5a0.2a01, irq 0
5: Int: Internal-Data1/1 : address is 0000.0100.0001, irq 0

License mode: Smart Licensing

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 1024
Inside Hosts : Unlimited
Failover : Active/Active
Encryption-DES : Enabled
Encryption-3DES-AES : Disabled
Security Contexts : 2
Carrier : Disabled
AnyConnect Premium Peers : 400
AnyConnect Essentials : Disabled
Other VPN Peers : 400
Total VPN Peers : 400
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
Advanced Endpoint Assessment : Enabled
Shared License : Disabled
Total TLS Proxy Sessions : 1000
Cluster : Disabled

Serial Number: XXXXXXXXXXX
Configuration register is 0x1
Configuration has not been modified since last system restart.

here is show running-config

ssl server-version tlsv1.2
ssl client-version tlsv1.2
webvpn
port 8443
enable outside
http-headers
hsts-server
no enable
max-age 31536000
include-sub-domains
no preload
hsts-client
enable
x-content-type-options
x-xss-protection
content-security-policy
anyconnect image disk0:/anyconnect-win-4.10.04071-webdeploy-k9.pkg 1
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable
group-policy test-PC-G internal
group-policy test-PC-G attributes
dns-server value **.**.**.**
vpn-tunnel-protocol ssl-client
group-lock value test-PC
address-pools value vpnpool
dynamic-access-policy-record DfltAccessPolicy
tunnel-group test-PC type remote-access
tunnel-group test-PC general-attributes
default-group-policy test-PC-G
tunnel-group test-PC webvpn-attributes
group-url https://**.**.**.**:8443/**/ enable

If you need more information or detailed configuration information please let me know.

Any advices would be appriciated.