VPN subdomain not working

Beaker Bunsen · ‎08-24-2022

I have a Cisco ASA 5510 running version 8.4(7)30. The new certificate just kicked in recently. I verified the SSL certificate through SSL Checker. It's working for our company website, as well as the VPN subdomain (vpn.company.edu). The company homepage is working fine. However, when users try to access said subdomain to install AnyConnect, we get an SSL error (see screenshot below). The only difference between the old (known working) certificate and the new one is the "ou=Domain Control Validated" section, but I was told it was an optional line and wouldn't affect what's going on.

I have verified that our VPN subdomain is on the tunnel-group and group-url. What are we missing here?

Any tip is appreciated. Thank you.

balaji.bandi · ‎08-25-2022

ASA 5510 running version 8.4(7)30 - this ASA code is quite OLD, and has been out of the market for ages. (you need to uplift to latest stable)

coming back to your issue :

ERR_SSL_VERSION_OR_CIPHER_MISMATCH - this show either your subdomain having an issue with DNS records or SSL not supported, try enabling on the browser TLS 1.2 or higher.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Beaker Bunsen · ‎08-25-2022

Yeah, updating the certificate on this old ASA is a mere interim procedure. We are migrating to a newer Cisco firewall soon. Thank you.