ā08-24-2022 08:49 PM - edited ā08-24-2022 08:53 PM
I have a Cisco ASA 5510 running version 8.4(7)30. The new certificate just kicked in recently. I verified the SSL certificate through SSL Checker. It's working for our company website, as well as the VPN subdomain (vpn.company.edu). The company homepage is working fine. However, when users try to access said subdomain to install AnyConnect, we get an SSL error (see screenshot below). The only difference between the old (known working) certificate and the new one is the "ou=Domain Control Validated" section, but I was told it was an optional line and wouldn't affect what's going on.
I have verified that our VPN subdomain is on the tunnel-group and group-url. What are we missing here?
Any tip is appreciated. Thank you.
ā08-25-2022 12:48 AM
ASA 5510 running version 8.4(7)30 - this ASA code is quite OLD, and has been out of the market for ages. (you need to uplift to latest stable)
coming back to your issue :
ERR_SSL_VERSION_OR_CIPHER_MISMATCH - this show either your subdomain having an issue with DNS records or SSL not supported, try enabling on the browser TLS 1.2 or higher.
ā08-25-2022 07:20 AM
Yeah, updating the certificate on this old ASA is a mere interim procedure. We are migrating to a newer Cisco firewall soon. Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide