cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

AnyConnect 4.9 requires more stringent cryptography settings than you may have configured on your head-end

900
Views
15
Helpful
0
Comments
Cisco Employee

Please note that the minimum cryptography settings in AnyConnect 4.9 have been increased. Please ensure that your head-end is properly configured for the more stringent cryptography settings (if applicable) or users will be unable to connect after updating.

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/release/notes/release-notes-anyconnect-4-9.html#Cisco_Reference.dita_cf700242-15ba-4561-ba36-8eff569f93e9

 

  • For SSL VPN, AnyConnect no longer supports the following cipher suites from both TLS and DTLS: DHE-RSA-AES256-SHA and DES-CBC3-SHA

  • For IKEv2/IPsec, AnyConnect no longer supports the following algorithms:

    • Encryption algorithms: DES and 3DES

    • Psuedo Random Function (PRF) algorithm: MD5

    • Integrity algorithm: MD5

    • Diffie-Hellman (DH) groups: 2, 5, 14, 24