This is also seen in IOS 9.9.2.x with the common factor being AnyConnect 4.7.00136 having issues with DTLS. Once any GCM certs are disabled on the ASA ex. doing ssl cipher tlsv1.2 custom "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA" ...