Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
This is also seen in IOS 9.9.2.x with the common factor being AnyConnect 4.7.00136 having issues with DTLS. Once any GCM certs are disabled on the ASA ex. doing ssl cipher tlsv1.2 custom "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA" ...
Check your ASA that you are utilizing the correct module for the IPS. At the ASA config itself... Note disabling the health alerts does stop the alerts but may not resolve the underlying issue.
policy-map global_policy
class IPS sfr fail-open
v...
