For the past week I have been unable to connect from my Windows 10 computer to an ASA5505. Each time I try to connect via my standard profiles over IKEv2/IPSEC, I get the error in the attached screenshot. Some facts:
-Exact setup has been working for over a year; no known changes
-Licensing should be good: AnyConnect Premium Peers: 25
-AnyConnect client version 3.1.14018
-ASA5505 running 9.1(7)4
-I can connect via Mac laptop via IKEv2/IPSEC
-I can connect via Windows 10 via DTLS Cipher: RSA_AES_256_SHA1
I have control over both firewalls and I'm not seeing anything that could be blocking this connection suite.
Any ideas? Has there been any recent known Windows 10 updates that break the cipher methods used?
Thanks for any direction.
Edit with further testing: I am located at Remote Site A. I've tested two Windows 10 machines here with the same error result. I just had a friend test at a different Site B, and he was able to connect successfully. And again, I was able to connect via Mac OS from Remote Site C.
So there seems to be something unique about Remote Site A that is preventing an IPSEC/IKEv2 connection negotiating a compatible cipher.
The purpose of this document is to demonstrate how ISE authenticate / authorize a user that uses a smart card (PIN + Certificate) and password mechanism to login their system. This document describes the components used for this setup, configuration of IS...
For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b...
Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli...
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA:
Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...