Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
990
Views
0
Helpful
4
Replies

Anyconnect on Cisco800 series

Yannis94
Level 1
Level 1

‎02-06-2023 01:55 AM

Hello team,

We are experiencing a really odd problem and I would like your help if it is possible.

I configured a Cisco 886VA router as a anyconnect server with anyconnect version 4.7.04056.
The router iOS is 157-3.M4a.

The configuration I used is the bellow:

crypto vpn anyconnect flash:/webvpn/anyconnect-win-4.7.04056-webdeploy-k9.pkg sequence 1
crypto key generate rsa label MY-KEYS modulus 2048
!
ip http server
ip http secure-server
!
!
crypto pki trustpoint SSL_CERT
enrollment selfsigned
serial-number
subject-name CN=vpn.trinity.gr
revocation-check crl
rsakeypair MY-KEYS
!
!
crypto pki enroll SSL_CERT

% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Generate Self Signed Router Certificate? [yes/no]: yes

Router Self Signed Certificate successfully created
!
aaa authentication login sslvpn local
!
ip access-list extended NAT_LIST
15 deny 10.5.0.0 0.0.0.255 192.168.100.0 0.0.0.255
!

!
ip local pool SSL_POOL 192.168.100.1 192.168.100.50

webvpn gateway SSLVPN-GATEWAY
ip address xx.xx.xx.xx port 8443
ssl encryption aes256-sha1
ssl trustpoint SSL_CERT
logging enable
inservice
!
webvpn context SSLVPN-CONTEXT
title "TESORO SSL VPN"
!
acl "SSL_SPLIT-ACL"
permit ip 10.5.0.0 0.0.0.255 any
aaa authentication list sslvpn
gateway SSLVPN-GATEWAY
logging enable
!
ssl authenticate verify all
!
url-list "rewite"
inservice
!
policy group WEB-VPN-POLICY
functions svc-enabled
svc address-pool "SSL_POOL" netmask 255.255.255.0
svc keep-client-installed
svc rekey method new-tunnel
svc split include 10.5.0.0 255.255.255.0
svc dns-server primary 8.8.8.8
default-group-policy WEB-VPN-POLICY
!

 

 

I try to connect to the device and I have the debug of webvpn enabled but I can see no log on the specific debug, although in the stats I can see connections starting and closing imediately.
When I opened debug on SSL I get the below entries. 
*Feb 6 08:46:48.946: CRYPTO_OPSSL: SSL3.0 is no longer supported.Enabling only TLS1.0
*Feb 6 08:46:48.966: opssl_SetPKIInfo entry
*Feb 6 08:46:48.966: CRYPTO_OPSSL: Can't find router cert.

I configured the below with no help

ip http tls-version tlsv1.2

Could anyone help?

Labels:
0 Helpful
4 Replies 4

ekdaniel
Cisco Employee
Cisco Employee

‎03-10-2023 09:52 AM - edited ‎03-10-2023 10:02 AM

Hi there,

 

Sorry for the delayed response!

 

Can you please provide your Cisco Umbrella account name? Also, have you tried reaching out to our Support team on this?

 

They can be reached at umbrella-support@cisco.com or by phone directly from your dashboard, if you have an 'Enhanced Support' Package.

 

Thank you!

 

Ekow 

0 Helpful

Yannis94
Level 1
Level 1
In response to ekdaniel

‎03-18-2023 06:48 AM

Hello ekdaniel,

Unfortunately, I do not have one.

Either way I managed to find a solution to my problem.

Thank you very much.

0 Helpful

ekdaniel
Cisco Employee
Cisco Employee
In response to Yannis94

‎03-24-2023 08:24 AM

Hello there,

 

I'm glad you were able to find a solution to your problem. So do you not have a Cisco Umbrella account?

 

Thanks,

 

Ekow

0 Helpful

Yannis94
Level 1
Level 1
In response to ekdaniel

‎04-21-2023 01:24 AM

Hello ekdaniel,

No I do not.

0 Helpful
Customers Also Viewed These Support Documents