Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1533
Views
0
Helpful
2
Replies

ASA 5512 version 9.1.2 with AnyConnect 4.9 Diffie Hellman Group issue

Diky Heryadi
Level 1
Level 1

‎07-20-2020 08:59 PM

Hi, I have an issue on my ASA 5512 version 9.1.2 at IPSec VPN with IKEV2.

In the begining, we just use DH Group 1, 2, and 5 on IKEV2 Policy and it works well with AnyConnect Mobile both for Android and iPhone. See the picture below:

Capture.JPG

 

Since AnyConnect Mobile 4.9 for iPhone has released, it forces us to upgrade the AnyConnect. Then iPhone cannot connect to the VPN anymore with this error notification:

WhatsApp Image 2020-07-21 at 10.24.25 AM.jpeg

 

It's impacted to our environment and we have to add DH Group 19 in IKEV2 Policy configuration. When I added DH Group 19, both Android and iPhone cannot connect to the VPN.

Capture2.JPG

 

When I deleted the DH Group 19, just Android can connect to the VPN. I have tried with another DH Group like 20 and 21 but still doesn't work. Please help me.

 

Thanks,

Diky

0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎07-20-2020 11:54 PM

I have no answer to your problem as I never used the Android AnyConnect. But ASA version 9.1x is EOL for a very long time and you really should update to a recent version. Starting with 9.3 there is also TLS 1.2 with much better security supported.

0 Helpful

Diky Heryadi
Level 1
Level 1
In response to Karsten Iwen

‎07-21-2020 12:20 AM

But it works well on ASA 5525 with the same version 9.1.2. Android and iPhone can connect VPN with DH 1, 2, 5, 19 configured. What do you think?
0 Helpful
Customers Also Viewed These Support Documents