Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2553
Views
5
Helpful
1
Replies

Cisco AnyConnect client & TLS enforcement

Go to solution
aniketamdekar
Level 1
Level 1

‎01-22-2021 07:39 AM

Hi All,

 

According to the article below, 

https://support.umbrella.com/hc/en-us/articles/360033350851-End-of-Life-for-TLS-1-0-1-1-

 

Except for AnyConnect, the Umbrella Roaming Client, and the AD Connector, Umbrella ended support for TLS 1.0/1.1 in March 2020. However because of backend dependencies, some additional services for dashboard and APIs unofficially continued to support TLS 1.0/1.1 -- On January 27th, these additional services will stop accepting TLS 1.0/1.1 connections. If you have trouble accessing the dashboard or APIs, please check your device for TLS 1.2 support.

 

If we are using the Cisco Anyconnect VPN client 4.6.03049, and if we do not upgrade to the latest version, would the VPN clients stop connecting at all?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎01-22-2021 07:49 AM

Hi @aniketamdekar 

The minimum version for Cisco AnyConnect with Umbrella roaming module: Version 4.8.02042+ (link) OR if using older client version, configure TLS 1.2 use with changes to the Windows Registry with these steps. So if you haven't applied those registry settings then you'll need to upgrade the client, otherwise umbrella functionality won't work.

 

I see no reason why the VPN to the ASA/FTD should not work. Regardless you should upgrade to a newer version of AnyConnect, as you get better performance and it's more secure.

 

You can force the clients to upgrade anyconnect by either enabling updates in the umbrella dashboard or uploading a newer version to the ASA/FTD. The clients will auto upgrade, no need for admin rights.


HTH

 

View solution in original post

1 Reply 1

Go to solution
Rob Ingram
VIP
VIP

‎01-22-2021 07:49 AM

Hi @aniketamdekar 

The minimum version for Cisco AnyConnect with Umbrella roaming module: Version 4.8.02042+ (link) OR if using older client version, configure TLS 1.2 use with changes to the Windows Registry with these steps. So if you haven't applied those registry settings then you'll need to upgrade the client, otherwise umbrella functionality won't work.

 

I see no reason why the VPN to the ASA/FTD should not work. Regardless you should upgrade to a newer version of AnyConnect, as you get better performance and it's more secure.

 

You can force the clients to upgrade anyconnect by either enabling updates in the umbrella dashboard or uploading a newer version to the ASA/FTD. The clients will auto upgrade, no need for admin rights.


HTH

 

Customers Also Viewed These Support Documents