Solved: Re: Cisco FMC/FTD TLS 1.3 Anyconnect support

chocolate2395777 · ‎07-13-2023

Hi Team

I have upgraded FMC and FTD to the latest version which is 7.3.1(FMC) and 7.3.0(FTD).

I am using TLS 1.2 for a while and want to change TLS 1.3 for security reasons. After selecting TLS 1.3, and can't connect VPN AnyConnect on a Windows client but everything works fine with the mobile Anyconnect app. It was everything fine with TLS1.2 Windows and mobile app.

The Anyconnect version is 4.10.07062 which is the latest version.

Does anyone know do I need to enable something inside the Anyconnect profile for Windows?

Thank

Rob Ingram · ‎07-13-2023

@chocolate2395777 to use TLS 1.3 for RAVPN you need to use Secure Client 5.0 (which is the new name for AnyConnect and the latest version).

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/release-notes/threat-defense/730/threat-defense-release-notes-73/features.html

https://software.cisco.com/download/home/286330811/type/282364313/release/5.0.03076

View solution in original post

Pavan Gundu · ‎07-13-2023

From the FTD CLI sh run all ssl

Take captures on the public interface of the FTD to confirm SSL handshake is getting completed. For example

capture capout interface outside match ip host <FTD-pub-IP> host <Client-Pub-IP>

Rob Ingram · ‎07-13-2023

@chocolate2395777 to use TLS 1.3 for RAVPN you need to use Secure Client 5.0 (which is the new name for AnyConnect and the latest version).

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/release-notes/threat-defense/730/threat-defense-release-notes-73/features.html

https://software.cisco.com/download/home/286330811/type/282364313/release/5.0.03076

chocolate2395777 · ‎07-14-2023

Hi Rob,

It works after upgrading to Secure Client 5.0.

Thanks a lot.