Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1589
Views
10
Helpful
3
Replies

err_ssl_version_or_cipher_mismatch

hamzaezzy
Level 1
Level 1

‎09-27-2022 05:13 AM

Hello everyone,

I have configured Anyconnect VPN on one of our routers.

When I navigate to the URL, I get ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Following is the configuration:

crypto pki trustpoint TP2020
enrollment selfsigned
subject-name CN=vpn.self.com
subject-alt-name vpn.self.com
revocation-check crl
rsakeypair my-rsa-keys

!
ip local pool webpool 192.168.8.81 192.168.8.120

!

webvpn gateway Cisco-WebVPN-Gateway
ip address 1.1.1.1 port 443
ssl encryption 3des-sha1 aes128-sha1 aes256-sha1
ssl trustpoint TP2020
inservice
!
webvpn context Cisco-WebVPN
title "WebVPN - Powered By Cisco"
!
acl "ssl-acl"
permit ip 192.168.8.0 255.255.255.0 2.2.0.0 255.255.0.0
permit ip 192.168.8.0 255.255.255.0 1.1.1.0 255.255.255.0
login-message "Secure WebVPN"
aaa authentication list sslvpn
gateway Cisco-WebVPN-Gateway
max-users 25
!
ssl authenticate verify all
inservice
!
policy group webvpnpolicy
functions svc-enabled
filter tunnel ssl-acl
svc address-pool "webpool" netmask 255.255.255.0
svc rekey method new-tunnel
svc split include 2.2.0.0 255.255.0.0
svc split include 1.1.1.0 255.255.255.0
default-group-policy webvpnpolicy

How to resolve this issue?

Thank you

Labels:
3 Replies 3

Rob Ingram
VIP
VIP

‎09-27-2022 05:23 AM

@hamzaezzy what router hardware and software version are you running this on? It's likely that the SSL version and/or cipher running on the router is not supported by the connecting client. So if it's old hardware/software version, upgrade it or consider using an IKEv2/IPSec VPN (FlexVPN) instead of SSL.

hamzaezzy
Level 1
Level 1
In response to Rob Ingram

‎09-27-2022 11:37 PM

Hi Rob,

Thank you for replying.

Software: Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.7(3)M6, RELEASE SOFTWARE (fc1)

Hardware: CISCO2911/K9

 

0 Helpful

saifuddin.miyaji
Level 3
Level 3

‎10-01-2022 05:31 AM

We are also experiencing the same issue. Anyconnect VPN has been configured on C2900 Router. Its works fine from the AC Client but we cant access it via web for administration or AC client download. Is there anyway to findout what exactly is a mismatch here? Is it the version of the SSL or the Ciphers...or something else. "debug http ssl all" on IOS does not reveal much on this mismatch.

Please advise.

Br

Saif

0 Helpful
Customers Also Viewed These Support Documents