09-27-2022 05:13 AM
Hello everyone,
I have configured Anyconnect VPN on one of our routers.
When I navigate to the URL, I get ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
Following is the configuration:
crypto pki trustpoint TP2020
enrollment selfsigned
subject-name CN=vpn.self.com
subject-alt-name vpn.self.com
revocation-check crl
rsakeypair my-rsa-keys
!
ip local pool webpool 192.168.8.81 192.168.8.120
!
webvpn gateway Cisco-WebVPN-Gateway
ip address 1.1.1.1 port 443
ssl encryption 3des-sha1 aes128-sha1 aes256-sha1
ssl trustpoint TP2020
inservice
!
webvpn context Cisco-WebVPN
title "WebVPN - Powered By Cisco"
!
acl "ssl-acl"
permit ip 192.168.8.0 255.255.255.0 2.2.0.0 255.255.0.0
permit ip 192.168.8.0 255.255.255.0 1.1.1.0 255.255.255.0
login-message "Secure WebVPN"
aaa authentication list sslvpn
gateway Cisco-WebVPN-Gateway
max-users 25
!
ssl authenticate verify all
inservice
!
policy group webvpnpolicy
functions svc-enabled
filter tunnel ssl-acl
svc address-pool "webpool" netmask 255.255.255.0
svc rekey method new-tunnel
svc split include 2.2.0.0 255.255.0.0
svc split include 1.1.1.0 255.255.255.0
default-group-policy webvpnpolicy
How to resolve this issue?
Thank you
09-27-2022 05:23 AM
@hamzaezzy what router hardware and software version are you running this on? It's likely that the SSL version and/or cipher running on the router is not supported by the connecting client. So if it's old hardware/software version, upgrade it or consider using an IKEv2/IPSec VPN (FlexVPN) instead of SSL.
09-27-2022 11:37 PM
Hi Rob,
Thank you for replying.
Software: Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.7(3)M6, RELEASE SOFTWARE (fc1)
Hardware: CISCO2911/K9
10-01-2022 05:31 AM
We are also experiencing the same issue. Anyconnect VPN has been configured on C2900 Router. Its works fine from the AC Client but we cant access it via web for administration or AC client download. Is there anyway to findout what exactly is a mismatch here? Is it the version of the SSL or the Ciphers...or something else. "debug http ssl all" on IOS does not reveal much on this mismatch.
Please advise.
Br
Saif
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide