Secure Access Clients Recieve EER_SSL_Protocol_Error

zachartl · ‎07-25-2025

Hello,

We are receiving reports of some VPN Client users, who will get this error message (screen shot attached). We're not utilizing SSL VPN. We're utilizing the Cisco Secure Client version 5.1.8

This problem seems to occur when our users are in public spaces, Hotels, Libraries for example. I am unable to find any support threads relating to this issue and so I'm writing you all to see if you've any idea what could be sometimes creating this issue. We're using both MFA (Azure Entra) and Username password. The VPN Device is a Cisco ASA, version 9.18.4(22).

Thank you,

Terry

MHM Cisco World · ‎07-25-2025

You use asa or ftd ?

MHM

zachartl · ‎07-25-2025

We're using an ASA as our VPN head-end.

MHM Cisco World · ‎07-25-2025

Do

Show ssl <<- in asa check ssl verion use

It can client use different ver than asa

MHM

zachartl · ‎07-25-2025

We use package files to upgrade our VPN client software from the ASA. If you log into our ASA for VPN connection and the ASA detects a client version less than the version we've installed, the ASA will automatically upgrade the VPN client software. All of our clients are at 5.1.8 (Cisco Secure Client).

MHM Cisco World · ‎07-25-2025

I am talking about ssl ver not secure client ver.

The error log meaning there is issue in ssl protocol

MHM

zachartl · ‎07-25-2025

I see, sorry about that.

Accept connections using SSLv3 or greater and negotiate to TLSv1.2 or greater
Start connections using TLSv1 and negotiate to TLSv1 or greater
SSL DH Group: group14 (2048-bit modulus, FIPS)
SSL ECDH Group: group19 (256-bit EC)

SSL trust-points:
Self-signed (RSA 2048 bits RSA-SHA256) certificate available
Self-signed (EC 256 bits ecdsa-with-SHA256) certificate available
Interface Outside: xxx-xxx.xxxxxx050825.trustpoint (RSA 2048 bits RSA-SHA256)
Certificate authentication is not enabled

MHM Cisco World · ‎07-25-2025

Debug webvpn anyconnect 255 <<- share this debug when anyconnect failed

MHM