SSL VPN error

Answered Question
May 16th, 2010
User Badges:

Hello folks,


We are getting following error when accessing a server resource over SSL VPN,.


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

"the server certificate or its chain does not comply with FIPS....."


I did check on cisco and it says it is related to some cryptography standards. But am unable to understand in what circumstance this error can

occur, specially it is just seen and wasnt seen before accessing the same resource over ssl vpn.


I am tryin to gather more data on this error from the reported person. But that may take couple of days.


Meanwhile, will appreciate if i can get any info regarding this from any members who have faced this before.


Thanks in advance!


Correct Answer by Jennifer Halim about 6 years 11 months ago

2.3, 2.4 and 2.5 are listed as affected. Just double check that 2.2 is not listed in the bug. You might want to downgrade to 2.2 if that is not giving you the error.


Which 2.4 version in particular did you use?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Jennifer Halim Sun, 05/16/2010 - 16:56
User Badges:
  • Cisco Employee,

Seems like you are hitting this bug: CSCta18665 - Need to verify FIPS compliance for server certs on Windows platforms.

Unfortunately bug details are internal, so you might want to open a TAC case.

However, what version of AnyConnect is the user running? and I assume it's AnyConnect windows?

suthomas1 Sun, 05/16/2010 - 17:45
User Badges:

anyconnect vpn client verison being used is 2.2.0136.

Does this cause any issues?

Jennifer Halim Sun, 05/16/2010 - 18:01
User Badges:
  • Cisco Employee,

Yes, version 2.2 is affected.

Please upgrade it to the latest version of 2.4.1012

suthomas1 Wed, 05/19/2010 - 03:41
User Badges:

Thanks, however when the 2.2 client was used , the error doesnt appear.

Later learnt that the error during login( user cant login using 2.4 ver) appeared when client was 2.4 version.


any suggestions on how this is the case .


Appreciate your help!

Correct Answer
Jennifer Halim Thu, 05/20/2010 - 01:05
User Badges:
  • Cisco Employee,

2.3, 2.4 and 2.5 are listed as affected. Just double check that 2.2 is not listed in the bug. You might want to downgrade to 2.2 if that is not giving you the error.


Which 2.4 version in particular did you use?

suthomas1 Thu, 05/20/2010 - 02:01
User Badges:

thanks,this got solved, i asked the user to reinstall to older 2.2 ver and it works fine.


Appreciate your assistance!

CSCO10887915 Wed, 09/29/2010 - 23:37
User Badges:

Hello Suthomas,


I am experiencing the same issue now.May I know you the server of your SSL?Router or ASA....    If it's router please advise the type and IOS version.Thanks.

suthomas1 Thu, 09/30/2010 - 19:54
User Badges:

It was on ASA . User had somehow tried to run an upgraded version of anyconnect.

got resolved after it was downgraded to original.


let me know if you need more information to help your cause.

CSCO10887915 Sun, 10/03/2010 - 07:28
User Badges:

Hi,


My equitment is routers.I tried to test with cisco 2611/3745/2811.However got the same error.Do you have any suggestion?Thanks.

Actions

This Discussion