SSL VPN error

Answered Question
May 16th, 2010

Hello folks,

We are getting following error when accessing a server resource over SSL VPN,.

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

"the server certificate or its chain does not comply with FIPS....."

I did check on cisco and it says it is related to some cryptography standards. But am unable to understand in what circumstance this error can

occur, specially it is just seen and wasnt seen before accessing the same resource over ssl vpn.

I am tryin to gather more data on this error from the reported person. But that may take couple of days.

Meanwhile, will appreciate if i can get any info regarding this from any members who have faced this before.

Thanks in advance!

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 6 months ago

2.3, 2.4 and 2.5 are listed as affected. Just double check that 2.2 is not listed in the bug. You might want to downgrade to 2.2 if that is not giving you the error.

Which 2.4 version in particular did you use?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Jennifer Halim Sun, 05/16/2010 - 16:56

Seems like you are hitting this bug: CSCta18665 - Need to verify FIPS compliance for server certs on Windows platforms.

Unfortunately bug details are internal, so you might want to open a TAC case.

However, what version of AnyConnect is the user running? and I assume it's AnyConnect windows?

suthomas1 Sun, 05/16/2010 - 17:45

anyconnect vpn client verison being used is 2.2.0136.

Does this cause any issues?

Jennifer Halim Sun, 05/16/2010 - 18:01

Yes, version 2.2 is affected.

Please upgrade it to the latest version of 2.4.1012

suthomas1 Wed, 05/19/2010 - 03:41

Thanks, however when the 2.2 client was used , the error doesnt appear.

Later learnt that the error during login( user cant login using 2.4 ver) appeared when client was 2.4 version.

any suggestions on how this is the case .

Appreciate your help!

Correct Answer
Jennifer Halim Thu, 05/20/2010 - 01:05

2.3, 2.4 and 2.5 are listed as affected. Just double check that 2.2 is not listed in the bug. You might want to downgrade to 2.2 if that is not giving you the error.

Which 2.4 version in particular did you use?

suthomas1 Thu, 05/20/2010 - 02:01

thanks,this got solved, i asked the user to reinstall to older 2.2 ver and it works fine.

Appreciate your assistance!

CSCO10887915 Wed, 09/29/2010 - 23:37

Hello Suthomas,

I am experiencing the same issue now.May I know you the server of your SSL?Router or ASA....    If it's router please advise the type and IOS version.Thanks.

suthomas1 Thu, 09/30/2010 - 19:54

It was on ASA . User had somehow tried to run an upgraded version of anyconnect.

got resolved after it was downgraded to original.

let me know if you need more information to help your cause.

CSCO10887915 Sun, 10/03/2010 - 07:28

Hi,

My equitment is routers.I tried to test with cisco 2611/3745/2811.However got the same error.Do you have any suggestion?Thanks.

Actions

This Discussion