Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2416
Views
0
Helpful
4
Replies

Cisco AnyConnect VPN client and 256 AES encryption in IE8

Alienufo736
Level 1
Level 1

‎02-16-2012 03:19 PM - edited ‎02-21-2020 05:53 PM

Hey,

We have a site that we are trying to connect to with the AnyConnect VPN client version 2.5.3055 on Windows XP SP3. As soon as we enter the site info and hit select, it says a connection was unable to be established.

I believe this has to do with the encryption, its set up with 256 bit AES. We are only able to install IE8, which on XP only supports up to 128 bit encryption, so in IE8 the page will not load. To fix that issue we installed firefox which supports 256 bit encryption. We can get to the page there, but when we go to connect to the same site VIA the VPN client it still will not connect. It will work fine on a windows 7 box with IE9 installed from the same network.

My question mainly pertains to how the AnyConnect client connects on the back end. Does it use Internet explorer's SSL layer by default? Or does it have its own? If it connects through internet explorer, is there a way to change it to firefox so it will actually be able to open up a connection?

Thank you for your answers in advance,

John

Labels:
0 Helpful
4 Replies 4

Jeff Van Houten
Level 5
Level 5

‎02-16-2012 06:46 PM

Browser isn't needed. You can start the any connect client by itself, enter the ip address of the Asa and start a connection.

Sent from Cisco Technical Support iPad App

0 Helpful

Alienufo736
Level 1
Level 1
In response to Jeff Van Houten

‎02-17-2012 08:26 AM

Hey Jeff,

Thanks for answering that question. Hmm, so it doesnt go through the browsers SSL layer. We have systems on the same network (same proxy, firewall, vlan, etc). All the systems with windows XP SP3 and IE8/IE7 can not connect to the VPN (they arent even able to start the connection and ask for proxy/logon info.), all the systems with windows 7 and IE9 can. Same setups on each one as far as the security policies go as well. I thought it may have to do with the 256 bit encryption that they are using.

If thats not the case, what else could be causing the problem? weve tested it on about 5 XP machines and 5 Win 7 machines, same results on each. Connects on Win 7, does not connect on Win XP.

Thanks,

John

0 Helpful

Jeff Van Houten
Level 5
Level 5
In response to Alienufo736

‎02-17-2012 08:31 AM

I’ve got XP SP3 and IE 8 on my PC at home and it works fine. I’ve also got various Windows 7 machines and it’s working fine. I’ll take a look at the ASA and see how the encryption is configured for the webvpn.

0 Helpful

Alienufo736
Level 1
Level 1

‎03-22-2012 09:43 AM

Just wanted to update on this, it was the encryption causing the issue. 256 AES is not in the windows XP encryption library, which is why none of the IE versions support it on winXP. Firefox has its own encryption cypher library which is why it can support it. We ended up setting up an IPSEC VPN and are using the standard Cisco VPN client.

0 Helpful
Customers Also Viewed These Support Documents