02-16-2012 03:19 PM - edited 02-21-2020 05:53 PM
Hey,
We have a site that we are trying to connect to with the AnyConnect VPN client version 2.5.3055 on Windows XP SP3. As soon as we enter the site info and hit select, it says a connection was unable to be established.
I believe this has to do with the encryption, its set up with 256 bit AES. We are only able to install IE8, which on XP only supports up to 128 bit encryption, so in IE8 the page will not load. To fix that issue we installed firefox which supports 256 bit encryption. We can get to the page there, but when we go to connect to the same site VIA the VPN client it still will not connect. It will work fine on a windows 7 box with IE9 installed from the same network.
My question mainly pertains to how the AnyConnect client connects on the back end. Does it use Internet explorer's SSL layer by default? Or does it have its own? If it connects through internet explorer, is there a way to change it to firefox so it will actually be able to open up a connection?
Thank you for your answers in advance,
John
02-16-2012 06:46 PM
Browser isn't needed. You can start the any connect client by itself, enter the ip address of the Asa and start a connection.
Sent from Cisco Technical Support iPad App
02-17-2012 08:26 AM
Hey Jeff,
Thanks for answering that question. Hmm, so it doesnt go through the browsers SSL layer. We have systems on the same network (same proxy, firewall, vlan, etc). All the systems with windows XP SP3 and IE8/IE7 can not connect to the VPN (they arent even able to start the connection and ask for proxy/logon info.), all the systems with windows 7 and IE9 can. Same setups on each one as far as the security policies go as well. I thought it may have to do with the 256 bit encryption that they are using.
If thats not the case, what else could be causing the problem? weve tested it on about 5 XP machines and 5 Win 7 machines, same results on each. Connects on Win 7, does not connect on Win XP.
Thanks,
John
02-17-2012 08:31 AM
I’ve got XP SP3 and IE 8 on my PC at home and it works fine. I’ve also got various Windows 7 machines and it’s working fine. I’ll take a look at the ASA and see how the encryption is configured for the webvpn.
03-22-2012 09:43 AM
Just wanted to update on this, it was the encryption causing the issue. 256 AES is not in the windows XP encryption library, which is why none of the IE versions support it on winXP. Firefox has its own encryption cypher library which is why it can support it. We ended up setting up an IPSEC VPN and are using the standard Cisco VPN client.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide