5 Replies Latest reply on Jan 22, 2016 12:07 PM by jokearns

    AnyConnect on Server 2012 R2

    ryan.salim

      Hi, I have been trying to get this working to no avail. The same setup works through Windows 10, but not in 2012 R2.

       

      Have anyone been successful?

        • 1. Re: AnyConnect on Server 2012 R2
          jokearns

          Hi

          What sandbox are you connecting to? Can you paste in the error message you are receiving?

           

          Thanks

           

          Joe Kearns

          • 2. Re: AnyConnect on Server 2012 R2
            ryan.salim

            devnetsandboxlabs.cisco.com/rave12

             

            • 3. Re: AnyConnect on Server 2012 R2
              jokearns

              Hi Ryan,

               

              I just tested it here one and its good on this side. We don't have a 2012 R2 machine to test on right now. Trying to source one.

              Is there any way you can try on a separate PC? I can verify it it works on 2007 and 2010. Also, if there is a firewall on the server, please turn it off. Also try rebooting the 2010 servers and attempt the connection again.  If you connecting from within a corporate network, make sure that VPN is allowed out.

               

              Joe

              • 4. Re: AnyConnect on Server 2012 R2
                ryan.salim

                It works on my Windows 10 computer. This Windows 10 computer is connected to the same subnet as the 2012 R2, so it is unlikely a network issue. No firewalls or antiviruses on both systems.

                 

                Also, pardon me if below does not make sense:

                After some Wireshark sessions, it looks like the failure is during TLS handshake. Furthermore, the 'Server Hello' packet to the Win10 machine accepted the TLS_RSA_WITH_RC4_128_MD5

                After much reading, I believe 2012R2 disables all RC4 ciphers. Sure enough, the 'Client Hello' from 2012R2 did not offer any RC4 ciphers.

                My guess is that the sandbox only allows TLS 1.0 with this cipher whereas 2012R2 does not allow it.

                Again, this is not my expertise, so please take my findings with a grain of salt.

                • 5. Re: AnyConnect on Server 2012 R2
                  jokearns

                  Hi Ryan,

                   

                  Thanks for troubleshooting the problem on your side. We will check the requirements our side regarding RC4 ciphers.

                   

                  Is this affecting your testing? do you have a workaround or do you need to the 2012 R2 server connected?

                   

                  Please note that we are experiencing WAN connectivity issues. We will update you shortly when these are resolved.

                   

                  Joe Kearns