Santos:CCNA Sec 210-260 OCG

Troubleshooting SSL Negotiations

If you have a user who is unable to connect to the Cisco ASA using SSL, follow these steps to isolate the SSL negotiation issues:

Step 1. Verify that the user’s computer can ping the Cisco ASA’s outside IP address.

Step 2. If the user’s workstation can ping the address, issue the show running all | include ssl command on the Cisco ASA and verify that SSL encryption is configured.

Step 3. If SSL encryption is properly configured, use an external sniffer to verify whether the TCP three-way handshake is successful.

Note

AnyConnect clients will fail to establish connection if the Cisco ASAs are configured to accept connection with SSL Server Version 3. You must use TLSv1 for AnyConnect clients. Navigate to Configuration ...

Get Santos:CCNA Sec 210-260 OCG now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Santos:CCNA Sec 210-260 OCG by John Stuppi, Omar Santos

Troubleshooting SSL Negotiations

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly