Please note that the minimum cryptography settings in AnyConnect 4.9 have been increased. Please ensure that your head-end is properly configured for the more stringent cryptography settings (if applicable) or users will be unable to connect after updating.
https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/release/notes/release-notes-anyconnect-4-9.html#Cisco_Reference.dita_cf700242-15ba-4561-ba36-8eff569f93e9
-
For SSL VPN, AnyConnect no longer supports the following cipher suites from both TLS and DTLS: DHE-RSA-AES256-SHA and DES-CBC3-SHA
-
For IKEv2/IPsec, AnyConnect no longer supports the following algorithms:
-
Encryption algorithms: DES and 3DES
-
Psuedo Random Function (PRF) algorithm: MD5
-
Integrity algorithm: MD5
-
Diffie-Hellman (DH) groups: 2, 5, 14, 24