Hello, in order to find the problem I tapped into the SSL channel using socat and tcpdump and extracted the handshake: Client: POST / HTTP/1.1 Cache-Control: no-cache Connection: close Pragma: no-cache User-Agent: AnyConnect Windows 3.0.07059 X-Transcend-Version: 1 X-Aggregate-Auth: 1 X-AnyConnect-Platform: win Content-Length: 243 Host: lync.gmvl.de <?xml version="1.0" encoding="UTF-8"?> <config-auth client="vpn" type="init"> <device-id>win</device-id> <version who="vpn">3.0.07059</version> <group-select>full</group-select> <group-access>https://lync.gmvl.de</group-access> </config-auth> Server: HTTP/1.1 200 OK Connection: Keep-Alive Content-Type: text/xml Content-Length: 209 X-Transcend-Version: 1 <?xml version="1.0" encoding="UTF-8"?> <auth id="main"> <message>Please enter your username</message> <form method="post" action="/auth"> <input type="text" name="username" label="Username:" /> </form></auth> Client: POST /auth HTTP/1.1 Cache-Control: no-cache Connection: Close Pragma: no-cache User-Agent: AnyConnect Windows 3.0.07059 X-Transcend-Version: 1 X-Aggregate-Auth: 1 X-AnyConnect-Platform: win Content-Length: 17 Host: lync.gmvl.de username=sithglan Server: HTTP/1.1 200 OK Connection: Keep-Alive Content-Type: text/xml Content-Length: 213 X-Transcend-Version: 1 <?xml version="1.0" encoding="UTF-8"?> <auth id="main"> <message>Please enter your password</message> <form method="post" action="/auth"> <input type="password" name="password" label="Password:" /> </form></auth> Client: POST /auth HTTP/1.1 Cache-Control: no-cache Connection: Close Pragma: no-cache User-Agent: AnyConnect Windows 3.0.07059 X-Transcend-Version: 1 X-Aggregate-Auth: 1 X-AnyConnect-Platform: win Content-Length: 19 Host: lync.gmvl.de password=password HTTP/1.1 200 OK Connection: Keep-Alive Content-Type: text/xml Content-Length: 209 X-Transcend-Version: 1 <?xml version="1.0" encoding="UTF-8"?> <auth id="main"> <message>Please enter your username</message> <form method="post" action="/auth"> <input type="text" name="username" label="Username:" /> </form></auth> What I don't like here is that it is just using a post but on [1] it says it should use a format similiar to: <config-auth client="vpn" type="auth-reply"> <version who="vpn">v5.01</version> <device-id>linux-64</device-id> <auth><username>test</username></auth> </config-auth> [1] http://nmav.gnutls.org/2013/11/inside-ssl-vpn-protocol.html Than I tapped into my working Cisco ASA and tried again and got [I removed the chunked encoding indicators]: Client: POST / HTTP/1.1 Cache-Control: no-cache Connection: close Pragma: no-cache User-Agent: AnyConnect Windows 3.0.07059 X-Transcend-Version: 1 X-Aggregate-Auth: 1 X-AnyConnect-Platform: win Content-Length: 243 Host: lync.gmvl.de <?xml version="1.0" encoding="UTF-8"?> <config-auth client="vpn" type="init"> <device-id>win</device-id> <version who="vpn">3.0.07059</version> <group-select>full</group-select> <group-access>https://lync.gmvl.de</group-access> </config-auth> HTTP/1.1 200 OK Server: Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Sat, 11 Jan 2014 18:59:34 GMT X-Aggregate-Auth: 1 <?xml version="1.0" encoding="UTF-8"?> <config-auth client="vpn" type="auth-request"> <version who="sg">9.1(3)</version> <opaque is-for="sg"> <tunnel-group>FullProfile</tunnel-group> <group-alias>full</group-alias> <config-hash>1389266861559</config-hash> </opaque> <auth id="main"> <form> <input type="text" name="username" label="Username:"></input> <input type="password" name="password" label="Password:"></input> <select name="group_list" label="GROUP:"> <option>eclogic</option> <option>fallback</option> <option selected="true">full</option> <option>split</option> <option>svdc</option> <option>vcloud</option> <option>vl</option> </select> </form> </auth> </config-auth> Client: POST / HTTP/1.1 Cache-Control: no-cache Connection: Close Pragma: no-cache User-Agent: AnyConnect Windows 3.0.07059 X-Transcend-Version: 1 X-Aggregate-Auth: 1 X-AnyConnect-Platform: win Content-Length: 503 Host: lync.gmvl.de <?xml version="1.0" encoding="UTF-8"?> <config-auth client="vpn" type="auth-reply"> <device-id>win</device-id> <version who="vpn">3.0.07059</version> <session-token></session-token> <session-id></session-id> <opaque is-for="sg"> <tunnel-group>FullProfile</tunnel-group> <group-alias>full</group-alias> <config-hash>1389266861559</config-hash></opaque> <auth> <password><![CDATA[password]]></password> <username><![CDATA[sithglan]]></username></auth> <group-select>full</group-select> </config-auth> Server: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Sat, 11 Jan 2014 18:59:39 GMT X-Aggregate-Auth: 1 <?xml version="1.0" encoding="UTF-8"?> <config-auth client="vpn" type="complete"> <version who="sg">9.1(3)</version> <session-id>12288</session-id> <session-token>02F9D1 at 12288@188C at D7B405A4A46480CF364F1A6FD51998A0025DC727</session-token> <auth id="success"> <message id="0" param1="" param2=""></message> </auth> <config client="vpn" type="private"> <vpn-base-config> <base-package-uri>/CACHE/stc/1</base-package-uri> <server-cert-hash>2AE259E8BCA295F6EBABDE16CE9A8950B8BF9ADB</server-cert-hash> </vpn-base-config> <opaque is-for="vpn-client"><service-profile-manifest> <ServiceProfiles rev="1.0"> <Profile service-type="user"> <FileName></FileName> <FileExtension>xml</FileExtension> <Directory></Directory> <DeployDirectory></DeployDirectory> <Description>AnyConnect VPN Profile</Description> <DownloadRemoveEmpty>false</DownloadRemoveEmpty> </Profile> <Profile service-type="nam"> <FileName>configuration.xml</FileName> <FileExtension>nsp</FileExtension> <Directory>Network Access Manager\system</Directory> <DeployDirectory>Network Access Manager\newConfigFiles</DeployDirectory> <Description>NAM Service Profile</Description> <DownloadRemoveEmpty>false</DownloadRemoveEmpty> </Profile> <Profile service-type="telemetry"> <FileName>Telemetry_ServiceProfile.xml</FileName> <FileExtension>tsp</FileExtension> <Directory>Telemetry</Directory> <DeployDirectory>Telemetry</DeployDirectory> <Description>Telemetry Service Profile</Description> <DownloadRemoveEmpty>false</DownloadRemoveEmpty> </Profile> <Profile service-type="websecurity"> <FileName>WebSecurity_ServiceProfile.wso</FileName> <FileExtension>wsp</FileExtension> <DerivedFileExtension>wso</DerivedFileExtension> <Directory>Web Security</Directory> <DeployDirectory>Web Security</DeployDirectory> <Description>Web Security Service Profile</Description> <DownloadRemoveEmpty>false</DownloadRemoveEmpty> </Profile> </ServiceProfiles> </service-profile-manifest> <vpn-client-pkg-version> <pkgversion>3,0,07059</pkgversion> </vpn-client-pkg-version> <vpn-core-manifest> <vpn rev="1.0"> <file version="3.0.07059" id="VPNCore" is_core="yes" type="exe" action="install"> <uri>binaries/anyconnect-win-3.0.07059-web-deploy-k9.exe</uri> <display-name>AnyConnect Secure Mobility Client</display-name> </file> <file version="3.0.07059" id="gina" is_core="no" type="exe" action="install" module="vpngina"> <uri>binaries/anyconnect-gina-win-3.0.07059-web-deploy-k9.exe</uri> <display-name>AnyConnect SBL</display-name> </file> <file version="3.0.07059" id="DART" is_core="no" type="msi" action="install" module="dart"> <uri>binaries/anyconnect-dart-win-3.0.07059-k9.msi</uri> <display-name>AnyConnect DART</display-name> </file> <file version="3.0.07059" id="Posture" is_core="no" type="msi" action="install" module="posture"> <uri>binaries/anyconnect-posture-win-3.0.07059-web-deploy-k9.msi</uri> <display-name>AnyConnect Posture</display-name> </file> <file version="3.0.07059" id="Telemetry" is_core="no" type="exe" action="install" module="telemetry"> <uri>binaries/anyconnect-telemetry-win-3.0.07059-web-deploy-k9.exe</uri> <display-name>AnyConnect Telemetry</display-name> </file> <file version="3.0.07059" id="WebSecurity" is_core="no" type="exe" action="install" module="websecurity"> <uri>binaries/anyconnect-websecurity-win-3.0.07059-web-deploy-k9.exe</uri> <display-name>AnyConnect Web Security</display-name> </file> <file version="3.0.07059" id="NAM" is_core="no" type="msi" action="install" module="nam"> <uri>binaries/anyconnect-nam-win-3.0.07059-k9.msi</uri> <display-name>AnyConnect Network Access Manager</display-name> </file> </vpn> </vpn-core-manifest> <custom-attr></custom-attr> </opaque> <vpn-profile-manifest> <vpn rev="1.0"> <file type="profile" service-type="user"> <uri>/CACHE/stc/profiles/GlanzmannProfile.xml</uri> <hash type="sha1">D7BF8E3C710D4E980563C370F5A5F5C529501B9A</hash> </file> </vpn> </vpn-profile-manifest> </config> </config-auth> Client: CONNECT /CSCOSSLC/tunnel HTTP/1.1 Host: lync.gmvl.de User-Agent: Cisco AnyConnect VPN Agent for Windows 3.0.07059 Cookie: webvpn=02F9D1 at 12288@188C at D7B405A4A46480CF364F1A6FD51998A0025DC727 X-CSTP-Version: 1 X-CSTP-Hostname: lenovo X-CSTP-MTU: 1306 X-CSTP-Address-Type: IPv6,IPv4 X-DTLS-Master-Secret: D40F07275F15A18F5872905B79FDAC4FD8C33EA13503DF29878C10FE6DA1D025B1128C66AB06E3EB1CEBBBFFF00CBC08 X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA X-DTLS-Accept-Encoding: lzs X-CSTP-Accept-Encoding: lzs,deflate X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc. Server: HTTP/1.1 200 OK Server: ASA (9.1(3)) X-CSTP-Version: 1 X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc. X-CSTP-Address: 10.11.11.1 X-CSTP-Netmask: 255.255.255.0 X-CSTP-Address: 2a01:x:y:z::1 X-CSTP-Netmask: 2a01:x:y:z::1/64 X-CSTP-DNS: 10.10.10.1 X-CSTP-Lease-Duration: 1209600 X-CSTP-Session-Timeout: none X-CSTP-Idle-Timeout: 1800 X-CSTP-Disconnected-Timeout: 1800 X-CSTP-Keep: true X-CSTP-Tunnel-All-DNS: false X-CSTP-DPD: 30 X-CSTP-Keepalive: 20 X-CSTP-MSIE-Proxy-Lockdown: true X-CSTP-Smartcard-Removal-Disconnect: true X-DTLS-Session-ID: 830073086B06ACC6188764C23C54CED37CB98A152487D68B7DF631BA9DCF0243 X-DTLS-Port: 443 X-DTLS-Keepalive: 20 X-DTLS-DPD: 30 X-CSTP-MTU: 1306 X-DTLS-CipherSuite: AES128-SHA X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false X-CSTP-TCP-Keepalive: true So the initial handshake looks completly different. Any ideas what I'm doing wrong? Cheers, Thomas