Cisco VPN Client not route after update 9.409-9

Question

Hi, 
 i have updated my Sophos UTM SG310 to the version in subject. 
 Before i did the update I could get access on every network devices over Ipesc Cisco with the iPhone of my company. 
 Now after the update I'm not able to do it anymore. 
 The Connecting and the authentication are ok (VPN Connected) but I can't ping any device on any network (Request timeout). 
 SSL and PPTP works fine. 
 
 Can somebody help me about this issue ? 
 
 Tommaso

HolgerLehn · Accepted Answer

Hi, 
 if you are using CISCO VPN on your iPhone there is a problem according to SHA2 truncation. CISCO VPN needs non-RFC truncation after 96 bit. RFC-standard is 128 bit. 
 
 To change the policy for CISCO VPN back to 96bit truncation, please execute the following command line 
 cc change_object REF_IPsecPolicyCisco ipsec_auth_alg sha2_256_96 
 
 Please report if this solves your problem. At least for iOS there are several other customer where this was the solution. Thank you in advance Regards, Holger

Alex Hee · Answer

This latest update 9.409-9 also caused some issue on my VPN connection. However, I did solve it at last. 
 
 This is what I did. 
 
 Go to Network Protection - Firewall - Advanced turned off Block invalid packets 
 
 Then go to Management - Backup/Restore & restore my configuration to 9.408-4 . 
 
 I'm not sure what is going wrong with this new firmware 9.409-9 but this is how I solve my VPN connection issue. You may give it a try if still can't get it solve. Hope can help.

sachingurung · Answer

Hi Tommaso, 
 Try the suggestion made by Alex and let us know if that helps. It is reported as a BUG in the latest version under the ID NUTM-6375. 
 Thanks