After upgrading to 9.409-9, Cisco VPN client in Remote Access is broken, symptoms are that you can connect as usual with your client, but no traffic get’s through, the fix is to change the way that SHA2 is being truncated, user HolgerLehn in the Sophos Community has described this:
So in short, go into Shell in the UTM as loginuser, then su for root access, and type this:
“cc change_object REF_IPsecPolicyCisco ipsec_auth_alg sha2_256_96″
No need to reboot the device, just reconnect the VPN and everything works again 