https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4070825#M1069364 <P>Hi, did you get a resolution from Cisco on this?</P> Tue, 21 Apr 2020 19:49:11 GMT ryan14 2020-04-21T19:49:11Z https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4026786#M1010213 <P>Hi All</P><P>&nbsp;</P><P>We have been having continuous issues with the Firepower 1120 firewalls at one of our sites.</P><P>Basically when we see the above error in the logs it takes anywhere from a few days to a few weeks before the anyconnect services fail&nbsp; - forcing us to reload the firewall.&nbsp; The TAC team advised us to upgrade the code levels which did not make a difference,</P><P>Sometimes this error appears 100K + times a day in the FTD log prior to requiring a reload . We have just opened a new case for this issue.</P><P>&nbsp;</P><P>Browsing the cisco forums it appears this may be a hardware issue.</P><P>&nbsp;</P><P>Just want to know if anyone else has experience this issue? And what did you do to get it resolved?</P> Mon, 10 Feb 2020 12:48:57 GMT https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4026786#M1010213 kpep 2020-02-10T12:48:57Z https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4048245#M1067922 <P>I also have this problem. Two customers are having issues with Anyconnect not working after around the two week mark. Just performing a failover will resolve the issue. I have a TAC case created and I am working with them on that. This bug has occurred on a 1010 and a 1120 on 6.4.0.6-6.4.0.8 code. I say bug because I have a strong feeling that it is a bug but I do not have a bug ID yet.</P> Wed, 18 Mar 2020 18:18:44 GMT https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4048245#M1067922 thaknownone 2020-03-18T18:18:44Z https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4059943#M1068849 <P>Hi,</P> <P>&nbsp;</P> <P>This might be due to defect CSCvs91869.</P> <DIV class="bugTitle">Please check the defect, match the conditions and symptoms and let me know if they match.</DIV> <DIV class="bugTitle">&nbsp;</DIV> <DIV class="bugTitle">Regards,</DIV> <DIV class="bugTitle">Chakshu</DIV> Mon, 06 Apr 2020 13:56:37 GMT https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4059943#M1068849 Chakshu Piplani 2020-04-06T13:56:37Z https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4066395#M1069199 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/249271">@Chakshu Piplani</a>&nbsp;I have a related problem however my AnyConnect clients are able to still establish a VPN connection.</P><P>&nbsp;</P><P>I have an HA pair of 1140 FTDs and my issue I see is just a random failure of one of the HA pairs and a restart of that 1140.</P><P>&nbsp;</P><P>I am getting the error&nbsp;CRYPTO: Random Number Generator error however I am also running AnyConnect 4.8 which is affected by bug&nbsp;CSCvs40531 and is not fixed until release 6.4.0.8 or 6.5.0.3 however both of those builds don't address this other bug&nbsp;CSCvs91869 as what you have pointed out.</P><P>&nbsp;</P><P>I am being told that 6.6.0 will address both bugs CSCvs40531 and&nbsp;CSCvs91869 however&nbsp;CSCvs91869 is not listed as a resolved bug in the release notes.</P><P>&nbsp;</P><P>Can you confirm?</P> Wed, 15 Apr 2020 13:32:25 GMT https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4066395#M1069199 mgomez 2020-04-15T13:32:25Z https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4066419#M1069200 Don't upgrade your 1140s to 6.4.0.8. There is another bug that prevents 4.8 Anyconnect clients from connecting to a 1000 series device. You will need to downgrade your firewalls or all clients to 4.7 Anyconnect. The bug CSCvs9189 is a brand new bug and I have been told it should be fixed it 6.4.0.9. There is a possibility they will release a hot fix as well since its critical. This bug affects the newly released 6.6 as well. So I would not rush to upgrade.<BR /> Wed, 15 Apr 2020 14:10:07 GMT https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4066419#M1069200 thaknownone 2020-04-15T14:10:07Z https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4066431#M1069201 <P>6.6 has ASA version as 9.14(1.1)</P> <P>Source:</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html</A></P> <P>&nbsp;</P> <P>According release notes of 9.14.1</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/release/notes/asarn914.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/release/notes/asarn914.html</A></P> <P>Defect CSCvs91869 is fixed, the name is different but the ID is same.</P> <P>You can ignore that, as the bug was recently modified.</P> <P>&nbsp;</P> <P>So in short CSCvs91869 is fixed in 6.6</P> <P>&nbsp;</P> <P>HTH</P> <P>Chakshu</P> Wed, 15 Apr 2020 14:24:42 GMT https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4066431#M1069201 Chakshu Piplani 2020-04-15T14:24:42Z https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4066438#M1069202 I reviewed the email I received from TAC and you are correct. I misread it the first time. 6.6 does have the fix so you could upgrade to that if you wanted.<BR /> Wed, 15 Apr 2020 14:30:07 GMT https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4066438#M1069202 thaknownone 2020-04-15T14:30:07Z https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4070825#M1069364 <P>Hi, did you get a resolution from Cisco on this?</P> Tue, 21 Apr 2020 19:49:11 GMT https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4070825#M1069364 ryan14 2020-04-21T19:49:11Z https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4073045#M1069465 <P>I too have the same issue but my hardware is ASA-5585-X.</P><P>As per TAC "<STRONG><EM>FTD has a lina engine so most of the defects that apply to the lina engine(ASA) would apply to the FTD</EM></STRONG>" so the same bug-id would be applicable in this case as well.</P><P>I have asked TAC to link my ASA's software code 9.6(4)34 to this bug-id, but they suggested to subscribe to the bug notification instead.</P><P>&nbsp;</P> Fri, 24 Apr 2020 06:30:33 GMT https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4073045#M1069465 gyanendrasingh 2020-04-24T06:30:33Z https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4082988#M1070067 <P>The fix I received from Cisco to resolve the bug for this particular thread while maintaining use of AnyConnect 4.8 is to upgrade to 6.6.0.</P> Mon, 11 May 2020 03:31:59 GMT https://community.cisco.com/t5/network-security/cisco-firepower-1120-crypto-random-number-generator-error/m-p/4082988#M1070067 mgomez 2020-05-11T03:31:59Z