We have been having continuous issues with the Firepower 1120 firewalls at one of our sites.
Basically when we see the above error in the logs it takes anywhere from a few days to a few weeks before the anyconnect services fail - forcing us to reload the firewall. The TAC team advised us to upgrade the code levels which did not make a difference,
Sometimes this error appears 100K + times a day in the FTD log prior to requiring a reload . We have just opened a new case for this issue.
Browsing the cisco forums it appears this may be a hardware issue.
Just want to know if anyone else has experience this issue? And what did you do to get it resolved?
I also have this problem. Two customers are having issues with Anyconnect not working after around the two week mark. Just performing a failover will resolve the issue. I have a TAC case created and I am working with them on that. This bug has occurred on a 1010 and a 1120 on 220.127.116.11-18.104.22.168 code. I say bug because I have a strong feeling that it is a bug but I do not have a bug ID yet.
@Chakshu Piplani I have a related problem however my AnyConnect clients are able to still establish a VPN connection.
I have an HA pair of 1140 FTDs and my issue I see is just a random failure of one of the HA pairs and a restart of that 1140.
I am getting the error CRYPTO: Random Number Generator error however I am also running AnyConnect 4.8 which is affected by bug CSCvs40531 and is not fixed until release 22.214.171.124 or 126.96.36.199 however both of those builds don't address this other bug CSCvs91869 as what you have pointed out.
I am being told that 6.6.0 will address both bugs CSCvs40531 and CSCvs91869 however CSCvs91869 is not listed as a resolved bug in the release notes.
Can you confirm?
6.6 has ASA version as 9.14(1.1)
According release notes of 9.14.1
Defect CSCvs91869 is fixed, the name is different but the ID is same.
You can ignore that, as the bug was recently modified.
So in short CSCvs91869 is fixed in 6.6
I too have the same issue but my hardware is ASA-5585-X.
As per TAC "FTD has a lina engine so most of the defects that apply to the lina engine(ASA) would apply to the FTD" so the same bug-id would be applicable in this case as well.
I have asked TAC to link my ASA's software code 9.6(4)34 to this bug-id, but they suggested to subscribe to the bug notification instead.