02-10-2020 04:48 AM
Hi All
We have been having continuous issues with the Firepower 1120 firewalls at one of our sites.
Basically when we see the above error in the logs it takes anywhere from a few days to a few weeks before the anyconnect services fail - forcing us to reload the firewall. The TAC team advised us to upgrade the code levels which did not make a difference,
Sometimes this error appears 100K + times a day in the FTD log prior to requiring a reload . We have just opened a new case for this issue.
Browsing the cisco forums it appears this may be a hardware issue.
Just want to know if anyone else has experience this issue? And what did you do to get it resolved?
03-18-2020 11:18 AM
I also have this problem. Two customers are having issues with Anyconnect not working after around the two week mark. Just performing a failover will resolve the issue. I have a TAC case created and I am working with them on that. This bug has occurred on a 1010 and a 1120 on 6.4.0.6-6.4.0.8 code. I say bug because I have a strong feeling that it is a bug but I do not have a bug ID yet.
04-06-2020 06:56 AM
Hi,
This might be due to defect CSCvs91869.
04-15-2020 06:32 AM
@Chakshu Piplani I have a related problem however my AnyConnect clients are able to still establish a VPN connection.
I have an HA pair of 1140 FTDs and my issue I see is just a random failure of one of the HA pairs and a restart of that 1140.
I am getting the error CRYPTO: Random Number Generator error however I am also running AnyConnect 4.8 which is affected by bug CSCvs40531 and is not fixed until release 6.4.0.8 or 6.5.0.3 however both of those builds don't address this other bug CSCvs91869 as what you have pointed out.
I am being told that 6.6.0 will address both bugs CSCvs40531 and CSCvs91869 however CSCvs91869 is not listed as a resolved bug in the release notes.
Can you confirm?
04-15-2020 07:10 AM
04-15-2020 07:24 AM
6.6 has ASA version as 9.14(1.1)
Source:
https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html
According release notes of 9.14.1
https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/release/notes/asarn914.html
Defect CSCvs91869 is fixed, the name is different but the ID is same.
You can ignore that, as the bug was recently modified.
So in short CSCvs91869 is fixed in 6.6
HTH
Chakshu
04-15-2020 07:30 AM
04-21-2020 12:49 PM
Hi, did you get a resolution from Cisco on this?
05-10-2020 08:31 PM
The fix I received from Cisco to resolve the bug for this particular thread while maintaining use of AnyConnect 4.8 is to upgrade to 6.6.0.
04-23-2020 11:30 PM
I too have the same issue but my hardware is ASA-5585-X.
As per TAC "FTD has a lina engine so most of the defects that apply to the lina engine(ASA) would apply to the FTD" so the same bug-id would be applicable in this case as well.
I have asked TAC to link my ASA's software code 9.6(4)34 to this bug-id, but they suggested to subscribe to the bug notification instead.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide