03-01-2023 02:17 AM
Hello everybody,
I upgraded our customer's ASA5555 cluster from 9.14(3)15 ---> 9.14(4)22.
The upgrade procedure was without issues.
After the upgrade the customer called me and told me that all AnyConnect
logins were impossible.
I compared the configuration before and after the upgrade and saw that
all IP pools and the references in the tunnel groups to theses pools were
missing:
...
ip local pool pool4inos 10.10.129.60 mask 255.255.255.255 (missing)
ip local pool pool4erne 10.10.129.52-10.10.129.55 mask 255.255.255.255 (missing)
ip local pool pool4mis 10.10.129.64-10.10.129.127 mask 255.255.255.255 (missing)
...
tunnel-group vpn4inos general-attributes
address-pool pool4inos (missing)
...
tunnel-group vpn4erne general-attributes
address-pool pool4erne (missing)
...
tunnel-group vpn4sws general-attributes
address-pool pool4admin (missing)
...
I guess that the syntax for the IP Pools was changed from the old to the
new release and so the lines were deleted.
I had no time for troubleshooting and downgraded the cluster and
regenerated these lines and AnyConnect worked again.
I would expect such information in the release notes to prevent such
"surprises". I ask myself how tested Cisco the new release(?)
The customer is a hospital ...
Please explain how we can prevent such problems in the future.
Thanks a lot!
Bye
R.