Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
806
Views
5
Helpful
5
Replies

ASA Config "Changed" When Users Log-in to VPN

Go to solution
Matthew Martin
Level 5
Level 5

‎06-15-2018 09:31 AM - edited ‎03-12-2019 05:22 AM

Hello All,

 

ASA: v9.4(1)

ASDM: v7.4(1)

AnyConnect: 4.5.04029

 

While I am logged into the ASDM, and then a user logs into VPN from their AnyConnect client, I receive a Pop-up message stating: "Changes were made to the running configuration via the CLI or by another ASDM user that are not current visible in ASDM..."

 

Screenshot of Pop-Up in ASDM:

ASDM_Message.png

 

Is this normal behavior?

 

I can reproduce the pop-up message if I'm on ASDM on my PC and then on another PC I log into VPN with AnyConnect, and after I am authenticated on the other PC I receive that pop-up message in the ASDM instantly.

 

Thanks in Advance,

Matt

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to Matthew Martin

‎06-18-2018 12:48 PM

Pretty sure that's what is causing this. There is a bug detailing the exact same scenario:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy48004/?rfs=iqvred

Fixed in ASA 9.6(2) or 9.7(1)

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni

‎06-18-2018 05:12 AM - edited ‎06-18-2018 05:12 AM

Hi Matt,

 

No this is not normal, you should get the notifications only when somebody modified the configuration.

It is probably a asdm or java bug, try to upgrade both of them.

 

HTH

Bogdan

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎06-18-2018 06:28 AM

Maybe a DACL is getting pushed to the ASA during Anyconnect connection? That might cause a new dynamically named ACL to show up in the config every time.

Go to solution
Matthew Martin
Level 5
Level 5
In response to Rahul Govindan

‎06-18-2018 08:27 AM

Hey Rahul, thanks for the reply.

We have Cisco ISE integrated with the ASA for VPN access. And we are doing CoA for when clients authenticate and become compliant, then they receive a dACL from ISE. So maybe that's why?

Thanks Again,
Matt
0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to Matthew Martin

‎06-18-2018 12:48 PM

Pretty sure that's what is causing this. There is a bug detailing the exact same scenario:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy48004/?rfs=iqvred

Fixed in ASA 9.6(2) or 9.7(1)

 

0 Helpful

Go to solution
Matthew Martin
Level 5
Level 5
In response to Rahul Govindan

‎06-18-2018 02:00 PM

Hey Rahul, thanks again for the reply, very much appreciated!

Ok, that does sound like its the same problem. Our version is only slightly different, but close enough. ASA v9.4(1) and ASDM v7.4(1).

Thanks Again,
Matt
0 Helpful
Customers Also Viewed These Support Documents