Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2037
Views
0
Helpful
1
Replies

AnyConnect - DART - duid is not unique per device

Go to solution
Jerome BERTHIER
Level 1
Level 1

‎05-29-2020 01:49 AM - edited ‎05-29-2020 02:12 AM

Hi,

 

I'm looking for accurate documentation on how the AnyConnect duid is generated.

If I look at DART cli options, there is two ways to print the uid of a device :

-u, -udid
Display global unique device identifier information.

-ul, -udid_legacy
Display unique device identifier(legacy) information.


But It seems that it is NOT a unique device identifier on Linux systems.

I do retreive the same id on three differents devices under differents local users and differents Linux OS (Fedora 31, Ubuntu 18.04).

Those devices were not cloned. They were installed from scratch at differents dates.

 

Looking at this documentation, the udid should be unique.

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect48/administration/guide/b_AnyConnect_Administrator_Guide_4-8.pdf

 

An option to generate a new udid exists only for Windows.

 

So does anyone know how these ids are generated ?

It seems that it is not safe to use it under an authorize policy on the ASA.

 

I'm going to open a case about this issue.

 

Thank you

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jerome BERTHIER
Level 1
Level 1

‎11-10-2020 06:22 AM

Hi

I reported the issue to the TAC this summer :

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu65566

 

It has been fixed in version 4.9.01095 or later.

Deploying this release or later using auto update can set to a connection error once after upgrade :

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/release/notes/release-notes-anyconnect-4-9.html#Cisco_Reference.dita_f3e6b845-9e69-4679-b15a-abc9126d6dfb

 

Regards

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jerome BERTHIER
Level 1
Level 1

‎11-10-2020 06:22 AM

Hi

I reported the issue to the TAC this summer :

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu65566

 

It has been fixed in version 4.9.01095 or later.

Deploying this release or later using auto update can set to a connection error once after upgrade :

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/release/notes/release-notes-anyconnect-4-9.html#Cisco_Reference.dita_f3e6b845-9e69-4679-b15a-abc9126d6dfb

 

Regards

0 Helpful
Customers Also Viewed These Support Documents