Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1230
Views
4
Helpful
5
Replies

Anyconnect not working after ASA update

Go to solution
matthew2587
Level 1
Level 1

‎02-23-2024 05:35 PM

We just upgraded the software on our ASA. Everything went fine, site-to-site's came up and internet connectivity was fine. However, our Anyconnect is not working anymore. We have had 2 different errors, the first was something along the lines of "Authentication error", but now the error is "Failed to generate SAML AuthnRequest."

I feel like there is an easy solution, but we were not able to figure it out so I am asking here.

Thank you.

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
matthew2587
Level 1
Level 1

‎02-26-2024 08:41 AM

We got it figured out, I think this occurred when we downgraded that firmware back to the original version. 

In the webvpn config, the ASA lost the command "trustpoint sp *certificate*". Once we configured it again, Anyconnect started working again. 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
marce1000
VIP
VIP

‎02-23-2024 11:08 PM

 

             - FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq82519

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Ruben Cocheno
Spotlight
Spotlight

‎02-24-2024 03:50 AM - edited ‎02-24-2024 04:05 AM

@matthew2587 

You might have lost trustpoint during the upgrade, renegerate the trustpoint used for SAML. But noticed that a buf matches that description, which can be related to a Tunnel-group Name that does have spaces.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

Go to solution
matthew2587
Level 1
Level 1
In response to Ruben Cocheno

‎02-24-2024 05:59 AM

None of our tunnel-groups have spaces, some have IP addresses as names, but the anyconnect group is "CLIENTVPN" as the name. Can you help me with how to regen the trustpoint for SAML?

I also will add that we downgraded the ASA version back to the working version and that is when the error seemed to switch to the SAML one.

Go to solution
matthew2587
Level 1
Level 1

‎02-26-2024 05:54 AM

Anyone else have any thoughts? I think we are going to get a contractor here soon.

0 Helpful

Go to solution
matthew2587
Level 1
Level 1

‎02-26-2024 08:41 AM

We got it figured out, I think this occurred when we downgraded that firmware back to the original version. 

In the webvpn config, the ASA lost the command "trustpoint sp *certificate*". Once we configured it again, Anyconnect started working again. 

0 Helpful
Customers Also Viewed These Support Documents