cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1172
Views
4
Helpful
5
Replies

Anyconnect not working after ASA update

matthew2587
Level 1
Level 1

We just upgraded the software on our ASA. Everything went fine, site-to-site's came up and internet connectivity was fine. However, our Anyconnect is not working anymore. We have had 2 different errors, the first was something along the lines of "Authentication error", but now the error is "Failed to generate SAML AuthnRequest."

I feel like there is an easy solution, but we were not able to figure it out so I am asking here.

Thank you.

1 Accepted Solution

Accepted Solutions

matthew2587
Level 1
Level 1

We got it figured out, I think this occurred when we downgraded that firmware back to the original version. 

In the webvpn config, the ASA lost the command "trustpoint sp *certificate*". Once we configured it again, Anyconnect started working again. 

View solution in original post

5 Replies 5

marce1000
VIP
VIP

 

             - FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq82519

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Ruben Cocheno
Spotlight
Spotlight

@matthew2587 

You might have lost trustpoint during the upgrade, renegerate the trustpoint used for SAML. But noticed that a buf matches that description, which can be related to a Tunnel-group Name that does have spaces.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

None of our tunnel-groups have spaces, some have IP addresses as names, but the anyconnect group is "CLIENTVPN" as the name. Can you help me with how to regen the trustpoint for SAML?

I also will add that we downgraded the ASA version back to the working version and that is when the error seemed to switch to the SAML one.

matthew2587
Level 1
Level 1

Anyone else have any thoughts? I think we are going to get a contractor here soon.

matthew2587
Level 1
Level 1

We got it figured out, I think this occurred when we downgraded that firmware back to the original version. 

In the webvpn config, the ASA lost the command "trustpoint sp *certificate*". Once we configured it again, Anyconnect started working again.