12-16-2022 08:07 PM
Hi There!
We are currently having a Anyconnect SSL setup with SAML Duo authentification. Everything is working fine on the release 9.12(4)52. However, as soon as we upgrade to 9.12(4)54 or 9.12(4)55, the Anyconnect no longer completes the connection.
I do receive the Duo prompt and I do approve the connection, after that I do have a new browser windows opening and gives me "Bad Request" as the message. If I do close this windows, the VPN disconnects. On MacOS system, the URL seems to point to the tunnel VPN group name (https://vpn.ourdomain.com/+CSCOE+/saml/sp/acs?tgname=DefaultWEBVPNGroup)
I've search within ASDM and the changelog and didn't find anything that could be causing this.
12-17-2022 12:22 AM
what is the reason of upgrade to 9.12(4)54 or 9.12(4)55 - is there any bugs affecting with the current release?
personally - I would roll back to 9.12(4)52 (note 5512 was the end of life all 9.12(4) X are interim only for the security bugs - I do not believe cisco supports any major code upgrades.on this code).
if you looking for support - suggest planning to migrate to Cisco Secure Firewall ( AKA - Firepower )soon.
12-19-2022 06:58 AM
Hi Balaki, thank you for your answer. Honestly, i just wanted to install the latest because I tought it includes security fixes. I've opened a support ticket with Duo also. For the moment, we will stay on the 9.12(4)52. Have a nice day!
12-19-2022 10:23 AM
sure, known good version always better, if no reason to upgrade. that works better.
03-30-2023 11:46 AM
did you ever hear back from duo on the cause? i'm having the same issue with a 5515-x, and with all the vulnerabilities i dont really want to leave it on the previous version.
03-30-2023 06:13 PM
Hi ! We ended opening a support ticket with Cisco. It's a identified bug with no fixes.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc63208
We upgraded our equipement to 5525-x so we don't need this version anymore.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide