Re: upgraded to 9.12.4 - VPN address assignment error

Stevej72 · ‎11-19-2021

Has anyone had any issue after upgrading an ASA to 9.12.4? I upgraded from 9.6(4)3.

AnyConnect VPN users received the following error:

"The secure gateway has rejected the connection attempt, No assigned address"

VPN and AnyConnect, VPN

ASA# show run all vpn-addr-assign
vpn-addr-assign aaa
no vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 0

Did not have a long maintenance window so rolled back to 9.6 and VPN began working again.

Thanks

balaji.bandi · ‎11-19-2021

After roleback work as expected ? then after upgrade i remove DHCP config and reconfigure and check.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Stevej72 · ‎11-19-2021

Correct after rollback everything worked as expected .

Also I forgot to mention this uses a local pool for address. So far TAC has no idea but trying to find a solution before upgrading again in production.

balaji.bandi · ‎11-19-2021

As I have mentioned I can not recall I have faced this before, after the upgrade takes more downtime this time, remove the DHCP Pool, and re-configure and test it.

make sure you take the config old out of the box. after the upgrade take the backup and compare see any syntax changed in the config.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Mohammed al Baqari · ‎11-20-2021

Hi,

Couple of things you want to check on next time.:

- Was the the ip pool present on asa (show run | i pool).
- are you doing any hostscan or dap checks.
- are you doing any ldap or radius authorization
- debug webvpn anyconnect to see what's going on.

**** please remember to rate useful posts