Re: Anny Connect connection Failuer (CTM Error)

vishaw jasrotia · ‎03-26-2020

Hi All,

We are using Anyconnect SSL vpn in our setup. But as the number of session are increasing, it starts dropping at the firewall. When we debugged the asp drops it shows

ctm-error.

Attaching the log for reference. Check the connection between 182.64.73.214 > 196.1.111.161 > port 443

CTM returned error: ( as per information available on Cisco )
This counter will increment when the appliance attempts to perform a crypto operation on a packet and the crypto operation fails. This is not a normal condition and could indicate possible software or hardware problems with the appliance.

Please help in debugging the issue.

Thanks

Cristian Matei · ‎03-26-2020

Hi,

How many such drops do you have, look at "show asp drop". You could also hit some bugs, like this one for example. What software version are you using on the ASA? I would recommend to upgrade to 9.8.4 (latest interim version) or 9.12.3 (latest interim version), reload and see if you still get such messages.

Regards,

Cristian Matei.

vishaw jasrotia · ‎03-26-2020

Thanks Cristian. Our current version is 9.5

vishaw jasrotia · ‎03-26-2020

Hi

I have generated the DART file. Please check if you can get some information from that.

Cristian Matei · ‎03-26-2020

Hi,

If the session doesn't get disconnected, there are only some drops on the ASA side, i don't see how DART could be useful. Upgrade and let's see the upcoming behaviour.

Regards,

Cristian Matei.