Some background: we recently had a power outage that lasted longer than the battery backup could handle. When the power came back on, what would happen is this: We’d try connecting to the Cisco ASA’s (5508-X). When prompted to enter username/password/2nd password, we enter the correct credentials, but the login prompt just cycles back to empty username/password/2nd password fields, over and over again.
We rebuilt the connection profile based off of these directions (Cisco ASA SSL VPN for Browser and AnyConnect | Duo Security). We even get to the point of testing the setup as instructed under Add the Duo LDAP Server. Sure enough, we get a push notification and the test passes. But to get the actual login to work keeps doing the same thing over and over again.
I’ve checked the AD server’s Security log, in case there was, in fact, a login error. The security audit log shows nothing but a successful authentication via the AnyConnect app to Active Directory.
The syslog on the ASA device shows the device completes the SSL handshake for a TLS v1.2 session…then immediately disconnects with zero explanation why.
I’m stumped. Any help would be greatly appreciated.
Thanks in advance!