Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10809
Views
0
Helpful
3
Replies

Cisco AnyConnect VPN Login Fails with No Obvious Error

maliseet
Level 1
Level 1

‎11-13-2019 07:01 AM

Some background: we recently had a power outage that lasted longer than the battery backup could handle. When the power came back on, what would happen is this: We’d try connecting to the Cisco ASA’s (5508-X). When prompted to enter username/password/2nd password, we enter the correct credentials, but the login prompt just cycles back to empty username/password/2nd password fields, over and over again.

We rebuilt the connection profile based off of these directions (Cisco ASA SSL VPN for Browser and AnyConnect | Duo Security). We even get to the point of testing the setup as instructed under Add the Duo LDAP Server. Sure enough, we get a push notification and the test passes. But to get the actual login to work keeps doing the same thing over and over again.

I’ve checked the AD server’s Security log, in case there was, in fact, a login error. The security audit log shows nothing but a successful authentication via the AnyConnect app to Active Directory.

The syslog on the ASA device shows the device completes the SSL handshake for a TLS v1.2 session…then immediately disconnects with zero explanation why.

I’m stumped. Any help would be greatly appreciated.

Thanks in advance!

Labels:
0 Helpful
3 Replies 3

DuoKristina
Cisco Employee
Cisco Employee

‎11-27-2019 08:26 AM

Do you get the Duo Push notification when you try the actual VPN login (assuming you enter push) as the second password?

Did you try the real-time log viewer in ASDM with the log level set to “Debugging” as mentioned here: https://help.duo.com/s/article/1143?

Please contact Duo Support for in-depth troubleshooting assistance.

Duo, not DUO.
0 Helpful

maliseet
Level 1
Level 1

‎12-02-2019 04:13 AM

“Do you get the Duo Push notification” No. Even using the 6-digit number instead of ‘push’ for the second password doesn’t work. The only time I get a ‘push’ notification is during the testing phase as noted above.

“Did you try the real-time log viewer in ASDM with the log level set to ‘Debugging’” Yes. It shows a successful SSL handshake, then immediately disconnects with no obvious reason why. Unless there’s a debugging level more detailed than “Debugging,” I don’t know how else to find out what’s wrong. I am filtering the log to syslog events 75xxxx (which is supposed to be VPN events). Unless there’s some other group of events I’m supposed to be looking for.

Thanks!

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to maliseet

‎12-02-2019 08:20 AM

Please contact Duo Support for in-depth troubleshooting assistance.

This Community site is not a support forum.

Duo, not DUO.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents