Cisco AnyConnect VPN Login Fails with No Obvious Error

Some background: we recently had a power outage that lasted longer than the battery backup could handle. When the power came back on, what would happen is this: We’d try connecting to the Cisco ASA’s (5508-X). When prompted to enter username/password/2nd password, we enter the correct credentials, but the login prompt just cycles back to empty username/password/2nd password fields, over and over again.

We rebuilt the connection profile based off of these directions (Cisco ASA SSL VPN for Browser and AnyConnect | Duo Security). We even get to the point of testing the setup as instructed under Add the Duo LDAP Server. Sure enough, we get a push notification and the test passes. But to get the actual login to work keeps doing the same thing over and over again.

I’ve checked the AD server’s Security log, in case there was, in fact, a login error. The security audit log shows nothing but a successful authentication via the AnyConnect app to Active Directory.

The syslog on the ASA device shows the device completes the SSL handshake for a TLS v1.2 session…then immediately disconnects with zero explanation why.

I’m stumped. Any help would be greatly appreciated.

Thanks in advance!

Do you get the Duo Push notification when you try the actual VPN login (assuming you enter push) as the second password?

Did you try the real-time log viewer in ASDM with the log level set to “Debugging” as mentioned here: https://help.duo.com/s/article/1143?

Please contact Duo Support for in-depth troubleshooting assistance.

“Do you get the Duo Push notification” No. Even using the 6-digit number instead of ‘push’ for the second password doesn’t work. The only time I get a ‘push’ notification is during the testing phase as noted above.

“Did you try the real-time log viewer in ASDM with the log level set to ‘Debugging’” Yes. It shows a successful SSL handshake, then immediately disconnects with no obvious reason why. Unless there’s a debugging level more detailed than “Debugging,” I don’t know how else to find out what’s wrong. I am filtering the log to syslog events 75xxxx (which is supposed to be VPN events). Unless there’s some other group of events I’m supposed to be looking for.

Thanks!

Please contact Duo Support for in-depth troubleshooting assistance.

This Community site is not a support forum.