by Michael Trantas, Senior Solutions Architect
Cisco has recently released an important field notice regarding its ASA 5500-X Series Adaptive Security Appliance (ASA) systems. The notice states that an ASA software issue can cause the ASA 5500-X security appliance to reboot while AnyConnect two-factor authentication with Duo 2FA is in progress.
Cisco and Duo appear tight-lipped on the technical root cause of the problem, but they have positively identified it as bug in the ASA software, not IOS code. Known affected releases of the ASA 5500-X software include versions 9.7(1) and 9.7(1.4); however, it is possible the bug can exist in earlier versions. Therefore, should an ASA 5500-X unexpectedly reboot when attempting to authentication with an AnyConnect VPN using Duo 2FA, and to mitigate this issue, an upgrade is recommended.
Cisco’s recommendation is to upgrade ASA 5500-X security appliances to ASA software version 9.8.2 or later.
*Please note that you will need a valid Cisco Technical Assistance Center (TAC) account to access the download.
Remember to always have sufficient backups of your current configuration before making any changes and please contact Helient if you require any assistance performing your upgrade.