cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4171
Views
7
Helpful
15
Replies

Upgrade Cisco AnyConnect to Secure Client

kakada Atada
Level 1
Level 1

Dear Community,

We are using AnyConnect version 4.XX.XX

We plan to upgrade from old current version to new Secure Client.

There are four latest version of Secure client version ( 5.0.04032, 5.0.03076, 5.0.03072, 5.0.02075 ).

Please kindly recommend which suitable Secure client we can upgrade to?

using SCCM to deploy agent.

Note: We use Win10 and Win11

Thanks for your supporting and advise.

 

Kakada Sao
1 Accepted Solution

Accepted Solutions

james.king14
Level 1
Level 1
Good Morning,



We were able to push out 5.0.04032 using the SCCM with success. At this
point we are not going to try the others. Believe me it was a task! There
are certain GPO’s changes we had to make.

View solution in original post

15 Replies 15

balaji.bandi
Hall of Fame
Hall of Fame

if i were you i always want to go latest stable version by reading the release notes and compatible with your Gateway :

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/Cisco-Secure-Client-5/release/notes/release-notes-cisco-secure-client-5-0.html

Note : first i would install manually on the test clients and test all working as expected before role out mass using SCCM.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks for your commend.

Kakada Sao

Yup no reason not to use the latest here.

james.king14
Level 1
Level 1
Good Morning,



We were able to push out 5.0.04032 using the SCCM with success. At this
point we are not going to try the others. Believe me it was a task! There
are certain GPO’s changes we had to make.

good to know . hope all good ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Cool

Kakada Sao

During upgrade vai SCCM, we have challenge one things on adding MAC address manaully to client provision. That's the quit challenge for. Hence, could you share your experiences with that?
Remark: In our environment we have around 8K endpoints and the impact is sensitive. So we need to rollout scope by scope.

@sot01 what do you mean regarding "adding MAC address manaully to client provision"? An endpoint MAC address is not part of an AnyConnect / Secure Client configuration.

Hello @Marvin Rhoads,

Thanks your for your comment.
Our environment have thousand of end points up to 8K. So, the progress of upgrade agent is take times. We need to upgrade phase by phase like 1K endpoints per time. By this if we don't use client provision and set with MAC addresss to scope that numbers. How we could do to archieve that based on your experiences?

Active Directory groups? What do you mean you don’t use Client Provisioning Portal? Could you use SCCM or your package/installation manager/MDM of choice?

Hello @ahollifield
Kindly fine here.

Current status as below:

We are using Anyconnect version running on 4.XX.XX, with client provisioning setting set to this version and identity group is any.
Objective:
. We would need to upgrade to anyconnect version to secure x version (5), with specific scope of endpoint only (1K endpoints per phase).

. Deployment method, we planned to use SCCM (We already clear for this).
. Client provisioning setting - Unknow (We don't know how to configure or setting on client provisioning).

Could you advise on this? How we could configure or define it phase by phase like we mentioned?

When we want to do that with SCCM, we just create a group associated with an OU that we place the upgrade candidates into. Divide your computers into however many batches you like and put them all in the target group a batch at a time. No need to sort on MAC addresses - just use computer names.

Hello @Marvin Rhoads,

Let me share our

Current status as below:
We are using Anyconnect version running on 4.XX.XX, with client provisioning setting set to this version and identity group is any.
Objective:
. We would need to upgrade to anyconnect version to secure x version (5), with specific scope of endpoint only (1K endpoints per phase).

. Deployment method, we planned to use SCCM (We already clear for this).
. Client provisioning setting - Unknow (We don't know how to configure or setting on client provisioning).

Could you advise on this? How we could configure or define it phase by phase like we mentioned?

@sot01 when you say "...client provisioning setting set to this version and identity group is any", what system are you referring to? These are not AnyConnect settings.