Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
529
Views
4
Helpful
6
Replies

Bypass Client Provisioning Policy when upgrade Cisco agent failed

Da ICS16
Level 1
Level 1

‎01-22-2024 06:33 AM - last edited on ‎01-22-2024 06:45 AM by Cisco Employee

Dear Community,

We are planning to upgrade Cisco Any Connect agent 4.x to Secure Client 5.x

We will deploy new Secure Client 5.x through SCCM server ( purpose deploy 300 PCs per time ).

We want to ensure no any impact with all PCs are installed Any Connect 4.x even we scope deploy new agent phase by phase.

How could be done to ensure on ISE CPP no any impact to all endpoints?

- PCs are installed Anyconnect 4.x should work with ISE CPP which defined 4.x

- new PCs just upgrade to new Secure Client 5.x should work with ISE CPP which define 5.x

Remark: In case upgrade to new Secure Client agent failed. Do we have any bypass? to ensure no impact to PCs installed AnyConnect 4.x

Thanks,

0 Helpful
6 Replies 6

ahollifield
VIP
VIP

‎01-22-2024 09:59 AM - edited ‎01-22-2024 09:59 AM

You can add the failed PC(s) to a Endpoint Identity Group and then make sure that Endpoint Identity Group is not subject to the posture requirements/policy.  

Also - why not also push the updated Secure Client 5.0 packages from ISE?

Da ICS16
Level 1
Level 1
In response to ahollifield

‎01-22-2024 06:45 PM

why not also push the updated Secure Client 5.0 packages from ISE?

- We have thousand on endpoint PCs. We have to mitigate the impact when perform upgrade to new agent version.

Our environments use SCCM to deploy any applications. So we need to deploy upgrade phase by phase.

Could you help to share best practice for this upgrade agent to ensure no any impact on ISE and client PCs?

How to push the updated Secure Client 5.0 packages from ISE?

 

Best regards,

0 Helpful

Aref Alsouqi
VIP
VIP

‎01-22-2024 02:41 PM - edited ‎01-22-2024 02:42 PM

I would recommend updating ISE packages with the right version before going with the client upgrades.

Da ICS16
Level 1
Level 1
In response to Aref Alsouqi

‎01-22-2024 06:47 PM

Dear @Aref Alsouqi ,

 

Could you please recommend the suitable Secure Client version?

Note: We use ISE 3.1 and plan to test with Secure Client 5.0.04032

Thanks,

0 Helpful

ahollifield
VIP
VIP
In response to Da ICS16

‎01-23-2024 04:51 AM

Why not Secure Client 5.1?

0 Helpful

Aref Alsouqi
VIP
VIP

‎01-23-2024 01:59 AM

I would personally go with the latest compliance module which is supported on AnyConnect 4.3+ anyway.

Software Download - Cisco Systems

Customers Also Viewed These Support Documents