Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3077
Views
20
Helpful
3
Replies

Running different version of AnyConnect, client automatically updating

Go to solution
Anthony O'Reilly
Level 3
Level 3

‎10-07-2021 02:19 AM

Hi,

 

I have the following scenario.

 

The policy rules are still in testing but when the laptop authenticates and is authorised successfully, it downloads the 4.10.02086 version of AnyConnect. I don't want this.

 

I want the laptops to have 4.8.03036 which is already installed and desktops to have 4.10.02086 which is already installed.

 

I don't want the laptop to upgrade the client from 4.8.03036 to 4.10.02086. I know this is an old version but it will be upgraded as part of another project.

 

Table below is a high level summary of what we are doing:

 

Device

Wireless/Wired

AnyConnect Version

Compliance Module

Policy

Identity Groups

Laptop

Wireless

4.8.03036

4.3.1453.6145

Use existing policy

None

Laptop

Wired

4.8.03036

4.3.1453.6145

Need new policy that looks at only laptops on the LAN that doesn't conflict with desktops

None

Desktop

Wired

4.10.02086

4.3.2336.6145

Need new policy that looks at desktops on the LAN and it doesn't conflict with laptopsNone

 

Thanks

Anthony.

2 Accepted Solutions

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎10-07-2021 05:27 AM

For this issue you need to test/focus on your CPP (client provisioning policies).  You need to setup two separate ones (one for the 4.8 clients and one for the 4.10 clients).  Also, create 2 separate AnyConnect Configuration profiles (Policy->Policy Elements->Results->Client Provisioning->Resources).  Then assign each respective one as the result in the CPP.  Ensure that the clients are steered to the proper one.  This will eliminate the auto upgrade of the 4.8.x clients.  HTH!

View solution in original post

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎10-10-2021 11:34 PM

Hi @Anthony O'Reilly,

Next to what @Mike.Cifelli mentioned, you could also add option on your existin Client Provisioning Configuration option to  defer update. You would create new configuration, for new 4.10 version, and then activate defer option in order not to update clients with 4.8 version.

BR,

Milos

View solution in original post

3 Replies 3

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎10-07-2021 05:27 AM

For this issue you need to test/focus on your CPP (client provisioning policies).  You need to setup two separate ones (one for the 4.8 clients and one for the 4.10 clients).  Also, create 2 separate AnyConnect Configuration profiles (Policy->Policy Elements->Results->Client Provisioning->Resources).  Then assign each respective one as the result in the CPP.  Ensure that the clients are steered to the proper one.  This will eliminate the auto upgrade of the 4.8.x clients.  HTH!

Go to solution
Anthony O'Reilly
Level 3
Level 3
In response to Mike.Cifelli

‎10-12-2021 08:52 AM

Hi @Mike.Cifelli @Milos_Jovanovic I used two CCPs and two different AD groups and it worked a treat. As it turns out the laptop was in the desktop and laptop AD groups. All working as expected now.

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎10-10-2021 11:34 PM

Hi @Anthony O'Reilly,

Next to what @Mike.Cifelli mentioned, you could also add option on your existin Client Provisioning Configuration option to  defer update. You would create new configuration, for new 4.10 version, and then activate defer option in order not to update clients with 4.8 version.

BR,

Milos

Customers Also Viewed These Support Documents
Top