cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
776
Views
1
Helpful
5
Replies

Updating AnyConnect/Secure Client with ASA - Not Working

I am trying to update AnyConnect to Cisco Secure Client with the ASA. 

Whenever I put a AnyConnect/Secure Client on the ASA that is newer than the one currently installed on the end devices, the Client fails to connect - 'The VPN Client failed to establish a connection'

I have looked in the logs but the behaviour seems quite normal.

I have attached a copy of the Client Profile, and the ASA config. - I added the client profile as word doc as there was an error when i added as txt file. 

Is there any config missing? Have I got something wrong?

Many thanks

5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

Your client profile has IPsec as the primary protocol. Is that enabled in the ASA with a "crypto ikev2 enable outside" or similar command?

Also, if you are trying to update from the ASA, you need to turn on SSL/TLS and enable client services to allow the update to happen. You cannot update clients' software if only IPsec is enabled.

https://community.cisco.com/t5/security-knowledge-base/configuring-ipsec-ikev2-remote-access-vpn-with-cisco-secure/ta-p/4485165

Hi Marvin,

Thanks for your reply

Just to confirm - Is it this that needs to be enabled on the Tunnel Group?

isinfrastructure1_0-1719307188192.png

I guess this is linked to the group policy, so I could tick this here? 

isinfrastructure1_1-1719307263011.png

Many thanks

Hi @Marvin Rhoads 

Is this what you mean? 

isinfrastructure1_0-1719481590186.png

The connection to the VPN fails whenever I add an image that is newer than the one we have on the end device 

Thanks 

@is.infrastructure1 correct. If there is a newer client pending on the ASA, it will try to update but without client services (which require SSL/TLS) the update will fail and prevent the connection.

3DES/AES  encryption license need to activate I guess 
MHM

Review Cisco Networking for a $25 gift card