06-23-2024 03:06 AM - edited 06-24-2024 12:21 AM
I am trying to update AnyConnect to Cisco Secure Client with the ASA.
Whenever I put a AnyConnect/Secure Client on the ASA that is newer than the one currently installed on the end devices, the Client fails to connect - 'The VPN Client failed to establish a connection'
I have looked in the logs but the behaviour seems quite normal.
I have attached a copy of the Client Profile, and the ASA config. - I added the client profile as word doc as there was an error when i added as txt file.
Is there any config missing? Have I got something wrong?
Many thanks
06-24-2024 10:58 AM - edited 06-24-2024 11:00 AM
Your client profile has IPsec as the primary protocol. Is that enabled in the ASA with a "crypto ikev2 enable outside" or similar command?
Also, if you are trying to update from the ASA, you need to turn on SSL/TLS and enable client services to allow the update to happen. You cannot update clients' software if only IPsec is enabled.
06-25-2024 02:21 AM
Hi Marvin,
Thanks for your reply
Just to confirm - Is it this that needs to be enabled on the Tunnel Group?
I guess this is linked to the group policy, so I could tick this here?
Many thanks
06-27-2024 02:47 AM
Is this what you mean?
The connection to the VPN fails whenever I add an image that is newer than the one we have on the end device
Thanks
06-27-2024 10:04 AM
@is.infrastructure1 correct. If there is a newer client pending on the ASA, it will try to update but without client services (which require SSL/TLS) the update will fail and prevent the connection.
06-25-2024 02:32 AM
3DES/AES encryption license need to activate I guess
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide