Updating AnyConnect/Secure Client with ASA - Not Working

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-23-2024 03:06 AM - edited 06-24-2024 12:21 AM
I am trying to update AnyConnect to Cisco Secure Client with the ASA.
Whenever I put a AnyConnect/Secure Client on the ASA that is newer than the one currently installed on the end devices, the Client fails to connect - 'The VPN Client failed to establish a connection'
I have looked in the logs but the behaviour seems quite normal.
I have attached a copy of the Client Profile, and the ASA config. - I added the client profile as word doc as there was an error when i added as txt file.
Is there any config missing? Have I got something wrong?
Many thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-24-2024 10:58 AM - edited 06-24-2024 11:00 AM
Your client profile has IPsec as the primary protocol. Is that enabled in the ASA with a "crypto ikev2 enable outside" or similar command?
Also, if you are trying to update from the ASA, you need to turn on SSL/TLS and enable client services to allow the update to happen. You cannot update clients' software if only IPsec is enabled.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2024 02:21 AM
Hi Marvin,
Thanks for your reply
Just to confirm - Is it this that needs to be enabled on the Tunnel Group?
I guess this is linked to the group policy, so I could tick this here?
Many thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2024 02:47 AM
Is this what you mean?
The connection to the VPN fails whenever I add an image that is newer than the one we have on the end device
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2024 10:04 AM
@is.infrastructure1 correct. If there is a newer client pending on the ASA, it will try to update but without client services (which require SSL/TLS) the update will fail and prevent the connection.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2024 02:32 AM
3DES/AES encryption license need to activate I guess
MHM
