Hi,
in our company we have a pair of ASA 5525-X that work in HA cluster as active/standby. They are running ASA version 9.12(3)12. On ASA under VPN profile (Preferences 1) I have disabled Auto-update option (attachment asa_vpn_profile.png) and on user computer under "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\vpn.xml" (attachment client_profile.png) AutoUpdate is also set to false.
I was trying to anyconnect image on ASA from version 4.6.01098 to version 4.10.03104. After changing:
from
webvpn
anyconnect image disk0:/anyconnect-win-4.6.01098-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-macos-4.6.01098-webdeploy-k9.pkg 2
anyconnect image disk0:/anyconnect-linux64-4.6.01098-webdeploy-k9.pkg 3
to
webvpn
anyconnect image disk0:/anyconnect-win-4.10.03104-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-macos-4.10.03104-webdeploy-k9.pkg 2
anyconnect image disk0:/anyconnect-linux64-4.10.03104-webdeploy-k9.pkg 3
and trying to connect to VPN using Anyconnect client version 4.6, client got updated automatically, although in the profile Auto-update feature is set to false.
Am I missing something or this is expected behaviour? Few years ago, when we did last change of Anyconnect image to version 4.6 we had many problems with auto-update because during the connection process, Anyconnect client would see that there is newer version of client on the ASA and start the auto-update process, but after downloading it - first it uninstalled the old version of Anyconnect, and after that tried to install the new version where we ran to a problem because 99,9% of our users don't have admin rights under their windows profiles.This is the situation we would like to avoid.
Best regards,
Domagoj
