cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1215
Views
0
Helpful
5
Replies

AnyConnect Upgrade How To?

ethutchinson
Level 1
Level 1

I was wondering if the Community could help me with this one. I am going to attempt to upgrade all of our anyconnect clients through the ASA. First some background, We have two asa 5515x's setup in a failover running version 9.6(4)3. Most of my users are using some version of Anyconnect 3. I have already installed and tested version 4.7 on my notebook and it runs perfect. Since I have about 50 vpn users getting all of their notebooks in here or trusting them to do it on their own with home desktops would not be a good time. All but 5 are going to be Windows 7 and 10 OSes. The rest will be Macs. Since my vpn user base continues to grow I need to automate this as best I can for the future. Here is what I "think" I have to do and maybe someone can correct it or fill in the blanks for me.

 

1.) Get the image(s) for version 4.7.

2.) Load the image(s) into the flash on my Primary ASA. Hopefully this will be replicated to my Failover. If not I can copy it there as well.

3.)Make sure it is the only version of VPN images on my flash.

4.)After I notify my users I am "guessing" when they try login using their older version of the AnyConnect client they will be prompted to do the upgrade? Will they need local admin priviledges? That could be a problem. Another issue will be the MAC users. Will it work the same for them? I guess if it is a problem with them I can do those myself. If I am missing anything in this process please let me know.

 

Thanks

1 Accepted Solution

Accepted Solutions

Those are the correct files.

View solution in original post

5 Replies 5

stsargen
Cisco Employee
Cisco Employee

Hi,

 

You are correct.  Once the new .pkg file is uploaded to the ASA the 3.x clients will receive the upgrade once they attempt to establish a VPN connection to the headend.  This is true for both Windows and OSX.  No admin privileges are required for this.  You may also want to look into deferred upgrades in case your user are trying to connect for business critical needs and can't wait for the client to install.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/vpn/asa_91_vpn_config/vpn_anyconnect.html

Enabling AnyConnect Client Deferred Upgrade

 

Thanks,

Steve S.

Thanks Steve S. I will post the results

Steve S.

 

 I just want to confirm the two files I will be needing for the flash on my ASAs. I have downloaded version 4.7.001076

For the Windows users

anyconnect-win-4.7.01076-webdeploy-k9.pkg

 

For the MAC users

anyconnect-macos-4.7.01076-webdeploy-k9.pkg

 

Is this correct or should I download others for the ASA's flash?

 

Those are the correct files.

Actually there's a slightly newer release currently available - 4.7.02036 was released on 10 April 2019.

https://software.cisco.com/download/home/286281283/type/282364313/release/4.7.01076

The 4.7.01076 release is from 28 February 2019. The latest AnyConnect release is generally preferable. 

You do need to copy the files to flash on both the primary and secondary unit. File operations do not replicate between units in an HA pair.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: