I was wondering if the Community could help me with this one. I am going to attempt to upgrade all of our anyconnect clients through the ASA. First some background, We have two asa 5515x's setup in a failover running version 9.6(4)3. Most of my users are using some version of Anyconnect 3. I have already installed and tested version 4.7 on my notebook and it runs perfect. Since I have about 50 vpn users getting all of their notebooks in here or trusting them to do it on their own with home desktops would not be a good time. All but 5 are going to be Windows 7 and 10 OSes. The rest will be Macs. Since my vpn user base continues to grow I need to automate this as best I can for the future. Here is what I "think" I have to do and maybe someone can correct it or fill in the blanks for me.
1.) Get the image(s) for version 4.7.
2.) Load the image(s) into the flash on my Primary ASA. Hopefully this will be replicated to my Failover. If not I can copy it there as well.
3.)Make sure it is the only version of VPN images on my flash.
4.)After I notify my users I am "guessing" when they try login using their older version of the AnyConnect client they will be prompted to do the upgrade? Will they need local admin priviledges? That could be a problem. Another issue will be the MAC users. Will it work the same for them? I guess if it is a problem with them I can do those myself. If I am missing anything in this process please let me know.
Solved! Go to Solution.
You are correct. Once the new .pkg file is uploaded to the ASA the 3.x clients will receive the upgrade once they attempt to establish a VPN connection to the headend. This is true for both Windows and OSX. No admin privileges are required for this. You may also want to look into deferred upgrades in case your user are trying to connect for business critical needs and can't wait for the client to install.
I just want to confirm the two files I will be needing for the flash on my ASAs. I have downloaded version 4.7.001076
For the Windows users
For the MAC users
Is this correct or should I download others for the ASA's flash?
Actually there's a slightly newer release currently available - 4.7.02036 was released on 10 April 2019.
The 4.7.01076 release is from 28 February 2019. The latest AnyConnect release is generally preferable.
You do need to copy the files to flash on both the primary and secondary unit. File operations do not replicate between units in an HA pair.