Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1063
Views
0
Helpful
3
Replies

automatic anyconnect new package download by client

Amafsha1
Level 2
Level 2

‎01-22-2019 11:26 AM - edited ‎02-21-2020 09:32 PM

Hello folks,

 

I have finished setting up ASA image and anyconnect profiles etc on the new VPN 2110 buildout.  One thing that I can't figure out is why when for example one windows 10 client wants to use the new VPN, all they do is punch in the new IP address of the VPN server on their current anyconnect client in which the ASA recognizes they have an older version of the anyconnect client so the ASA automatically downloads and installs the anyconnect package into their computer...that's great and that's how I want it and works great. 

 

But All of a sudden I go to test this on another win 10 computer and when they try to connect to the new VPN 2110 server, they get an error saying something like "not able to connect to the server"  so I had the end user go to the new VPN webpage, download the new anyconnect package then connect just fine.  I'm curious of why one computer gets the package downloaded automically while using the anyconnect app, and why one computer has to manually go to the vpn webpage and download the new anyconnect app?  Is their a way to make this process not be random?

 

Thank you for your help

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-22-2019 11:49 PM

It should always download the upgrade automatically for clients who currently have an earlier version of AnyConnect. (Unless you have the bypass upgrade option selected in the profile on the head end.)

 

Did the two computers both have the same old version of Anyconnect? Are they members of the same domain with associated GPOs matching? Could User Account Control have locked down the second computer?

0 Helpful

Amafsha1
Level 2
Level 2
In response to Marvin Rhoads

‎01-23-2019 10:44 AM

Thanks for replying Marvin.  I think I figured out the issue by accident. I was playing around with the settings and I went to "SSL Settings".  I had set the min ssl version for server and client to be TLS 1.2.  This had worked for my laptop which connected with windows 10 and downloaded the anyconnnect package automatically, but seems to not work for most (unless they manually go to webpage and download the new anyconnect client package).  So After I made the min be TLS V1 instead, I had the client connect and they connected just fine and downloaded the anyconnect client from 3.x  to 4.7

 

I guess it seems I have to sacrifice security here...  Unless you have a suggestion or work-around or something...

 

Thank you

0 Helpful

Amafsha1
Level 2
Level 2
In response to Marvin Rhoads

‎01-23-2019 10:49 AM

Marvin, here is the picture I forgot to put in my response.

 

https://imgur.com/a/YOUdUQw

0 Helpful
Customers Also Viewed These Support Documents