Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4737
Views
0
Helpful
3
Replies

Disable Anyconnect client download / url login disable

Go to solution
davidsonyo
Level 1
Level 1

‎06-03-2015 01:44 PM - edited ‎02-21-2020 08:15 PM

Hello,

Is there a way to disable the Anyconnect client download when you browse to the anyconnect url? Or just make the url login not accessible
while the users still can connect with their installed anyconnect client to the corporate network.

Thanks!

Dave.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-03-2015 01:55 PM

You can't disable the download directly. This had been discussed several times here in CSC with at least one person having confirmed this with a TAC case. Link.

One hack is that if your Anyconnect image is an older one, the users will never be prompted to update it.

Re URLs, your can disable the aliases that populate the dropdown list on the web portal but as long as your have the SSL VPN service active, the ASA's outside interface will serve up the login page for at least the default connection profile.

What's your rationale for wanting to disable it in the first place? Perhaps there's an alternate method to achieve what you want.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-03-2015 01:55 PM

You can't disable the download directly. This had been discussed several times here in CSC with at least one person having confirmed this with a TAC case. Link.

One hack is that if your Anyconnect image is an older one, the users will never be prompted to update it.

Re URLs, your can disable the aliases that populate the dropdown list on the web portal but as long as your have the SSL VPN service active, the ASA's outside interface will serve up the login page for at least the default connection profile.

What's your rationale for wanting to disable it in the first place? Perhaps there's an alternate method to achieve what you want.

0 Helpful

Go to solution
davidsonyo
Level 1
Level 1
In response to Marvin Rhoads

‎06-03-2015 02:12 PM

Thanks for your quick response!

Our customer asked us to disable the download / make not accessible the url of anyconect for download, so their end users only can use the pre-installed version anyconnect - which is provided by them.

Dave.

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to davidsonyo

‎06-03-2015 02:15 PM

Well it definitely cannot be disabled on the ASA per se while leaving a functioning remote access SSL VPN.

Thinking more on my earlier idea - you could put only an older 32-bit Linux Anyconnect image on the ASA. That way no Windows or OS X images of any kind would be available for download yet you could still have a functioning SSL VPN.

If the end user was enterprising enough to be running Linux, they could probably hack their way around it even if there were no image on the ASA at all. :)

0 Helpful
Customers Also Viewed These Support Documents