Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4738
Views
0
Helpful
4
Replies

AnyConnect autoupdate disable not disabling

Go to solution
brettp
Level 1
Level 1

‎04-29-2022 06:09 AM

Hello,

 

We're setting up (or at least trying to) new FTD1140s with version 6.6.1 os. I am having endless issues with AnyConnect VPN, which I will not list here (mainly DNS issues that do not exist on our ASA VPNs) as the particular issue I am trying to solve at the moment is with AnyConnect Autoupdate. We do not want remote access users to receive automatic updates to AnyConnect when they connect to remote access VPN. As per Cisco's instruction, I created an AnyConnect profile with the Profile Editor with that feature disabled, uploaded it to the FTD, and confirmed it is being downloaded by the remote clients. The XML profile has the line: 

 

<AutoUpdate UserControllable="false">false</AutoUpdate>

 

With that said, if I uninstall the version that is uploaded to the FTD and install an older version... As soon as I connect again to VPN, it still downloads and installs the update. When I check the VPN Statistics, I see that it is indeed using the AnyConnect XML profile I created. So why it is updating the client when it should be disabled? It is repeatable... If I uninstall the new version, install the old, and connect again, the same thing happens--it updates to the new version every time.

 

Has anyone seen this before or have any ideas?

 

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Saurabh Dhakate
Cisco Employee
Cisco Employee

‎04-30-2022 08:42 PM

Please check if you are hitting CSCvy79511. This is fixed in 4.10.05095 version of AnyConnect. 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Udupi Krishna.
Cisco Employee
Cisco Employee

‎04-29-2022 05:41 PM

Try adding the current version which is running on the user machines on to FTD with package preference as 1 and the newer version as 2. This way the client doesnt have to go through an upgrade process. 

0 Helpful

Go to solution
Saurabh Dhakate
Cisco Employee
Cisco Employee

‎04-30-2022 08:42 PM

Please check if you are hitting CSCvy79511. This is fixed in 4.10.05095 version of AnyConnect. 

0 Helpful

Go to solution
Peter Koltl
Level 7
Level 7
In response to Saurabh Dhakate

‎09-06-2022 07:48 AM

So if you prefer the clients to keep their current AnyConnect versions just upgrade all of them to 4.10.05095 

0 Helpful

Go to solution
brettp
Level 1
Level 1

‎05-02-2022 06:16 AM

I actually figured it out prior to this response but I would assume it's related to this bug... however it seems my conditions were slightly different (because the bug report notes it doesn't matter if IP or FQDN is spec'd in the profile, but in my case it did.) I had 4.9.04043 on the client, 4.10.04071 on the FTD. Once I specified the VPN IP of the FTD in the server list in the profile, it did not try to perform the update. I am still in the process of setting up this device, so ultimately an FQDN will be used for VPN... at which point I hope it doesn't reintroduce the bug!

0 Helpful
Customers Also Viewed These Support Documents