05-22-2019 01:04 AM - edited 02-21-2020 09:39 PM
Dear community,
we have some troubles with our Cisco Anyconnect clients. We initially deployed anyconnect client package 4.6.x on ASA (via ASDM) and wanted to switch to version 4.7.x now. In this regards we add anyconnect-win-4.7.02036-webdeploy-k9.pkg to ASA (ASDM - ). I have read in the documentation that the anyconnect software on the client will be updated automatically during the next login. But unfortunately the version stays on 4.6.x on the clients.
What did I wrong?
Best greetings
niLuxx
Solved! Go to Solution.
06-14-2019 05:30 AM
The images are checked in order for a match with the client OS. After the first match, the check stops. Since you have not removed the reference for the older version, that one continues to be used.
You can safely remove the reference to 4.6 (be sure to make sure the new image is present on disk and, if you have an HA pair, also on the standby unit's disk - they don't replicate).
conf t webvpn no anyconnect image disk0:/anyconnect-win-4.6.03049-webdeploy-k9.pkg
end
wr mem
05-22-2019 01:18 AM
06-06-2019 10:21 PM
Hello RJI,
sorry for the late response. I have checked the parameter you have mentioned, but it is disabled. So update should be performed with these settings (from my personal point of view).
Any other ideas?
Greetings
niLuxx
06-07-2019 01:33 AM
Simply adding the new client software to the ASA doesn't suffice. You need to tell the SSL VPN ("webvpn" section of the configuration) to use that version.
Please share the output of:
show run webvpn | i anyconnect
...from your ASA.
06-13-2019 11:13 PM
Hello Marvin,
here is the output of the command:
show run webvpn | i anyconnect
anyconnect image disk0:/anyconnect-win-4.6.03049-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-win-4.7.02036-webdeploy-k9.pkg 2
anyconnect profiles RDP_VPN_PROFILE disk0:/rdp_vpn_profile.xml
anyconnect enable
06-14-2019 05:30 AM
The images are checked in order for a match with the client OS. After the first match, the check stops. Since you have not removed the reference for the older version, that one continues to be used.
You can safely remove the reference to 4.6 (be sure to make sure the new image is present on disk and, if you have an HA pair, also on the standby unit's disk - they don't replicate).
conf t webvpn no anyconnect image disk0:/anyconnect-win-4.6.03049-webdeploy-k9.pkg
end
wr mem
06-19-2019 09:58 PM
Great. Your solution was working. Many many thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide