cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8693
Views
5
Helpful
6
Replies

Anyconnect Client is not updating

niLuxx
Level 1
Level 1

Dear community,

we have some troubles with our Cisco Anyconnect clients. We initially deployed anyconnect client package 4.6.x on ASA (via ASDM) and wanted to switch to version 4.7.x now. In this regards we add anyconnect-win-4.7.02036-webdeploy-k9.pkg to ASA (ASDM - ). I have read in the documentation that the anyconnect software on the client will be updated automatically during the next login. But unfortunately the version stays on 4.6.x on the clients. 

What did I wrong?

Best greetings

niLuxx

1 Accepted Solution

Accepted Solutions

The images are checked in order for a match with the client OS. After the first match, the check stops. Since you have not removed the reference for the older version, that one continues to be used.

You can safely remove the reference to 4.6 (be sure to make sure the new image is present on disk and, if you have an HA pair, also on the standby unit's disk - they don't replicate).

conf t
webvpn
no anyconnect image disk0:/anyconnect-win-4.6.03049-webdeploy-k9.pkg
end
wr mem

View solution in original post

6 Replies 6

Hi,
On the client computers check the value <BypassDownloader> in the C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\AnyConnectLocalPolicy.XML file and make sure you are not stopping the clients' from upgrading. You can either modify the XML directly or use the AnyConnect Profile Editor

HTH

Hello RJI,

sorry for the late response. I have checked the parameter you have mentioned, but it is disabled. So update should be performed with these settings (from my personal point of view).

Any other ideas?

Greetings

niLuxx

Marvin Rhoads
Hall of Fame
Hall of Fame

Simply adding the new client software to the ASA doesn't suffice. You need to tell the SSL VPN ("webvpn" section of the configuration) to use that version.

Please share the output of:

show run webvpn | i anyconnect

...from your ASA.

 

Hello Marvin,

here is the output of the command:

show run webvpn | i anyconnect

anyconnect image disk0:/anyconnect-win-4.6.03049-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-win-4.7.02036-webdeploy-k9.pkg 2
anyconnect profiles RDP_VPN_PROFILE disk0:/rdp_vpn_profile.xml
anyconnect enable


The images are checked in order for a match with the client OS. After the first match, the check stops. Since you have not removed the reference for the older version, that one continues to be used.

You can safely remove the reference to 4.6 (be sure to make sure the new image is present on disk and, if you have an HA pair, also on the standby unit's disk - they don't replicate).

conf t
webvpn
no anyconnect image disk0:/anyconnect-win-4.6.03049-webdeploy-k9.pkg
end
wr mem

Great. Your solution was working. Many many thanks