03-24-2021 10:04 AM
Hello,
I have configured the ASA for Anyconnect Client VPN. If the Anyconnect Client software is manually installed on the users laptop do I still need to have it saved on the ASA under Configuration > Remote Access VPN > Network (Client) Access > Anyconnect Client Software. If yes then why?
Thanks for your time to answer this question.
Regards,
Qamber
Solved! Go to Solution.
03-25-2021 03:02 PM - edited 03-25-2021 03:03 PM
Before you define configuration policies for the AnyConnect VPN client, you have toload the AnyConnect VPN client package in the local flash of the security appliance. Youcan verify whether it is installed by choosing Configuration> Remote Access VPN>Network (Client) Access> Advanced> SSL VPN> Client Setting. If an AnyConnectVPN client image is not installed. when the SSL/TLS request comes into asa (to the box) asa look the connection profile in order to match the configuration you need to upload the headend anyconnect software on the ASA.
this below link will help you to understand why you need it.
03-25-2021 01:14 PM
Hi @sqambera
Yes, you still need to upload the image to the ASA. Without an anyconnect image on the ASA all connections will fail.
HTH
03-25-2021 02:15 PM
Just to add what @Rob Ingram mentioned you have to make sure the version is compatiable.
I have seem many issues the client is running anyconnect version 4.8 but on the ASA the headend is configured as anyconnect 4.7. some client can connect to ASA with anyconnect 4.8 but other having issues.
so what you can do you can upload two are three anyconnect headend version 4.7 4.8 4.9
anyconnect image disk0:/anyconnect-win-4.7.02074-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-win-4.8.02074-webdeploy-k9.pkg 2
anyconnect image disk0:/anyconnect-win-4.8.02074-webdeploy-k9.pkg 3
anyconnect enable
now if the end client is running any version of anyconnect as mentioned above they will be able to connect.
03-25-2021 02:19 PM
Thank you Sheraz. But why we need it on the headend if clients already have it installed. Is it like if the versions doesn't match ASA will automatically install? Thanks.
03-25-2021 02:18 PM
Thank you Rob for replying. But what's the reason to have it on the ASA if the clients already have it?
03-25-2021 03:02 PM - edited 03-25-2021 03:03 PM
Before you define configuration policies for the AnyConnect VPN client, you have toload the AnyConnect VPN client package in the local flash of the security appliance. Youcan verify whether it is installed by choosing Configuration> Remote Access VPN>Network (Client) Access> Advanced> SSL VPN> Client Setting. If an AnyConnectVPN client image is not installed. when the SSL/TLS request comes into asa (to the box) asa look the connection profile in order to match the configuration you need to upload the headend anyconnect software on the ASA.
this below link will help you to understand why you need it.
05-26-2022 04:32 PM
Still don't see the answer to the question in this thread or the Configuration guide for that matter. Also, don't see the implications of changing the version installed. I know that an ASA with version 4.6.x installed will allow a client running 4.10.x to connect. So, what happens if the ASA installed version is 4.10.x and a client running 4.6.x tries to connect?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide