06-10-2021 10:06 AM
Hello,
VPN GW configured like other GW except that the image of Anyconnect VPN client for Windows is 4.10.00093 (on other GW a version 4.2 is implemented)
When the user is attempting to connect on this GW, the Anyconnect Client is upgraded automatically to 4.10.00093 and we want to block that.
Anyone know how to do that?
06-10-2021 10:14 AM
You can modify the AnyConnectLocalPolicy.xml (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client) file on the client computers to bypass the downloader, change the default setting from "false" to "true". Using the syntax below
<BypassDownloader>true</BypassDownloader>
Or just upload the 4.2 image to the other gateway.
Regardless you should consider upgrade to a newer or the latest version, you get much better performance and a load of bug fixes.
06-10-2021 10:22 AM
IMO you have a couple of options. The quick way to not force the upgrade when clients connect to the GW, but still support both AnyConnect client versions would be to change the entry order via CLI:
webvpn
anyconnect image disk0:/anyconnect-win-4.9.05042-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-win-4.10.00093-webdeploy-k9.pkg 2
Or ASDM via the following:
Make sure that the pkg files are on both units. The other way would be to modify VPN profiles so that clients bypass the downloader. I suggest taking a peek at the following: Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.0 - Deploy AnyConnect [Cisco AnyConnect Secure Mobility Client] - Cisco
HTH!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide