Anyconnect client updates itself automatically (version 4.10.00093) while the update on the gateway ...

jds5 · ‎06-10-2021

Hello,

VPN GW configured like other GW except that the image of Anyconnect VPN client for Windows is 4.10.00093 (on other GW a version 4.2 is implemented)
When the user is attempting to connect on this GW, the Anyconnect Client is upgraded automatically to 4.10.00093 and we want to block that.

Anyone know how to do that?

Rob Ingram · ‎06-10-2021

@jds5

You can modify the AnyConnectLocalPolicy.xml (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client) file on the client computers to bypass the downloader, change the default setting from "false" to "true". Using the syntax below

<BypassDownloader>true</BypassDownloader>

Or just upload the 4.2 image to the other gateway.

Regardless you should consider upgrade to a newer or the latest version, you get much better performance and a load of bug fixes.

Mike.Cifelli · ‎06-10-2021

IMO you have a couple of options. The quick way to not force the upgrade when clients connect to the GW, but still support both AnyConnect client versions would be to change the entry order via CLI:

webvpn
anyconnect image disk0:/anyconnect-win-4.9.05042-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-win-4.10.00093-webdeploy-k9.pkg 2

Or ASDM via the following:

Make sure that the pkg files are on both units. The other way would be to modify VPN profiles so that clients bypass the downloader. I suggest taking a peek at the following: Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.0 - Deploy AnyConnect [Cisco AnyConnect Secure Mobility Client] - Cisco

HTH!

Anyconnect client updates itself automatically (version 4.10.00093) while the update on the gateway is disabled