cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
244
Views
0
Helpful
5
Replies
Highlighted
Beginner

AnyConnect Client Upgrade

PID: ASA5525

Software Version: 9.6(4)3

---------------------------------------------------------------------------
VPN Licenses and Configured Limits Summary
---------------------------------------------------------------------------
Status : Capacity : Installed : Limit
-----------------------------------------
AnyConnect Premium : ENABLED : 750 : 25 : NONE
AnyConnect Essentials : DISABLED : 750 : 0 : NONE
Other VPN (Available by Default) : ENABLED : 750 : 750 : NONE
Shared License Server : DISABLED
Shared License Participant : DISABLED
AnyConnect for Mobile : DISABLED(Requires Premium or Essentials)
Advanced Endpoint Assessment : DISABLED(Requires Premium)
AnyConnect for Cisco VPN Phone : DISABLED
VPN-3DES-AES : ENABLED
VPN-DES : ENABLED
---------------------------------------------------------------------------

Present AnyConnect Package files clients use:


1. disk0:/anyconnect-win-3.1.13015-k9.pkg 1 dyn-regex=/Windows NT/
CISCO STC win2k+
3,1,13015
Hostscan Version 3.1.13015
Wed 12/23/2015 8:37:30.73

2. disk0:/anyconnect-macosx-i386-3.1.13015-k9.pkg 2 dyn-regex=/Intel Mac OS X/
CISCO STC Darwin_i386
3.1.13015
Wed Dec 23 09:09:35 EST 2015

3. disk0:/anyconnect-linux-3.1.13015-k9.pkg 3 dyn-regex=/Linux i[1-9]86/
CISCO STC Linux
3.1.13015
Wed Dec 23 08:08:52 EST 2015

4. disk0:/anyconnect-linux-64-3.1.13015-k9.pkg 4 dyn-regex=/Linux x86_64/
CISCO STC Linux_64
3.1.13015
Wed Dec 23 08:05:43 EST 2015

 

Task is to upgrade/update the AnyConnect Client Package files to version 4.7.0456


Change plan is

 

1. Upload below package files to ASA box

anyconnect-win-4.7.04056-webdeploy-k9.pkg
anyconnect-linux64-4.7.04056-webdeploy-k9.pkg
anyconnect-macos-4.7.04056-webdeploy-k9.pkg


2. Activate the new files for download and use.

webvpn
anyconnect image disk0:/anyconnect-win-4.7.04056-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-linux64-4.7.04056-webdeploy-k9.pkg 2
anyconnect image disk0:/anyconnect-macos-4.7.04056-webdeploy-k9.pkg 3


Is there any other things need to be checked/performed before doing this change (License, additional configuration changes, client side known issues, software compatibility etc),

 

Appreciate your help.

5 REPLIES 5
Highlighted
VIP Mentor

Re: AnyConnect Client Upgrade

High level that should work, but do you have any other hostscan and addons ?

 

Look at the release notes before upgraing., if you have test environment, suggest to upgrade before go big step on production.

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect47/release/notes/b_Release_Notes_AnyConnect_4_7.html#ID-1454-00000278

BB
*** Rate All Helpful Responses ***
Highlighted
Hall of Fame Guru

Re: AnyConnect Client Upgrade

Why are you targeting AnyConnect 4.7 instead of the latest (currently 4.8.03053)?

Also I would recommend upgrading ASA to 9.12.3-12 (current latest Gold Star release in the highest version number). You will get better VPN performance with DTLS 1.2 (requires ASA 9.10 or later and AnyConnect 4.7 or later).

Highlighted
VIP Mentor

Re: AnyConnect Client Upgrade

If this is HA deployment - 9.12 stay away for some reason - i have encounter some issue Active / Standby  - while testing SSL/DTLS as part of evalution before going to production.

 

when we failover active to standby things not smooth as expected.

 

 

BB
*** Rate All Helpful Responses ***
Highlighted
Hall of Fame Guru

Re: AnyConnect Client Upgrade

@balaji.bandi did you encounter a BugID? I have a customer running that release with HA pair of ASA 5525-X and frequent SSL VPN (AnyConnect) use. 

I have done failover and back again after the upgrade and they haven't reported any issues.

Highlighted
VIP Mentor

Re: AnyConnect Client Upgrade

@Marvin Rhoads  - Sorry for not agreeing your suggestion appolgies here.

 

i found bug here as part of my DTLS Testing : ( i like that feature want to explore and take advantage of it, but unfortunatly it was discourage me). - later could not get chance to investigate, may be fixed later version, for now this is what my personal notes 

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr92291

 

EDIT - your suggestion to 9.12.3-12 (may be working ?) - i have tried 9.12.X when they relased time.

BB
*** Rate All Helpful Responses ***