Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2056
Views
1
Helpful
5
Replies

AnyConnect Client Upgrade

jr2020
Level 1
Level 1

‎05-21-2020 05:53 AM

PID: ASA5525

Software Version: 9.6(4)3

---------------------------------------------------------------------------
VPN Licenses and Configured Limits Summary
---------------------------------------------------------------------------
Status : Capacity : Installed : Limit
-----------------------------------------
AnyConnect Premium : ENABLED : 750 : 25 : NONE
AnyConnect Essentials : DISABLED : 750 : 0 : NONE
Other VPN (Available by Default) : ENABLED : 750 : 750 : NONE
Shared License Server : DISABLED
Shared License Participant : DISABLED
AnyConnect for Mobile : DISABLED(Requires Premium or Essentials)
Advanced Endpoint Assessment : DISABLED(Requires Premium)
AnyConnect for Cisco VPN Phone : DISABLED
VPN-3DES-AES : ENABLED
VPN-DES : ENABLED
---------------------------------------------------------------------------

Present AnyConnect Package files clients use:


1. disk0:/anyconnect-win-3.1.13015-k9.pkg 1 dyn-regex=/Windows NT/
CISCO STC win2k+
3,1,13015
Hostscan Version 3.1.13015
Wed 12/23/2015 8:37:30.73

2. disk0:/anyconnect-macosx-i386-3.1.13015-k9.pkg 2 dyn-regex=/Intel Mac OS X/
CISCO STC Darwin_i386
3.1.13015
Wed Dec 23 09:09:35 EST 2015

3. disk0:/anyconnect-linux-3.1.13015-k9.pkg 3 dyn-regex=/Linux i[1-9]86/
CISCO STC Linux
3.1.13015
Wed Dec 23 08:08:52 EST 2015

4. disk0:/anyconnect-linux-64-3.1.13015-k9.pkg 4 dyn-regex=/Linux x86_64/
CISCO STC Linux_64
3.1.13015
Wed Dec 23 08:05:43 EST 2015

 

Task is to upgrade/update the AnyConnect Client Package files to version 4.7.0456


Change plan is

 

1. Upload below package files to ASA box

anyconnect-win-4.7.04056-webdeploy-k9.pkg
anyconnect-linux64-4.7.04056-webdeploy-k9.pkg
anyconnect-macos-4.7.04056-webdeploy-k9.pkg


2. Activate the new files for download and use.

webvpn
anyconnect image disk0:/anyconnect-win-4.7.04056-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-linux64-4.7.04056-webdeploy-k9.pkg 2
anyconnect image disk0:/anyconnect-macos-4.7.04056-webdeploy-k9.pkg 3


Is there any other things need to be checked/performed before doing this change (License, additional configuration changes, client side known issues, software compatibility etc),

 

Appreciate your help.

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎05-21-2020 02:11 PM

High level that should work, but do you have any other hostscan and addons ?

 

Look at the release notes before upgraing., if you have test environment, suggest to upgrade before go big step on production.

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect47/release/notes/b_Release_Notes_AnyConnect_4_7.html#ID-1454-00000278

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-22-2020 04:16 AM

Why are you targeting AnyConnect 4.7 instead of the latest (currently 4.8.03053)?

Also I would recommend upgrading ASA to 9.12.3-12 (current latest Gold Star release in the highest version number). You will get better VPN performance with DTLS 1.2 (requires ASA 9.10 or later and AnyConnect 4.7 or later).

balaji.bandi
Hall of Fame
Hall of Fame
In response to Marvin Rhoads

‎05-22-2020 09:30 AM

If this is HA deployment - 9.12 stay away for some reason - i have encounter some issue Active / Standby  - while testing SSL/DTLS as part of evalution before going to production.

 

when we failover active to standby things not smooth as expected.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎05-22-2020 09:42 AM

@balaji.bandi did you encounter a BugID? I have a customer running that release with HA pair of ASA 5525-X and frequent SSL VPN (AnyConnect) use. 

I have done failover and back again after the upgrade and they haven't reported any issues.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Marvin Rhoads

‎05-22-2020 10:39 AM - edited ‎05-22-2020 10:50 AM

@Marvin Rhoads  - Sorry for not agreeing your suggestion appolgies here.

 

i found bug here as part of my DTLS Testing : ( i like that feature want to explore and take advantage of it, but unfortunatly it was discourage me). - later could not get chance to investigate, may be fixed later version, for now this is what my personal notes 

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr92291

 

EDIT - your suggestion to 9.12.3-12 (may be working ?) - i have tried 9.12.X when they relased time.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Top