08-27-2013 07:37 AM - edited 02-21-2020 07:06 PM
a) Since anyconnect web deployment require admin privilages on the PC, what is the general trend with the company's on anyconnect deployment?
b) Also with web deployment anyone from the Internet can (with out username and the password) see the VPN group names. Is it a good way of deploying the client?
08-27-2013 09:30 PM
Companies I have seen that do not allow local admin privileges for users usually have a software deployment tool they can use to deploy centrally. They generally use that for deployment to remote corporate users.
The drop down list is indeed visible to unauthenticated clients - it usually has something innocuous in the naming. It can be disabled altogether if desired and clients given a direct URL in their local profiles.
08-28-2013 02:38 AM
Thank You.
When we manually deploy the anyconnect does it require to match the exact version on the ASA? Example can I have anyconnect version 3.0 on ASA and version 3.1 on the client?
08-28-2013 01:17 PM
Yes the client AnyConnect version can be newer than the package on the ASA. I run the latest AnyConnect on my laptop and, as a professional services engineer, often connect to clients with varying older versions of AnyConnect on their ASAs.
The ASA AnyConnect binary package (pkg file) is only used to download to clients who don't have AnyConnect at all orwhose version is out of date (the latter assuming they have sufficient privilege level to install software).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide