cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
200
Views
0
Helpful
2
Replies
Highlighted
Contributor

Anyconnect software updates with management tunnel

Hi


I have an anyconnect managment tunnel setup and its working as expected. I ran into an odd issue when I tried to deploy the Umbrella anyconnect module from the ASA. Umbrella wouldn't deploy to clients using the management tunnel vpn setup - the same setup applied to other vpn tunnels (without management tunnels) worked perfectly

 

I found the following Cisco Documentation for anyconnect 4.7

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect47/administration/guide/b_AnyConnect_Administrator_Guide_4-7/b_AnyConnect_Administrator_Guide_4-7_chapter_01100.html#id_100260

 

It states:

 

During a management tunnel connection, the following preference values are overridden, mostly to eliminate user interaction and to minimize tunnel interruptions:
..
AutoUpdate: false—No software updates are performed during a management tunnel connection.
..

 

Is this the reason Umbrella won't deploy on a management tunnel enabled vpn? If so, does this also apply to the Secure Mobility Client updates?

 

Thanks
Andy

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Short answer yes this is the reason. You can't update the anyconnect client using management tunnel because it defeats the purpose of having anyconnect over management tunnel always established.

 

***** please remember to rate useful posts

View solution in original post

2 REPLIES 2
Highlighted
VIP Advisor

Short answer yes this is the reason. You can't update the anyconnect client using management tunnel because it defeats the purpose of having anyconnect over management tunnel always established.

 

***** please remember to rate useful posts

View solution in original post

Highlighted
Contributor

Thanks for the response - makes sense. We'll be using the management tunnel vpn service for corporate managed devices only so we can manage anyconnect software updates some other way.
Cheers
Andy