Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
845
Views
0
Helpful
2
Replies

Anyconnect software updates with management tunnel

Go to solution
andrewswanson
Level 7
Level 7

‎10-26-2020 07:22 AM

Hi


I have an anyconnect managment tunnel setup and its working as expected. I ran into an odd issue when I tried to deploy the Umbrella anyconnect module from the ASA. Umbrella wouldn't deploy to clients using the management tunnel vpn setup - the same setup applied to other vpn tunnels (without management tunnels) worked perfectly

 

I found the following Cisco Documentation for anyconnect 4.7

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect47/administration/guide/b_AnyConnect_Administrator_Guide_4-7/b_AnyConnect_Administrator_Guide_4-7_chapter_01100.html#id_100260

 

It states:

 

During a management tunnel connection, the following preference values are overridden, mostly to eliminate user interaction and to minimize tunnel interruptions:
..
AutoUpdate: false—No software updates are performed during a management tunnel connection.
..

 

Is this the reason Umbrella won't deploy on a management tunnel enabled vpn? If so, does this also apply to the Secure Mobility Client updates?

 

Thanks
Andy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎10-26-2020 10:29 AM

Short answer yes this is the reason. You can't update the anyconnect client using management tunnel because it defeats the purpose of having anyconnect over management tunnel always established.

 

***** please remember to rate useful posts

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎10-26-2020 10:29 AM

Short answer yes this is the reason. You can't update the anyconnect client using management tunnel because it defeats the purpose of having anyconnect over management tunnel always established.

 

***** please remember to rate useful posts

0 Helpful

Go to solution
andrewswanson
Level 7
Level 7

‎10-26-2020 10:41 AM

Thanks for the response - makes sense. We'll be using the management tunnel vpn service for corporate managed devices only so we can manage anyconnect software updates some other way.
Cheers
Andy

0 Helpful
Customers Also Viewed These Support Documents