05-08-2019 10:00 AM - edited 02-21-2020 09:38 PM
I was wondering if the Community could help me with this one. I am going to attempt to upgrade all of our anyconnect clients through the ASA. First some background, We have two asa 5515x's setup in a failover running version 9.6(4)3. Most of my users are using some version of Anyconnect 3. I have already installed and tested version 4.7 on my notebook and it runs perfect. Since I have about 50 vpn users getting all of their notebooks in here or trusting them to do it on their own with home desktops would not be a good time. All but 5 are going to be Windows 7 and 10 OSes. The rest will be Macs. Since my vpn user base continues to grow I need to automate this as best I can for the future. Here is what I "think" I have to do and maybe someone can correct it or fill in the blanks for me.
1.) Get the image(s) for version 4.7.
2.) Load the image(s) into the flash on my Primary ASA. Hopefully this will be replicated to my Failover. If not I can copy it there as well.
3.)Make sure it is the only version of VPN images on my flash.
4.)After I notify my users I am "guessing" when they try login using their older version of the AnyConnect client they will be prompted to do the upgrade? Will they need local admin priviledges? That could be a problem. Another issue will be the MAC users. Will it work the same for them? I guess if it is a problem with them I can do those myself. If I am missing anything in this process please let me know.
Thanks
Solved! Go to Solution.
05-08-2019 12:00 PM
Those are the correct files.
05-08-2019 10:16 AM
Hi,
You are correct. Once the new .pkg file is uploaded to the ASA the 3.x clients will receive the upgrade once they attempt to establish a VPN connection to the headend. This is true for both Windows and OSX. No admin privileges are required for this. You may also want to look into deferred upgrades in case your user are trying to connect for business critical needs and can't wait for the client to install.
Thanks,
Steve S.
05-08-2019 10:25 AM
Thanks Steve S. I will post the results
05-08-2019 11:25 AM
Steve S.
I just want to confirm the two files I will be needing for the flash on my ASAs. I have downloaded version 4.7.001076
For the Windows users
anyconnect-win-4.7.01076-webdeploy-k9.pkg
For the MAC users
anyconnect-macos-4.7.01076-webdeploy-k9.pkg
Is this correct or should I download others for the ASA's flash?
05-08-2019 12:00 PM
Those are the correct files.
05-09-2019 05:44 AM
Actually there's a slightly newer release currently available - 4.7.02036 was released on 10 April 2019.
https://software.cisco.com/download/home/286281283/type/282364313/release/4.7.01076
The 4.7.01076 release is from 28 February 2019. The latest AnyConnect release is generally preferable.
You do need to copy the files to flash on both the primary and secondary unit. File operations do not replicate between units in an HA pair.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide