Anyconnect with a no-upgrade option?

cnegrete · ‎06-15-2020

Hi everyone.

I have a small issue with a customer. We just implemented a RA-VPN service using Anyconnect (version 4.8) and Firepower 2130/4110 (Version 6.6). The problem is that the customer also have other Anyconnect version 4.5 on other sites.

Is there a way to have the Anyconnect 4.5 clients to connect to the 4.8 version Firepower, or have the 4.8 Anyconnect clients connect to the 4.5 version Firewall?

The idea is to avoid uninstalling the new version to connect to the older version.

Thanks in advance.

Rob Ingram · ‎06-15-2020

Hi,
You will be able to connect using AnyConnect 4.8 without having to uninstall and re-installing using the older version.

If you connect using AnyConnect 4.5 to the FTD 6.6 then by default the client will automatically be upgraded to AnyConnect 4.8 (which I assume you've uploaded to the FTD). You can disable this by modifying the VPN Local Policy and setting the "Bypass Downloader".

HTH

Marvin Rhoads · ‎06-15-2020

Also, newer version clients can always connect to older version ASA (or FTD) headends. So I wouldn't generally bother with the "no upgrade" option.