Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11655
Views
30
Helpful
16
Replies

ASA 9.6(2) anyconnect in multiple context mode

sipos
Level 1
Level 1

‎10-05-2016 12:01 AM - edited ‎02-21-2020 09:00 PM

Hello,

I have ASA 5525X in mutliple context mode. I need to assign anyconnect image to firewall. In next url http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/200353-ASA-Multi-Context-Mode-Remote-Access-A.html#anc10 is written following:

Note: 1. The flash storage is not virtualised and it is only accessible from the system context.
2. Copy files to the flash in system context i.e. AnyConnect image.
3. The AnyConnect image is a shared configuration.
4. Configured in the admin context only. Not available in other contexts.
5. All contexts automatically refer to this global AnyConnect image configuration.

When I tried to configure it in admin context ASA doesn't know file system

FW01/pri/act/admin(config-webvpn)# anyconnect image ?

webvpn mode commands/options:
Unknown file system

ASDM image is configured in system context, but why anyconnect image has to be configured in admin context?

I tried to configure it in system context I don't have any possibilities about anyconnect:

FW01/pri/act(config-webvpn)# ?

WebVPN commands:
exit Exit from WebVPN configuration mode
memory-size Configure WebVPN memory size. CHECK MEMORY USAGE BEFORE APPLYING
THIS COMMAND. USE ONLY IF ADVISED BY CISCO
no Remove a WebVPN command or set to its default

or

FW01/pri/act(config)# anyconnect ?
ERROR: % Unrecognized command

What is wrong? Where I made mistake? 

Thanks for any advice.

2 people had this problem
Labels:
0 Helpful
16 Replies 16

remi-reszka
Level 1
Level 1
In response to kunkaush

‎07-27-2017 10:11 AM

Hi Kunal,

Thank you very much for your config suggestions. It all works good until I reboot one of the ASAs. What happens is that in the user context  and under the webvpn the configuration regarding anyconnect image: "anyconnect image vflash:/anyconnect-win-4.4.02039-webdeploy-k9.pkg" simply disappears after the reboot. The "anyconnect enable" stays there.

Do you know what could be causing this issue?

Thank you in advance for your comments.

Best regards,

Remi

0 Helpful

Michael Bartholomæussen
Level 1
Level 1
In response to remi-reszka

‎08-25-2017 01:49 AM

Any help resolving this issue?

 

Last night after HA failover the anyconnect image were missing from config in the specific context. After reconfiguring the location of the AnyConnect image everything worked as expected! 

 

The issue seems to have startede after a firmware update, were the location of the AnyConnect was moved from a shared context to the specific context - i think thats how our consultant explained it way back, but I'm not 100% sure!

0 Helpful
Customers Also Viewed These Support Documents