Re: Auto Update Cisco Anyconnect VPN.xml Server List

kylemiller452225788 · ‎01-04-2022

I have updated the VPN.xml file on my Cisco ASA 5515 removing one of our VPN FQDNs that can be connected too. However it has not updated on the client side to reflect the change. Is there a way for this process to be automatic upon connection to Anyconnect similarly to how version updates are pushed?

Client side VPN.xml:

-<ServerList>

-<HostEntry>

</HostEntry>

-<HostEntry>

</HostEntry>

-<HostEntry>

</HostEntry>

</ServerList>

</AnyConnectProfile>

Cisco ASA 5515 VPN.xml:

-<ServerList>

-<HostEntry>

</HostEntry>-<HostEntry>

</HostEntry>

</ServerList>

</AnyConnectProfile>

----------------------------------------------

the site zzz.com has been removed and needs to reflect that change on the client side automatically.

Thank you in advance for any assistance.

Marvin Rhoads · ‎01-04-2022

Assuming it is correctly associated with the connection profile (AKA tunnel-group in the cli), the VPN.xml profile should automatically update when a client reconnects. The connection process includes a check for this - a hash of the client's file is compared with that of the ASA's file and, in the event of any difference, the client's file is updated. This is shown in the details page under Message History as "Checking for profile updates..."

kylemiller452225788 · ‎01-04-2022

I have the VPN profile set to download and the auto updates selected within ASDM.

Marvin Rhoads · ‎01-04-2022

Have you confirmed the client is connection to the connection profile that the xml file is associated with?

The auto update selection is for AnyConnect itself.

kylemiller452225788 · ‎01-04-2022

Can confirm. I only have one VPN profile configured.