Solved: Re: Changing Anyconnect image

sv7 · ‎07-26-2021

Hello All,

Had an anyconnect remote access vpn running in my organisation with version 4.8 and now i wants to upload an new anyconnect image 4.10.01075 in my device. So would i need to just upload an new image in my device or anything else i have to change/modify so that my my users would connect with the new image.

Rob Ingram · ‎07-26-2021

On your Firepower Management Center web interface, go to Objects > Object Management > VPN > AnyConnect File and add the new AnyConnect client image files.

Modify your Connection Profile to ensure the correct anyconnect image is used.

View solution in original post

Rob Ingram · ‎07-26-2021

@sv7

You upload the anyconnect image(s) to the headend device (ASA or FTD), the clients then would automatically upgrade next time they connect to the VPN.

If you want to pre-deploy, then you'd use your system management solution such as SCCM to pre-deploy the new version of anyconnect.

If you use Umbrella, with the AnyConnect Roaming Security module, you can configure Umbrella to automatically upgrade anyconnect.

HTH

sv7 · ‎07-26-2021

Hello Rob,

Thank you for your reply.

As per my understanding uploading just an image : anyconnect-win-4.10.01075-webdeploy-k9.pkg to device or in anyconnect configuration would work and nothing have to change in terms of configuration. Please correct if im wrong

Rob Ingram · ‎07-26-2021

@sv7

Well to be accurate, you need to upload the file and tell the ASA it's location, so yes you'd need to modify the configuration:-

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-firewalls/1140-cisco-asa-firewall-anyconnect-secure-mobility-4-upgrade.html

ASA(config)# webvpn

ASA(config-webvpn)# anyconnect image disk0:/anyconnect-win-4.8.0304-k9.pkg 1

ASA(config-webvpn)# anyconnect enable

Or example if using ASDM:-

https://www.petenetlive.com/KB/Article/0000704

https://community.cisco.com/t5/security-documents/how-to-update-the-anyconnect-and-hostscan-images/ta-p/3157306

sv7 · ‎07-26-2021

Hello Rob,

I have an FTD running anyconnect vpn. What in ftd i need to do to activate the image like you suggested below command for ASA

ASA(config)# webvpn

ASA(config-webvpn)# anyconnect image disk0:/anyconnect-win-4.8.0304-k9.pkg 1

ASA(config-webvpn)# anyconnect enable

Rob Ingram · ‎07-26-2021

On your Firepower Management Center web interface, go to Objects > Object Management > VPN > AnyConnect File and add the new AnyConnect client image files.

Modify your Connection Profile to ensure the correct anyconnect image is used.

sv7 · ‎07-31-2021

Hello Rob,

Would my current connected users disconnect or FTD reboot after loading image on device.

Rob Ingram · ‎07-31-2021

@sv7

No, the users won't be disconnected and you don't need to reboot the FTD.

balaji.bandi · ‎07-26-2021

2 ways you can do,

1 .upload to ASA/FTD, Clients get automatically updated.

2. if you have SCCM or centralised config pushing to client, i will take advantage that and push.

(make sure you tested test users before you complete roleout, seen some compatable issue after roleout - just want to heads up)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help