Re: Cisco AnyConnect Upgrade - to specific users/groups

is.infrastructure1 · ‎03-01-2021

Is it possible to upgrade Cisco AnyConnect just to a specific user or group?

Am I able to ensure only a certain user gets the option to upgrade to new version?

I want to be able to do this for testing purposes - apparently there have been issues with auto upgrading before, so I need to be able to test this to prove there are no issues.

Rob Ingram · ‎03-01-2021

Hi @is.infrastructure1

If you upload a newer Anyconnect client to the ASA/FTD headend then all users will auto-upgrade....unless you configure the client to bypass downloader (using the local anyconnect policy). This local anyconnect policy would need to be deployed to the users.

The best way to upgrade specific users or groups is to use your software management tools, such as SCCM which can target users/groups.

Sheraz.Salim · ‎03-01-2021

yes you can do this. I agree there are issues I encounter when doing a upgrade the headend vpn anyconnect. where some remote user upgraded to new version of anyconnect with no issue however, on the other end we had remote user who were not able to upgrade to new version.

There are two thing you can do.

1. use SCCM to push the anyconnect new version software with help of your server team.

2. set the priority of anyconnect version to use on your asa.

webvpn
!
anyconnect image flash:/anyconnect-win-4.7-k9.pkg 1
anyconnect image flash:/anyconnect-win-4.9-k9.pkg 2

or if you want to setup a set of selected group of user in that case you need to define a anyconnect profile in ASDM

here is a link for this.

please do not forget to rate.