Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
582
Views
1
Helpful
4
Replies

Cisco AnyConnect VPN migration, ASA to FTD

Go to solution
varrao
Level 10
Level 10

‎02-27-2024 06:29 PM

Hi all,

We are trying to move away from Cisco ASA to FTD and part of that is to migrate the Anyconnect VPN as well.

The current client versions being used are version 4.0 and 4.5 (on 2 different VPN concentrators).

What is the best method to upgrade the anyconnect client to let's say version 4.10.x or 5.x without being very disruptive to user experience.

the new FTD are version 7.2.5

Thanks in Advance,

V

Thanks,
Varun Rao
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to varrao

‎02-28-2024 03:54 AM

@varrao I've not read any minimum version that is required. I would manually test an upgrade from AC 4.0 and 4.5 to confirm no issues in your environment prior to automating the upgrade.

The old AC clients may not support the strongest crypto that the FTD 7.2 would support. So you may need to ensure you run the older weaker crypto so those clients can connect and download SC 5.x, or pre-upgrade them before they connect.

Something to be aware of Secure Client is not supported on ASA versions older than 9.14, so depending on your old ASA version if the client was upgraded you may not be able to connect to the old ASA again.

 

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎02-28-2024 12:08 AM

@varrao upgrading AnyConnect to Secure Client is the same as before, either upload Secure Client 5.x to the FTD headend and once the users authenticate they will automatically upgrade or pre-deploy using your Network Management software solution such as SCCM or MDM.

I would not upgrade to AnyConnect 4.10, there will be no further patches or software maintainence updates for AnyConnect 4.x from March 31st 2024.

https://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/anyconnect-secure-mobility-client-v4x-eol.html

 

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to Rob Ingram

‎02-28-2024 03:11 AM

Hi Rob,

Thanks for taking out time to repsond.

Yeah that make sense, I am only conscious of upgrading the end-user client from 4.0 to straight 5.x, hope there is not strict intermediary steps like other Cisco upgrades?

Regards, V

Thanks,
Varun Rao
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to varrao

‎02-28-2024 03:54 AM

@varrao I've not read any minimum version that is required. I would manually test an upgrade from AC 4.0 and 4.5 to confirm no issues in your environment prior to automating the upgrade.

The old AC clients may not support the strongest crypto that the FTD 7.2 would support. So you may need to ensure you run the older weaker crypto so those clients can connect and download SC 5.x, or pre-upgrade them before they connect.

Something to be aware of Secure Client is not supported on ASA versions older than 9.14, so depending on your old ASA version if the client was upgraded you may not be able to connect to the old ASA again.

 

Go to solution
varrao
Level 10
Level 10
In response to Rob Ingram

‎03-02-2024 06:10 PM

Hi Rob,

Thanks for your response, I think that will be a very important consideration. We might not be able to rollback due to encryption mismatches and will have to move by fixing forward.

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents