cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Cisco ASA Context - Anyconnect deployment to new clients.

RoadRunner4k
Beginner
Beginner

Hi All.

 

I have installed a new firewall in multi-context mode, and enabled Anyconnect in a context. We are running on Cisco ASA 9.6(4) interim 3.

 

Anyconnect works without any issues. But the big questions are how we onboard new clients, which doest got Anyconnect deployed. How do the get the image?  Today new clients visit a dropbox folder in order to install the image.

 

But is it possible to install it from the firewall itself when its in multi-context mode?

I have configured this on the WebVPN part, but when i visit the URL i get an error message. "Internal Server Error"

 

(Context-1) 

 

webvpn
 enable OUTSIDE
 anyconnect image shared:/anyconnect-win-4.2.02075-k9.pkg 1
 anyconnect image shared:/anyconnect-linux-64-4.2.02075-k9.pkg 2
 anyconnect image shared:/anyconnect-macosx-i386-4.2.02075-k9.pkg 3
 anyconnect profiles USERS shared:/USERS_client_profile.xml
 anyconnect enable

 

Is there any way to solve this?

1 ACCEPTED SOLUTION

Accepted Solutions

Bogdan Nita
Rising star
Rising star

As far as I know this feature is still not supported on multi-context.

I found this enhancement request for enabling  WebLaunch, as well as other features:

CSCuw19758

 

HTH

Bogdan

View solution in original post

8 REPLIES 8

Bogdan Nita
Rising star
Rising star

As far as I know this feature is still not supported on multi-context.

I found this enhancement request for enabling  WebLaunch, as well as other features:

CSCuw19758

 

HTH

Bogdan

 


Hi Bogdan,

We have deployed ASA Firewall with version 9.6.3 with Any connect APEX license .We have deployed any connect VPN successfully using manual installation from client PC.

However , we are not able to get the prompt for web lunch when we are connecting any connect server and we have configured multi-context in the Firewall .

 

Is there any road map or features inclusion on multi-context  environment for web lunch .

 

With regards

Erfan

Hi Erfan,

Unfortunately I do not have any info on the road map for implementing this feature.

You are probably better off contacting your cisco representative for this.

 

Regards,

Bogdan

Do we have any updates on this issue/Enhancement?

 

 

Mike

Peter Koltl
Rising star
Rising star

Is AnyConnect auto-upgrade also not supported in multi-context?

Hi Peter

Auto-upgrade is possible. Initial deployment isn't so far. I am also waiting for the latter.

Peter Koltl
Rising star
Rising star

Hi jni,

 

Do you mean you have a working example of a multicontext ASA with AnyConnect where clients are auto-upgraded to the AnyConnect version on the (virtualized) flash?

If you have configured AnyConnect to be working under a virtual context, and you e.g. upload a new AnyConnect version (including the webvpn configuration), then you don't need to configure anything for the auto update to work. It will upgrade any client with an older AC version automaticallly.

 

But to answer your question, I have several virtual (context) firewalls running with SSL VPN configured. They all automatically upgrade the AC if newer software is present on the firewall. Deployment (if client doesn't have AC installed) however is to my knowledge still not possible (I still eagerly wait for it to be possible).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: