11-29-2023 09:07 AM
We are currently using 4.7 version of AnyConnect and I am trying to figure out if there is a way when we go to the web url to download the client that we could choose to either use 4.7 or use 4.10. I don't want to push 4.10 to everyone yet and want to use this to test on some people first.
I create a new connection AnyConnect Connection profile/Group Policy/Client Profile/Uploaded 4.10 and created a different URL to use to see if this would work but it downloads the same thing.
Is this the way it would need to be done? Or is there a way to assign a software version to a specific profile?
Thanks
12-01-2023 02:44 AM
"anyconnect image" CLI is a global webvpn CLI not tied to any specific profile:
You will either need to set up test VPN gateway and ask users to connect once to a test profile to perform the upgrade or push predeploy packege to clients using other tools.
12-01-2023 02:52 AM
Yes you are correct'
Can he use two anyconnect profile' one with auto upgrades and other with no auto upgrades.
Push 4.7 to all
And only the client want to use 4.10 will use tunnel with anyconnect profile auto upgrades
And other will use it image.
That can be done in ASA?
Thanks
MHM
12-01-2023 07:27 AM
Deferred updates feature can help postpone AnyConnect upgrade for those people who already have 4.7 installed, but it won't help to those who don't have AnyConnect installed yet. AnyConnect image is a global setting as was mentioned.
12-01-2023 11:04 AM
Friend I am talking about two tunnel profile'
One with no auto upgrades
Other with auto upgrades
And user can select the one which need' @jf1134 give different passwords for each client so that each one access specific tunnel group.
4.7 access tunnel group with no auto upgrades
4.10 access to tunnel group auto upgrades and it will use image in global to upgrade
That my idea
MHM
12-01-2023 10:55 AM
Thanks. I guess let me ask this. Is it possible when we go to the FQDN to download the client to have an option to select either 4.7 or 4.10?
12-02-2023 05:10 AM
No, this is not supported.
Once again, if you want to test new version on a subset of users who already have AnyConnect 4.7 installed, you can do this by using Deferred Updates feature and educating users to choose "Defer Update" in the dialog box.
Or you can create new AnyConnect profile with <AutoUpdate UserControllable="false">false</AutoUpdate>, point to the profile in your existing group-policy, wait till all your users reconnect to download the new profile, then create another profile with autoupdates enabled, create new group-policy and somehow assign it to your test users, e.g. assign the group-policy dynamically to them or create new tunnel-group with a new group-url and point to the new group-policy in the tunnel-group. Then upload new AnyConnect image and test.
12-02-2023 05:29 AM
What that different from what I mention before!!!
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide