Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
2
Helpful
7
Replies

Having Multiple AnyConnect Options to Download

jf1134
Level 1
Level 1

‎11-29-2023 09:07 AM

We are currently using 4.7 version of AnyConnect and I am trying to figure out if there is a way when we go to the web url to download the client that we could choose to either use 4.7 or use 4.10. I don't want to push 4.10 to everyone yet and want to use this to test on some people first.

I create a new connection AnyConnect Connection profile/Group Policy/Client Profile/Uploaded 4.10 and created a different URL to use to see if this would work but it downloads the same thing. 

Is this the way it would need to be done? Or is there a way to assign a software version to a specific profile?

Thanks

Labels:
0 Helpful
7 Replies 7

gajownik
Cisco Employee
Cisco Employee

‎12-01-2023 02:44 AM

"anyconnect image" CLI is a global webvpn CLI not tied to any specific profile:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/A-H/asa-command-ref-A-H/ad-aq-commands.html?bookSearch=true#wp2443114600

You will either need to set up test VPN gateway and ask users to connect once to a test profile to perform the upgrade or push predeploy packege to clients using other tools.

MHM Cisco World
VIP
VIP
In response to gajownik

‎12-01-2023 02:52 AM

Yes you are correct'

Can he use two anyconnect profile' one with auto upgrades and other with no auto upgrades.

Push 4.7 to all

And only the client want to use 4.10 will use tunnel with anyconnect profile auto upgrades 

And other will use it image.

That can be done in ASA?

Thanks 

MHM

0 Helpful

tvotna
Spotlight
Spotlight
In response to MHM Cisco World

‎12-01-2023 07:27 AM

Deferred updates feature can help postpone AnyConnect upgrade for those people who already have 4.7 installed, but it won't help to those who don't have AnyConnect installed yet. AnyConnect image is a global setting as was mentioned.

0 Helpful

MHM Cisco World
VIP
VIP
In response to tvotna

‎12-01-2023 11:04 AM

Friend I am talking about two tunnel profile'

One with no auto upgrades 

Other with auto upgrades 

And user can select the one which need' @jf1134 give different passwords for each client so that each one access specific tunnel group.

4.7 access tunnel group with no auto upgrades 

4.10 access to tunnel group auto upgrades and it will use image in global to upgrade

That my idea 

MHM

0 Helpful

jf1134
Level 1
Level 1

‎12-01-2023 10:55 AM

Thanks. I guess let me ask this. Is it possible when we go to the FQDN to download the client to have an option to select either 4.7 or 4.10?

0 Helpful

tvotna
Spotlight
Spotlight
In response to jf1134

‎12-02-2023 05:10 AM

No, this is not supported.

Once again, if you want to test new version on a subset of users who already have AnyConnect 4.7 installed, you can do this by using Deferred Updates feature and educating users to choose "Defer Update" in the dialog box.

Or you can create new AnyConnect profile with <AutoUpdate UserControllable="false">false</AutoUpdate>, point to the profile in your existing group-policy, wait till all your users reconnect to download the new profile, then create another profile with autoupdates enabled, create new group-policy and somehow assign it to your test users, e.g. assign the group-policy dynamically to them or create new tunnel-group with a new group-url and point to the new group-policy in the tunnel-group. Then upload new AnyConnect image and test.

 

MHM Cisco World
VIP
VIP
In response to tvotna

‎12-02-2023 05:29 AM

What that different from what I mention before!!!

MHM

0 Helpful
Customers Also Viewed These Support Documents