I have several laptops belonging to a client that need to connect to my ASA. I have run into a problem where my ASA is on a newer version of AnyConnect due some licensing/connectivity requirements and this causes the ASA to download a newer version of AnyConnect to the laptops. Due to how my client's laptops are configured, this "upgrade" causes them to no longer be able to connect to their corporate ASA. From what I have been able to find, they are using certificates as a part of the login process.This upgrade appears to remove all of that configuration/certificates.
In prior versions of the ASA/Anyconnect software, I thought I remembered seeing an option in ASDM to keep the client from being required to upgrade. I cant find that option now. I am using 8.2.5 for the ASA and using AnyConnect 3.1.04059.
I am going to test putting my ASA on the same version of the AnyConnect client as my client. Dont want to do that but I have to try that option.
I have tried reaching out to my counterparts at the client but havent any success in getting them to work with me. The only "fix" has been have the users who have the client laptops to get their helpdesk to reinstall the version/configuration of Anyconnect to get them to where they can connect to the Corporate ASA.
Since I dont have any ability to change anything on the laptops in question and havent been able to get cooperation from the IT counterparts at the company in question, is there a way I can keep the ASA from forcing the upgrade, if going to the same version of the AC client they are using doesnt fix the problem ?
Thanks for the link. Still not having any luck. The path in ASDM that it refers to - Configuration > Remote Access VPN > Network (Client) Access > Advanced > AnyConnect Custom Attributes doesnt exist for me. I see up to advanced by only hav ethe choices of AnyConnect Essentials, Endpoint Security, SSLVPN and IPSEC as options. I have looked under all those to see if I can find where to make the change but so far no joy.