Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4503
Views
0
Helpful
4
Replies

How to keep AnyConnect from upgrading ?

ronald.nutter
Level 1
Level 1

‎10-07-2014 11:28 AM - edited ‎02-21-2020 07:52 PM

I have several laptops belonging to a client that need to connect to my ASA.  I have run into a problem where my ASA is on a newer version of AnyConnect due some licensing/connectivity requirements and this causes the ASA to download a newer version of AnyConnect to the laptops.  Due to how my client's laptops are configured, this "upgrade" causes them to no longer be able to connect to their corporate ASA. From what I have been able to find, they are using certificates as a part of the login process.This upgrade appears to remove all of that configuration/certificates.

In prior versions of the ASA/Anyconnect software, I thought I remembered seeing an option in ASDM to keep the client from being required to upgrade.  I cant find that option now.  I am using 8.2.5 for the ASA and using AnyConnect 3.1.04059.

I am going to test putting my ASA on the same version of the AnyConnect client as my client.  Dont want to do that but I have to try that option.

I have tried reaching out to my counterparts at the client but havent any success in getting them to work with me.  The only "fix" has been have the users who have the client laptops to get their helpdesk to reinstall the version/configuration of Anyconnect to get them to where they can connect to the Corporate ASA.  

Since I dont have any ability to change anything on the laptops in question and havent been able to get cooperation from the IT counterparts at the company in question, is there a way I can keep the ASA from forcing the upgrade, if going to the same version of the AC client they are using doesnt fix the problem ?

Thanks,

Ron

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Marius Gunnerud
VIP
VIP

‎10-08-2014 12:56 AM

You can prompt the user and then have them defer the update.  this is done by editing the user profile.  The following link describes this and how it is done in the ASDM.

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac02asaconfig.html#pgfId-1596439

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

ronald.nutter
Level 1
Level 1
In response to Marius Gunnerud

‎10-08-2014 05:58 AM

Thanks for the link.  Still not having any luck.  The path in ASDM that it refers to - Configuration > Remote Access VPN > Network (Client) Access > Advanced > AnyConnect Custom Attributes doesnt exist for me.  I see up to advanced  by only hav ethe choices of AnyConnect Essentials, Endpoint Security, SSLVPN and IPSEC as options.  I have looked under all those to see if I can find where to make the change but so far no joy.

 

Thanks for suggestion.  Still looking.

Ron

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ronald.nutter

‎10-08-2014 07:58 PM

Allowing the user to defer the upgrade is a feature introduced as of ASA 9.0(1). It is not available on your ASA 8.2(5) code.

I believe with 8.2(5) and AnyConnect Essentials you are constrained in the behavior of the AnyConnect downloads being automatic and unavoidable.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Marvin Rhoads

‎10-09-2014 01:38 AM

Ok, the defer option might not be available, but you should be able to manipulate the profile to prevent the update.  Have a look at the following:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-vpn-client/107391-anyconnect-faqs.html#sftwrupgrd

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents