Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1768
Views
0
Helpful
5
Replies

Problem with automated downgrade

Go to solution
patoberli
VIP Alumni
VIP Alumni

‎01-31-2011 02:16 AM

Hello

I have an ASA which currently serves Anyconnect 2.4.x. I want now to test version 2.5.x, but each time I connect, it automatically tries to downgrade the newer version to the old one on the ASA.

How can I accomplish this, without braking the serving of the current 2.4.x release?

Thanks,

pato

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bravotom99
Level 1
Level 1
In response to patoberli

‎02-10-2011 02:21 PM

Not sure if you ever found a solution to this but I just experienced this issue.  I found that if the VPNManifest.dat file is missing in C:\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect VPN Client, the gateway tries to downgrade the client.  Once I copied the file into the directory from another machine, it connects fine and does not downgrade.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎01-31-2011 04:28 AM

You can order the AnyConnect image in the ASA as you wish, and it will be checked from top to bottom, ie: from number 1 down.

Eg:

svc image <> 1

svc image <> 2

svc image <> 3

Here is the command reference for your ref:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s8.html#wp1515211

So if you have placed version 2.5 with sequence number 1, and 2.4 with sequence number 2, it will download Anyconnect version 2.5 to your PC. However, it will also upgrade others who are running version 2.4 as well unless you say "no" when it asks if you would like to upgrade it.

Hope that helps.

0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to Jennifer Halim

‎01-31-2011 07:01 AM

Thanks for your answer.

This so far does not really help me, because the user should not get a promt at all. He should simply stay at 2.4, until I make the switch on the asa.

On older Version, I beleive 2.1, this was working. The client never downgraded itself, if I manually installed a newer version on the client-pc.

Anybody else an idea how I can block the downgrade, without making the users aware that there is a new version?

0 Helpful

Go to solution
bravotom99
Level 1
Level 1
In response to patoberli

‎02-10-2011 02:21 PM

Not sure if you ever found a solution to this but I just experienced this issue.  I found that if the VPNManifest.dat file is missing in C:\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect VPN Client, the gateway tries to downgrade the client.  Once I copied the file into the directory from another machine, it connects fine and does not downgrade.

0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to bravotom99

‎02-11-2011 01:15 AM

Wow thanks, that worked

For Windows Vista/7 users, you have to enable the "show hidden files" and also "show protected system file" to see the correct folder.

0 Helpful

Go to solution
bravotom99
Level 1
Level 1
In response to patoberli

‎02-11-2011 06:34 AM

Also, if you open that VPNManifest.dat in notepad, it shows the version number of anyconnect. I installed 2.5 and copied over a 2.5 VPNManifest but I also tried it with a 2.4 VPNManifest and that resolved it as well.  Maybe someone else has some insight into what that file does and whether anything 'breaks' if you happen to be using an old VPNManifest.

0 Helpful
Customers Also Viewed These Support Documents