Problems with auto upgrade Anyconnect 3.1

Yann Kaeser · ‎12-18-2012

Hello,

I'm having problem with auto upgrade of Anyconnect 2.5 to 3.1.

Here is the situation :

I have ASA5510 running ASA 8.4.5 and clients are running Anyconnect 2.5.3055 and 3.1.00495 with 2 different profiles.

Clients with 2.5 can upgrade to 3.1 but then receive an "Invalid host entry" when they try to connect with new client. It works if they use FQDN instead of profiles. It's the same situation with Windows 7, Mac OS X and linux.

If I configure client software back to 2.5 on ASA, it works again for every client.

Do you have an idea ?

Thanks for your reply.

Yann

pooser-alford · ‎01-08-2013

I have seen the same behavior on Mac OS X. A couple of points for me:

If I delete the profiles from /opt/cisco/anyconnect/profile then I can connect once (using the FQDN) but it then downloads the client profile and on next attempted connection it receives "invalid host entry." My profiles use the FQDN of my ASA and both forward and reverse DNS resolution are configured properly.

My workaround is to remove the AnyConnect Client Profile entirely, but I can get away with that because I have a very simple setup, with all users in one default group. If I had to pass different profile information to different users that would not be a solution.

Second, better workaround: I just exported the client profile, imported it under a different name, edited the new client profile to remove the server address, and assigned the new profile to the group policy. At their next login, users get all the profile settings and since the client remembers the FQDN they used to connect it doesn't adversely affect the user experience.

Yann Kaeser · ‎01-10-2013

Thank you Dave for your answer.

I have too many machines (~1500) to try your first workaround.

I will try to recreate new xml file for profiles and see if it work.

I will let you know if it solve my problem.

Yann