VPN ssl client

Unanswered Question
Sep 20th, 2007
User Badges:

Can we configure our VPN concentrator to automatically update the VPN SSL client to the desktop. We want to switch from the VPN client to VPN SSL client using CA certificates. We have 2 concentrators still our network until we are able to upgrade to ASA's.


Spencer Plantier

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Danilo Dy Mon, 09/24/2007 - 05:20
User Badges:
  • Blue, 1500 points or more


You mean Cisco VPN Client (IPSec) to be updated by Cisco SSL VPN Client? Cisco SSL VPN concentrator can be configured to download the SSL VPN Client automatically and install permanently/temporary.

Both Cisco VPN Client and Cisco SSL VPN Client can co-exist and use either one (not both), I don't think either one can update/remove anyone of them.

I have not used CA Certificate though.

Here are their directories if choosing the default;

1. Cisco VPN Client

C:\Program Files\Cisco Systems\VPN Client

2. Cisco SSL VPN Client

C:\Program Files\Cisco Systems\SSL VPN Client

They have different libraries and executables.



wplantier Thu, 09/27/2007 - 07:55
User Badges:

What we to do is install the webvpn client on the clients box. Then when an upgrade is available to have that upgrade just downloaded to the client. Then on VPN box have the certificate come from an internal RSA box.

Danilo Dy Fri, 09/28/2007 - 06:53
User Badges:
  • Blue, 1500 points or more


In VPN Box's "Configuration + VPN + General + Group Policy + DfltGrpPolicy + WebVPN + SSL VPN Client + Keep Installer on Client System + Yes" will keep the SSL VPN Client installer on the clients box (i.e. version 1.1.3.x). When a new version of SSL VPN Client installer is available (i.e. version 1.1.4.x) load it to your VPN Box and in your VPN Box's "Configuration + VPN + WebVPN + SSL VPN Client + Enable SSL VPN Client + SSL VPN Client Images" add the new image which is 1.1.4.x in example. When the user is successfully authenticated, the new version will be automatically downloaded and install/update the old version on clients box.

About the certificate, do you mean you are using Certificate not AAA in VPN Box's "Configuration + VPN + General + Tunnel Group + Custom_Tunnel_Group or DefaultWEBVPNGroup + WebVPN + Basic"? If so, I haven't tried Certificate only AAA.




This Discussion