Using Cisco AnyConnect VPN Client

vpcmailadmin · ‎09-21-2009

Good day,

We currently have a Cisco ASA 5510 with version 5.2 of ASDM and version 7.2 of the ASA. It is my understanding that to use the Cisco AnyConnect client we would need version 6.0 of the ASDM and version 8.0 of the ASA. If this just a software update? Would there be any downtime for this update or any adverse effects that might be caused to going to the higher version? Also is the AnyConnect a separate package that needs to be purchased or is it just something that is available if we upgrade to the latest versions? How long would an upgrade like that take and what configuration changes would be necessary to allow clients to connect?

Thanks and I appreaciate the help anyone is willing to give.

JORGE RODRIGUEZ · ‎09-21-2009

your understanding is correct..yes you need to upgrade asa code to 8.0.x or above for annyconnect support.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect20/release/notes/cvcrn200.html#wp608673

it is a software code ugrade for both ASA code and ASDM code accordingly, you will need reboot after upgrading code.

see Determining the Software Version for upgrade process - as per code http://www.cisco.com/en/US/products/ps6120/prod_release_notes_list.html

For the annyconnect client you can obtain it for free via cisco CCO , but you need ssl licenses. So far ASA5500 comes with two FREE SSL licenses for either SSL Webvpn or annyconnect.

If you intend to have more than two concurrent annyconnect sessions you need to buy SSL licenses - see table 2 for SL licenses info per platform.

http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e39_ns347_Networking_Solutions_Brochure.html

Regards

Jorge Rodriguez

vpcmailadmin · ‎09-22-2009

Thanks so much for the help Jorge!

Do you know of any negative imapct this might have? For example if we have sales guys using the Cisco VPN client now and we do the upgrade for ASDM and ASA could their current VPN client stop working? Basically are there any problems you've experienced due to the upgrade?

Thanks!

JORGE RODRIGUEZ · ‎09-22-2009

could their current VPN client stop working? Basically are there any problems you've experienced due to the upgrade?

Hi Jay, not realy - RA VPN should still function after - upgrade is very stright forward and will convert config to that code , as a rule and practice however for any upgrades on devices is to backup your configuration - it is also good idea to look at the code you will be upgrading to for opened CAVEATS -you can look at opened caveats in the release notes link I posted which provides details on opened bugs to sort of give you ideas of issues.. I have been runing latest code 8.2.1 since its release back in May for example with no issues but my environment differs from others.. but you should be good..

here is backup config process

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008072142a.shtml

upgrade softwrae image process using asdm

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9f9.shtml

is much easier to do the upgrade through command line... if you need help let us know.

Regards

Jorge Rodriguez