11-26-2009 08:28 AM - edited 03-11-2019 09:43 AM
If using the client-update for an ASA 5505 then is this truly an automatic update at the time of tunnel establishment? Will the asa automatically change the boot system and asdm commands and reload ? I also see that its just not the ASA 5505 supported but all the ASAs and the PIX product lines yet documentation states only ASA 5505s can be easy VPN remotes?
thanks
Jim
11-26-2009 01:50 PM
The client-update feature is for updating the ipsec client upon connection. Not for upgrading the ASA :-)
Here is an example:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008097ca6f.shtml
11-26-2009 04:00 PM
hmmmm I have documents showing it does upgrade the ASA like the old 3002 did as well. Here is the command description found here (http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c4.html#wp2128844):
To issue a client-update for all active remote VPN software and hardware clients and adaptive security appliances configured as Auto Update clients, on all tunnel-groups or for a particular tunnel group, use the client-update command in privileged EXEC mode.
To configure and change client-update parameters at the global level, including VPN software and hardware clients and adaptive security appliances configured as Auto Update clients, use the client-update command in global configuration mode.
To configure and change client-update tunnel-group IPSec-attributes parameters for VPN software and hardware clients, use the client-update command in tunnel-group ipsec-attributes configuration mode.
If the client is already running a software version on the list of revision numbers, it does not need to update its software. If the client is not running a software version on the list, it should update.
To disable a client update, use the no form of this command.
Global configuration mode command:
client-update {enable | component {asdm | image} | device-id dev_string |
family family_name | type type} url url-string rev-nums rev-nums}
no client-update {enable | component {asdm | image} | device-id dev_string |
family family_name | type type} url url-string rev-nums rev-nums}
Tunnel-group ipsec-attributes mode command:
client-update type type url url-string rev-nums rev-nums
no client-update type type url url-string rev-nums rev-nums
Privileged EXEC mode command:
client-update {all | tunnel-group}
no client-update tunnel-group
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: