Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1726
Views
0
Helpful
2
Replies

ASA Client-Update

Jim Thomas
Level 4
Level 4

‎11-26-2009 08:28 AM - edited ‎03-11-2019 09:43 AM

If using the client-update for an ASA 5505 then is this truly an automatic update at the time of tunnel establishment? Will the asa automatically change the boot system and asdm commands and reload ?  I also see that its just not the ASA 5505 supported but all the ASAs and the PIX product lines yet documentation states only ASA 5505s can be easy VPN remotes?

thanks

Jim

Jim Thomas Cisco Security Course Director Global Knowledge CCIE Security #16674
Labels:
0 Helpful
2 Replies 2

Kent Heide
Level 1
Level 1

‎11-26-2009 01:50 PM

The client-update feature is for updating the ipsec client upon connection. Not for upgrading the ASA :-)

Here is an example:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008097ca6f.shtml

0 Helpful

Jim Thomas
Level 4
Level 4
In response to Kent Heide

‎11-26-2009 04:00 PM

hmmmm I have documents showing it does upgrade the ASA like the old 3002 did as well. Here is the command description found here (http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c4.html#wp2128844):

client-update

To issue a client-update for all active remote VPN software and hardware clients and adaptive security appliances configured as Auto Update clients, on all tunnel-groups or for a particular tunnel group, use the client-update command in privileged EXEC mode.

To configure and change client-update parameters at the global level, including VPN software and hardware clients and adaptive security appliances configured as Auto Update clients, use the client-update command in global configuration mode.

To configure and change client-update tunnel-group IPSec-attributes parameters for VPN software and hardware clients, use the client-update command in tunnel-group ipsec-attributes configuration mode.

If the client is already running a software version on the list of revision numbers, it does not need to update its software. If the client is not running a software version on the list, it should update.

To disable a client update, use the no form of this command.

Global configuration mode command:

client-update {enable | component {asdm | image} | device-id dev_string |
family family_name | type type} url url-string rev-nums rev-nums}

no client-update {enable | component {asdm | image} | device-id dev_string |
family family_name | type type} url url-string rev-nums rev-nums}

Tunnel-group ipsec-attributes mode command:

client-update type type url url-string rev-nums rev-nums

no client-update type type url url-string rev-nums rev-nums

Privileged EXEC mode command:

client-update {all | tunnel-group}

no client-update tunnel-group

Syntax Description

all

(Available only in privileged EXEC mode.) Applies the action to all active remote clients in all tunnel groups. You cannot use the keyword all with the no form of the command.

component {asdm | image}

The software component for adaptive security appliances configured as Auto Update clients.

device-id dev_string

If the Auto Update client is configured to identify itself with a unique string, specify the same string that the client uses. The maximum length is 63 characters.

enable

(Available only in global configuration mode). Enables remote client software updates.

family family_name

If the Auto Update client is configured to identify itself by device family, specify the same device family that the client uses. It can be asa, pix, or a text string with a maximum length of 7 characters.

rev-nums rev-nums

(Not available in privileged EXEC mode.) Specifies the software or firmware images for this client. For Windows, WIN9X, WinNT, and vpn3002 clients, enter up to 4, in any order, separated by commas. For adaptive security appliances, only one is allowed. The maximum length of the string is 127 characters.

tunnel-group

(Available only in privileged EXEC mode.) Specifies the name of a valid tunnel-group for remote client update.

type type

(Not available in privileged EXEC mode.) Specifies the operating systems of remote PCs or the type of adaptive security appliances (configured as Auto Update clients) to notify of a client update. The list comprises the following:

asa5505: Cisco 5505 Adaptive Security Appliance

asa5510: Cisco 5510 Adaptive Security Appliance

asa5520: Cisco 5520 Adaptive Security Appliance

asa5540: Cisco Adaptive Security Appliance

linux: A Linux client

mac: MAC OS X client

pix-515: Cisco PIX 515 Firewall

pix-515e: Cisco PIX 515E Firewall

pix-525: Cisco PIX 525 Firewall

pix-535: Cisco PIX 535 Firewall

Windows: all windows-based platforms

WIN9X: Windows 95, Windows 98, and Windows ME platforms

WinNT: Windows NT 4.0, Windows 2000, and Windows XP platforms

vpn3002: VPN 3002 hardware client

A text string of up to 15 characters

url url-string

(Not available in privileged EXEC mode.) Specifies the URL for the software/firmware image. This URL must point to a file appropriate for this client. The maximum string length is 255 characters.

Jim Thomas Cisco Security Course Director Global Knowledge CCIE Security #16674
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card