03-16-2014 04:50 AM - edited 02-21-2020 07:33 PM
How can I make anyconnect downloadable from ASA ? do I have to enable clientless ssl vpn in the group policy ?
Thank you
03-16-2014 05:53 AM
Just load a new image to the ASA (under Configuration -> Remote-Access VPN -> Network (Client) Access -> AnyConnect Client Software) and the client will load the new software the next time when the client connects. Of course the client shouldn't have a setting applied to not download new software. The group-policy doesn't need any specific settings for that and you also don't need to enable clientless for that.
03-16-2014 06:51 AM
+ 5 what Karsten said.
For more help, tell us what kind of remote access VPN you have setup or want to setup. Beyond the AnyConnect client software, certain features require different configuration steps and/or licensing on the ASA.
03-16-2014 08:13 AM
Anyconnect for windows, actually anyconnect ssl vpn works if I install anyconnect client (which I downloaded from cisco site) locally on my pc but I'd like to make it possible to download and install it from cisco asa. On my browser pointing to https://myvpnoutsideaddress.com I do not see anyconnect connection tunnel group on which I should be able to authenticate and then eventually download the client.
ps. I also have some clientless web ssl vpn
03-16-2014 08:13 AM
Can you share your ASA configuration? There are several things necessary, to wit:
Your connection profile (tunnel-group in the cli vernacular) would need to have the webvpn setup correctly, aliases for the profiles defined, AnyConnect .pkg file defined (and present on the ASA), etc.
03-16-2014 08:36 AM
Quite difficult to share the whole conf,
here is the anyconnect one,
VPN/pri/act# sh run tunnel-group Gr_VPN_Sales
tunnel-group Gr_VPN_Sales type remote-access
tunnel-group Gr_VPN_Sales general-attributes
address-pool Gr_VPN_Sales-Pool
authentication-server-group LDAP-SIC
default-group-policy Gr_VPN_Sales-GroupPolicy
tunnel-group Gr_VPN_Sales webvpn-attributes
group-alias Sales-SDO enable
VPN/pri/act# sh run group-policy Gr_VPN_Sales-GroupPolicy
group-policy Gr_VPN_Sales-GroupPolicy internal
group-policy Gr_VPN_Sales-GroupPolicy attributes
wins-server value 10.22.42.104 10.22.42.105
dns-server value 10.22.42.104 10.22.42.105
vpn-filter value Gr_VPN_Sales-ACL
vpn-tunnel-protocol ssl-client
group-lock value Gr_VPN_Sales
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Gr_VPN_Sales-Split
default-domain value Sales.rve
VPN/pri/act# sh run webvpn
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.02040-k9.pkg 1
anyconnect enable
tunnel-group-list enable
cache
disable
03-16-2014 02:56 PM
That is the relevant part of the config:
webvpn
anyconnect image disk0:/anyconnect-win-3.1.02040-k9.pkg 1
If you load a new image through the mentioned way, then that image will get placed here and the next time your users connect they will be upgraded.
03-17-2014 08:33 AM
I've already experienced that the upgrade works but actually my issue is I cant download it (supposing I have no anyconnect installed)
03-17-2014 11:00 AM
What behavior do you observer when trying to downlaod to a client PC with no AnyConnect currently installed?
You don't have any DAP checks that might be looking for something client-side like a certificate or registry key?
03-16-2014 09:00 AM
is this necessary even though there is no clientless ssl vpn portal page for this tunnel-group ?
group-policy Gr_VPN_Sales-GroupPolicy attributes
webvpn
anyconnect ask none default anyconnect
03-16-2014 11:28 AM
Do I have to create a client profile ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide