Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

anyconnect download from ASA

How can I make anyconnect downloadable from ASA ? do I have to enable clientless ssl vpn in the group policy ?

 

Thank you

10 REPLIES
VIP Purple

Just load a new image to the

Just load a new image to the ASA (under Configuration -> Remote-Access VPN -> Network (Client) Access -> AnyConnect Client Software) and the client will load the new software the next time when the client connects. Of course the client shouldn't have a setting applied to not download new software. The group-policy doesn't need any specific settings for that and you also don't need to enable clientless for that.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
Hall of Fame Super Silver

+ 5 what Karsten said.For

+ 5 what Karsten said.

For more help, tell us what kind of remote access VPN you have setup or want to setup. Beyond the AnyConnect client software, certain features require different configuration steps and/or licensing on the ASA.

New Member

Anyconnect for windows,

Anyconnect for windows, actually anyconnect ssl vpn works if I install anyconnect client (which I downloaded from cisco site) locally on my pc but I'd like to make it possible to download and install it from cisco asa. On my browser pointing to https://myvpnoutsideaddress.com I do not see anyconnect connection tunnel group on which I should be able to authenticate and then eventually download the client.

 

ps. I also have some clientless web ssl vpn

Hall of Fame Super Silver

Can you share your ASA

Can you share your ASA configuration? There are several things necessary, to wit:

Your connection profile (tunnel-group in the cli vernacular) would need to have the webvpn setup correctly, aliases for the profiles defined, AnyConnect .pkg file defined (and present on the ASA), etc.

New Member

Quite difficult to share the

Quite difficult to share the whole conf,

 

here is the anyconnect one,

 

VPN/pri/act# sh run tunnel-group Gr_VPN_Sales
tunnel-group Gr_VPN_Sales type remote-access
tunnel-group Gr_VPN_Sales general-attributes
 address-pool Gr_VPN_Sales-Pool
 authentication-server-group LDAP-SIC
 default-group-policy Gr_VPN_Sales-GroupPolicy
tunnel-group Gr_VPN_Sales webvpn-attributes
 group-alias Sales-SDO enable

VPN/pri/act# sh run group-policy Gr_VPN_Sales-GroupPolicy
group-policy Gr_VPN_Sales-GroupPolicy internal
group-policy Gr_VPN_Sales-GroupPolicy attributes
 wins-server value 10.22.42.104 10.22.42.105
 dns-server value 10.22.42.104 10.22.42.105
 vpn-filter value Gr_VPN_Sales-ACL
 vpn-tunnel-protocol ssl-client
 group-lock value Gr_VPN_Sales
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Gr_VPN_Sales-Split
 default-domain value Sales.rve

VPN/pri/act# sh run webvpn
webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-3.1.02040-k9.pkg 1
 anyconnect enable
 tunnel-group-list enable
 cache
  disable

VIP Purple

That is the relevant part of

That is the relevant part of the config:

webvpn

 anyconnect image disk0:/anyconnect-win-3.1.02040-k9.pkg 1
 

If you load a new image through the mentioned way, then that image will get placed here and the next time your users connect they will be upgraded.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

I've already experienced that

I've already experienced that the upgrade works but actually my issue is I cant download it (supposing I have no anyconnect installed)

Hall of Fame Super Silver

What behavior do you observer

What behavior do you observer when trying to downlaod to a client PC with no AnyConnect currently installed?

You don't have any DAP checks that might be looking for something client-side like a certificate or registry key?

New Member

is this necessary ? group

is this necessary even though there is no clientless ssl vpn portal page for this tunnel-group ?

 

group-policy Gr_VPN_Sales-GroupPolicy attributes
  webvpn
    anyconnect ask none default anyconnect

New Member

Do I have to create a client

Do I have to create a client profile ?

1014
Views
5
Helpful
10
Replies
CreatePlease login to create content