AnyConnect failing to auto-update upon connecting, requires a re-install
We recently upgraded our 5510 at one of our clients to ASA software version 9.1(5), and after that was up and running and stable, we decided to upload the newest AnyConnect package files to the firewall for VPN users to get updated to the latest version.
The VPN connection is setup with radius authentication, and it has been working perfectly for a few weeks now. But just to add, when we had 8.2(5) software on the ASA and would put newer versions of the web deployment package on the ASA, clients trying to connect via VPN would auto-update without a problem. Same with Mac's.
So with the new software on the ASA, I ran a test from my home office, I uninstalled AnyConnect and installed an older version, 2.5.x. I then tried to connect via VPN with the thought that it would automatically update my VPN client to the version of the client on the ASA which is 3.1.05178. I watched it connect, ask for my active directory credentials, it would connect, then check for updates, and then say it was downloading an update. Shortly after, AnyConnect popped up a window saying "The VPN Client Agent was unable to create the interprocess communication depot." and I have to click Ok. Basically what happens here - http://www.itsystemadmin.com/the-vpn-client-agent-was-unable-to-create-interprocess/ but I do not have ICS turned on on the network adapter or any of my network adapters.
After clicking ok, it shows me the AnyConnect window, but the program is now partially non-functional, it is there, but the connection address is gone and if I enter it and click "Connect" it gives me an error immediately.
What I then have to do is go onto the ASA, remove that newer package and upload an older one. Then I re-install the VPN agent on my computer and re-connect, it doesn't find any update because I'm now running a newer version on my computer than the one that is on the ASA, and it connects fine.
I've tested this with a few employee laptops and they experience the same thing. I'm not sure if there is something that isn't compatible between this latest ASA software and the 5510, or what the issue is. I have tried putting slightly older versions of the web deployment package on the ASA and I still get the same problem. The problem is when the client computer is running an older version of AnyConnect and the ASA has a newer version, it fails upon initial connection and ruins the AnyConnect program and it has to be re-installed.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :