Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AnyConnect profile not updating correctly

Hello,

 

I see strange behaviour on an ASA5525-X running 9.1.5-12 and AnyConnect running 3.1.05182.

 

Whenever I edit the connection profile, it is only ever updates the local XML file when logging in via the web portal of the ASA.

Nothing happens to the XML file when logging in with the AnyConnect client (twice).

 

Is that default behaviour or am I missing a setting somewhere?

 

Kind regards,

Jens

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

It could be a malformed

It could be a malformed profile or corrupted client. A close look at your setup might help but it might also require examination of a diagnostic dump (DART file from AnyConnect). 

I've used the same ASA and AnyConnect versions as you're using and it worked OK.

If you have support I'd suggest opening a TAC case.

New Member

I don't use the web portal

I don't use the web portal but I have seen something similar with the client when I simply uploaded a new xml to the ASA and replaced the existing file.  I figured if I replaced the xml file with a new one with the same name, I should be good, right?  Nope.  I had to go into the gui, delete the profile entry (keep the xml), and then add a new entry again with the same name and point to the new xml.

9 REPLIES
Hall of Fame Super Silver

As long as you have enabled

As long as you have enabled client services in the connection profile, profile updates on the ASA should be pushed to the client upon next login via AnyConnect.

New Member

I can't find client services

I can't find client services in the profile editor or the xml, so I'm not sure what you mean.

Hall of Fame Super Silver

Sorry for the confusion -

Sorry for the confusion - that keyword is only used on an IPsec IKEv2 remote access VPN.

For an SSL VPN, it should be controlled by the presence of the xml file under the webvpn configuration section.

When an AnyConnect client connects, the ASA should be comparing its version of the profile to the one stored locally on the client. If the ASA's is newer, it should automatically update the client.

New Member

I get that, but why is the

I get that, but why is the local XML only updated when connecting via the web portal?

Shouldn't it be the same when connecting with the AnyConnect app?

Hall of Fame Super Silver

Yes, it should update when

Yes, it should update when connecting directly using the AnyConnect Secure Mobility client VPN module. I've used several dozen ASA-based SSL VPNs and all the ones with ASA-based profiles worked that way.

New Member

Which leads me back to my

Which leads me back to my initial question about what could cause this behaviour.

Hall of Fame Super Silver

It could be a malformed

It could be a malformed profile or corrupted client. A close look at your setup might help but it might also require examination of a diagnostic dump (DART file from AnyConnect). 

I've used the same ASA and AnyConnect versions as you're using and it worked OK.

If you have support I'd suggest opening a TAC case.

New Member

The profile had been changed

The profile had been changed in the unsupported fashion where an admin had just downloaded the file and uploaded again after making changes.

The profile now works as expected when only doing changes in ASDM - after recreating the reference.

Thanks again!

New Member

I don't use the web portal

I don't use the web portal but I have seen something similar with the client when I simply uploaded a new xml to the ASA and replaced the existing file.  I figured if I replaced the xml file with a new one with the same name, I should be good, right?  Nope.  I had to go into the gui, delete the profile entry (keep the xml), and then add a new entry again with the same name and point to the new xml.

1289
Views
0
Helpful
9
Replies
CreatePlease login to create content