Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to keep AnyConnect from upgrading ?

I have several laptops belonging to a client that need to connect to my ASA.  I have run into a problem where my ASA is on a newer version of AnyConnect due some licensing/connectivity requirements and this causes the ASA to download a newer version of AnyConnect to the laptops.  Due to how my client's laptops are configured, this "upgrade" causes them to no longer be able to connect to their corporate ASA. From what I have been able to find, they are using certificates as a part of the login process.This upgrade appears to remove all of that configuration/certificates.

In prior versions of the ASA/Anyconnect software, I thought I remembered seeing an option in ASDM to keep the client from being required to upgrade.  I cant find that option now.  I am using 8.2.5 for the ASA and using AnyConnect 3.1.04059.

I am going to test putting my ASA on the same version of the AnyConnect client as my client.  Dont want to do that but I have to try that option.

I have tried reaching out to my counterparts at the client but havent any success in getting them to work with me.  The only "fix" has been have the users who have the client laptops to get their helpdesk to reinstall the version/configuration of Anyconnect to get them to where they can connect to the Corporate ASA.  

Since I dont have any ability to change anything on the laptops in question and havent been able to get cooperation from the IT counterparts at the company in question, is there a way I can keep the ASA from forcing the upgrade, if going to the same version of the AC client they are using doesnt fix the problem ?

Thanks,

Ron

4 REPLIES
VIP Green

You can prompt the user and

You can prompt the user and then have them defer the update.  this is done by editing the user profile.  The following link describes this and how it is done in the ASDM.

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac02asaconfig.html#pgfId-1596439

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
New Member

Thanks for the link.  Still

Thanks for the link.  Still not having any luck.  The path in ASDM that it refers to - Configuration > Remote Access VPN > Network (Client) Access > Advanced > AnyConnect Custom Attributes doesnt exist for me.  I see up to advanced  by only hav ethe choices of AnyConnect Essentials, Endpoint Security, SSLVPN and IPSEC as options.  I have looked under all those to see if I can find where to make the change but so far no joy.

 

Thanks for suggestion.  Still looking.

Ron

Hall of Fame Super Silver

Allowing the user to defer

Allowing the user to defer the upgrade is a feature introduced as of ASA 9.0(1). It is not available on your ASA 8.2(5) code.

I believe with 8.2(5) and AnyConnect Essentials you are constrained in the behavior of the AnyConnect downloads being automatic and unavoidable.

VIP Green

Ok, the defer option might

Ok, the defer option might not be available, but you should be able to manipulate the profile to prevent the update.  Have a look at the following:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-vpn-client/107391-anyconnect-faqs.html#sftwrupgrd

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
646
Views
0
Helpful
4
Replies
CreatePlease login to create content