Meraki

Community

Meraki MX Cisco Secure Client (AnyConnect) VPN client connection failover question

rhamersley
Getting noticed
‎Sep 20 2023 7:54 AM
‎Sep 20 2023 7:54 AM

Meraki MX Cisco Secure Client (AnyConnect) VPN client connection failover question

Our company has implemented Cisco AnyConnect VPN connection with our users successfully.   Works great with the authentication with the Radius server and also the Certification Authentication.   Below is the 2 questions need to see if anyone knows in the Meraki Community....

 

Question #1....

Is there any way to have the users Cisco AnyConnect client automatically be updated in our previous Cisco Firepower ASA appliance.   We are currently deploying updates there ManageEngine but curious if anyone knows if Meraki will have the ability to update our clients AnyConnect Secure Client application on our users workstations?

 

Question #2....

We implemented "Load Balancing" with both our circuits and when one of our circuits fails(Ex: Atlanta) our users that our VPN into that network location will failover to the secondary location (Ex: Denver).  Since we have "Load Balancing" configured in our Atlanta network location why wouldnt the secondary circuit take over and allow our VPN users to stay connected.    Our users do experience about a 3-5 minutes outage to failover over to our secondary location.   Is there any additional setting I am missing on the Meraki Dashboard to allow the VPN failover stay static in the Atlanta network location or not allow the 3-5 minute outage our users experience.

 

Thank you!

Labels:
0 Kudos
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 20 2023 8:04 AM
‎Sep 20 2023 8:04 AM

Regarding the first question, no, Anyconnect is not updated automatically, you need to update manually.
 
Maybe you can update via GPO or some other external tool.
 
Regarding the second, it is the expected behavior since the public IP for connection is being changed by that of the secondary link, that is, the client must reconnect.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 20 2023 1:15 PM
‎Sep 20 2023 1:15 PM

Cisco is transitioning AnyConnect management for all platforms (Firepower, ASA and MX) to the Cisco SecureX portal.  You can also manage the AnyConnect versions and perform profile management there.  It can automatically push out new versions.

I use this system for maybe 90% of new AnyConnect deployments.

 

To use the SecureX platform, you need two Cisco security technologies licenced.  If you don't have another, then the easiest way is to buy a single Cisco Umbrella licence.

 

You can start the process of signing up by going here:

https://security.cisco.com/ 

 

Once you have setup Cisco SecureX, you go to the "Insights" tab to setup AnyConnect.  It does not seem very intuitive to me to have it there - but that is where it is located.

 

 

I'm not sure about your question #2.  I assume you have failover configured in the AnyConnect profile.  I know it works, but I'm not sure on the expected timeframes.

0 Kudos
In response to PhilipDAth
Travist
Comes here often
‎Feb 8 2024 2:02 PM
‎Feb 8 2024 2:02 PM

Hi Philip, 

Now that SecureX is EoL, is there a replacement tool for Secure Client management?

0 Kudos
In response to Travist
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 8 2024 6:16 PM
‎Feb 8 2024 6:16 PM

We have been told there is a replacement system but it has not been released yet.

0 Kudos
In response to Travist
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Feb 14 2024 7:22 AM
‎Feb 14 2024 7:22 AM

There will be a tool for client management, but stay tuned for that.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.