Changing a Cisco ASA Outside IP Address? Change the Cisco AnyConnect Profile

By May 23, 2017September 16th, 2020Best Practices, Blog, Cisco
Cisco AnyConnect Icon

If you change the outside address of the firewall, you need to update the Cisco AnyConnect profile to point to the new address.  I have had issues and errors even when the VPN client is using a DNS entry pointing to the new IP address of the firewall’s outside interface.  The easiest way to fix this is to update the AnyConnect profile.  Then, the next time the client connects, they will get the new profile pushed down to their workstation.

If you are in ASDM, go to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profiles, highlight the client profile you have and click the “Edit” button.

Cisco AnyConnect Profile Settings Screenshot

From there go to the Server List:

Cisco AnyConnect Profile Servers List Screenshot

Update the hostname to be the domain name and update the host address to be the new IP address and click OK.  This will take you back to the Profile section, click OK again.   Then you will be back to the overall Cisco AnyConnect Client Profile section; click Apply to apply to new profile.

Now when users connect in, they will not get an error message, and next time they will not have to keep manually adding in the domain or external IP address in the Cisco Anyconnect client.

Jason Howe, PEI

Leave a Reply