Before you Begin

Make sure that you download the "AnyConnect Headend Deployment Package" for your desired operating systems. Always download the latest AnyConnect version, to ensure that you have the latest features, bug fixes, and security patches. Regularly update the packages on the device.

Note	You can upload one AnyConnect package per Operating System (OS): Windows, Mac, and Linux. You cannot upload multiple versions for a given OS type.

Procedure

Step 1

Download the AnyConnect packages from https://software.cisco.com/download/home/283000185.

Make sure you accept the EULA and have K9 (encrypted image) privileges.
Select the "AnyConnect Headend Deployment Package" package for your operating system. The package name will be similar to "anyconnect-win-4.7.04056-webdeploy-k9.pkg." There are separate headend packages for Windows, macOS, and Linux.

Step 2

Upload the AnyConnect packages to a remote HTTP or HTTPS server. Ensure that there is a network route from the FDM-managed device to the HTTP or HTTPS server.

Note	If you are uploading the AnyConnect package to an HTTPS server, ensure that the following steps are performed:

Upload the trusted CA certificate of that server on the FDM-managed device from firewall device manager. To upload the certificate, see the "Uploading Trusted CA Certificates" section in the "Certificates" chapter of Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version X.Y.
Install the trusted CA certificate on the HTTPS server.

Step 3

The remote server's URL must be a direct link without prompting for authentication. If the URL is pre-authenticated, the file can be downloaded by specifying the RA VPN wizard's URL.

Step 4

If the remote server IP address is NATed, you have to provide the NATed public IP address of the remote server location.