Дистрибутив cisco anyconnect для mac os

Install Cisco AnyConnect Secure Mobility Client on a Mac Computer

Available Languages

Download Options

Objective

This article shows you how to download and install the Cisco AnyConnect Secure Mobility Client version 4.9.x on a Mac Computer.

This article is only applicable to the RV34x series routers, not Enterprise products.

Introduction

AnyConnect Secure Mobility Client is a modular endpoint software product. It not only provides Virtual Private Network (VPN) access through Secure Sockets Layer (SSL) and Internet Protocol Security (IPsec) Internet Key Exchange version2 (IKEv2) but also offers enhanced security through various built-in modules.

AnyConnect Software Version

Install AnyConnect Secure Mobility Client

This toggled section provides details and tips for beginners.

Prerequisites

• You need to purchase client license(s) from a partner like CDW or through your company’s device procurement. There are options for 1 user (L-AC-PLS-3Y-S5) or packets of licenses including one year for 25 users (AC-PLS-P-25-S). Other license options available as well, including perpetual licenses. For more details on licensing, check out the links in the Licensing Information section below.
• Download the latest version of firmware available for your router.

Make sure your operating system has one of the following versions: macOS 11.x (including Big Sur when using the latest version of AnyConnect firmware), 10.15, 10.14, and 10.13 (only 64-bit is supported from 10.15 and later). If you are not sure if a macOS version is supported, you can check the release notes. View the release notes from May 2021.

Check these other articles out!

Applicable Devices | Software Version

• RV340 | 1.0.03.21 (Download latest)
• RV340W | 1.0.03.21 (Download latest)
• RV345 | 1.0.03.21 (Download latest)
• RV345P | 1.0.03.21 (Download latest)

Licensing Information

AnyConnect client licenses allow the use of the AnyConnect desktop clients as well as any of the AnyConnect mobile clients that are available. You will need a client license to download and use the Cisco AnyConnect Secure Mobility Client. A client license enables the VPN functionality and are sold in packs of 25 from partners like CDW or through your company’s device procurement.

Want to know more about AnyConnect licensing? Here are some resources:

Step 1

Open a web browser and navigate to the Cisco Software Downloads webpage.

Step 2

In the search bar, start typing ‘Anyconnect’ and the options will appear. Select AnyConnect Secure Mobility Client v4.x.

Step 3

Download the Cisco AnyConnect VPN Client. Most users will select the AnyConnect Pre-Deployment Package (Mac OS) option.

The images in this article are for AnyConnect v4.9.x, which was latest version at the time of writing this document.

Step 4

Double-click the installer.

Step 5

Step 6

Go over the Supplemental End User License Agreement and then click Continue.

Step 7

Step 8

Choose the components to be installed by checking or unchecking the corresponding check boxes. All components are installed by default.

The items you select in this screen will appear as options in AnyConnect. If deploying AnyConnect for end-users, you may want to consider deselecting options.

Step 9

Step 10

Step 11

(Optional) Enter your password in the Password field.

Step 12

Click Install Software.

Step 13

You have now successfully installed the AnyConnect Secure Mobility Client Software on your Mac computer.

Additional Resources

AnyConnect App

To try out AnyConnect on mobile devices, the App can be downloaded from Google Play store or Apple store.

View a video related to this article.

Источник

AnyConnect compatibility with macOS High Sierra (10.13)

» means nesting-related): — Failed at: @displayUserCertifications user_id [in template «custom.author-acclaim-certifications» at line 4, column 9] ——>

• Subscribe to RSS Feed
• Mark as New
• Mark as Read
• Bookmark
• Subscribe
• Email to a Friend
• Printer Friendly Page
• Report Inappropriate Content

We’re pleased to announce that AnyConnect is macOS High Sierra (10.13) compatible.

Our recommended version for High Sierra is 4.5MR2 (4.5.02033), available today 9/25/17. This version includes additional guidance to ensure that the AnyConnect Kernel Extension (KEXT) is properly approved by the end user. This is a new requirement in High Sierra.

4.4MR4 and 4.5MR1 have also been tested for High Sierra compatibility, but will provide no further guidance to the end user (beyond the single OS prompt) that manual steps are required to provide full AnyConnect capabilities. Additionally, with these older (compatible) AnyConnect releases, a reboot may be required after manually approving the AnyConnect extension to continue to run. This step is not required with 4.5MR2.

Note: Customers using Host Scan must be running version 4.3.5038 or later of the module in order to detect the presence of the macOS 10.13 firewall.

We will continue to look at any way we can optimize this experience in subsequent maintenance releases.

Источник

AnyConnect macOS 11 Big Sur Advisory

Available Languages

Download Options

AnyConnect Changes Related to macOS 11 (Big Sur)

Table of Contents

Table of Figures

1. Introduction

AnyConnect 4.9.04xxx leverages the System Extension framework available in macOS 11 (Big Sur). This differs from past AnyConnect versions, which rely on the now-deprecated Kernel Extension framework. This is the minimum version required to run AnyConnect on macOS 11.

This advisory describes changes introduced in the new AnyConnect version and the steps administrators can take to confirm AnyConnect is operating correctly on macOS 11. There are important changes in approving the AnyConnect system extension, as detailed in the next section.

The advisory also details the steps for failing over to the AnyConnect kernel extension, as last-resort workaround in case a critical system extension (or related OS framework) issue is encountered. The AnyConnect kernel extension is installed on macOS 11 solely for this purpose, it is no longer used by default.

2. About the AnyConnect System Extension

AnyConnect uses a network system extension on macOS 11, bundled into an application named Cisco AnyConnect Socket Filter. (This app controls the extension activation and deactivation and is installed under /Applications/Cisco.)

The AnyConnect extension has the following three components:

These components are visible in the macOS System Preferences – Network UI window:

Figure 1 — DNS proxy component

Figure 2 — App/Transparent proxy component

Figure 3 — Content filter component

AnyConnect requires its system extension and all its components to be active in order to operate properly, which implies that the mentioned components are all present and show up as green/running in the left pane of the macOS Network UI, as per above screenshots.

3. Approving the AnyConnect System Extension

macOS 11 requires end user or MDM approval before system extensions are allowed to run.

Two approvals are required for the AnyConnect system extension:

— Approve the system extension loading/activation.

— Approve the extension’s content filter component activation.

3.1 Extension Approval by End User

The AnyConnect system extension and its content filter component can be approved by end user, by following either the OS prompting, or the more explicit AnyConnect Notification app’s instructions.

Figure 4 — Extension blocked — OS prompt

Figure 5 — Extension blocked — AnyConnect prompt

After opening the Security & Privacy Preferences window, click the bottom-left lock and provide the requested credentials, as prompted, to unlock it and allow changes.

The window’s appearance depends on whether the AnyConnect extension is the only one requiring approval. If that’s the case, simply click the Allow button.

Figure 6 — AnyConnect extension approval

Otherwise click the Details… button, then select the ”Cisco AnyConnect Socket Filter” check box and click OK.

Figure 7 — AnyConnect extension approval (multiple unapproved extensions)

Shortly after approving the AnyConnect extension, the user is shown another popup, this time for approving the extension’s content filter component.

Figure 8 — AnyConnect extension’s content filter approval

After the extension’s content filter approval is complete, the extension and its components should be active, as confirmed by the AnyConnect Notification app:

Figure 9 — AnyConnect extension approval confirmation

3.2 Extension Approval using MDM

The AnyConnect system extension can also be approved without end user interaction, using a management profile’s SystemExtensions payload with the following settings:

Источник

VPN Clients For Mac OS X FAQ

Available Languages

Contents

Introduction

This document answers frequently asked questions about Cisco’s VPN Client solutions available on Mac OS X.

Tip: Cisco recommends that you migrate to the AnyConnect VPN Client for both Secure Sockets Layer (SSL) as well as IPsec. The built-in IPsec client on Mac OS is an Apple product, so any questions/upgrades/bug fixes and other issues on the client side need to be addressed by Apple while the Cisco Remote Access VPN client is EOS. Therefore, no fixes will be put in for this client.

General Questions

Q. What options do I have in order to provide remote access to Mac users?

There are three VPN Client solutions that can be implemented, dependent upon the Mac OS Version.

Mac OS X 10.5
Leopard

Mac OS X 10.6
Snow Leopard

Mac OS X 10.7
Lion

Mac OS X 10.8
Mountain Lion

Mac OS X 10.9
Mavericks

VPN Client	Technology/Protocol	Mac OS X 10.10 Yosemite	Mac OS X 10.11 El Capitan
Mac Built-in VPN Client	IPsec	X	X	X	X	X	X
Cisco Remote Access IPsec Client	IPsec	X	X
Cisco AnyConnect Secure Mobility Client	SSL, IKEv2/IPsec	X*	X	X**	X***	X	X	X****

*Mac OS X 10.5 (Leopard) is no longer supported in AnyConnect Release 3.1. Also, PowerPC support was dropped in Release 3.0 and later.
**Mac OS X 10.7 (Lion) is supported in AnyConnect Releases 2.5.3051 and 3.0.3054 and later.
***Mac OS X 10.8 (Mountain Lion) is supported in AnyConnect Releases 3.0.08057 and 3.1 and later.
****MAC OS X 10.11 (El Capitan) is supported in Anyconnect 4.1.04011 and later. El Capitan support will not be provided in AnyConnect 3.x as new OS support ended in July 2015. Refer to End-of-Sale and End-of-Life Announcement for the Cisco AnyConnect Secure Mobility Client Version 3.x.

Q. How do I uninstall Cisco VPN Client on Mac OS X?

In order to uninstall the Cisco VPN Client, complete these steps:

1. Enter these commands in order to clean out the old Cisco VPN kernel extension and reboot the system.
2. If you installed the Cisco VPN for Mac version 4.9.01.0180 package, enter these commands in order to delete the misplaced files. The deletion of these files will not affect your system, since applications do not use these misplaced files in their current location.
3. Enter these commands if you no longer need the old Cisco VPN Client or Shimo.

Q. What are the feature differences between the Cisco Remote Access VPN Client and AnyConnect VPN Client?

This is beyond the scope of this document, but fundamentally SSL VPN has more features than the Cisco Remote Access Software VPN Client as it is a newer technology and new features are rolled into each new release of AnyConnect. The latest AnyConnect Mobility Client, Version 3.0, includes the same feature-rich support for both SSL VPN and IKEv2.

IPsec VPN Questions

Q. If I want to use IPsec, should I use the built-in Mac VPN Client or the Cisco Remote Access VPN Client?

A. Although it is possible to use either VPN Client, the advantages of each are explained here.

Note: Cisco recommends that you use AnyConnect, which allows you to take advantage of Next Generation Encryption (NGE) ciphers and advancements in the IKEv2 protocol.

Mac VPN Client

• + The Apple built-in client ensures support as the Mac OS evolves.
• + The client is integrated into Mac OS X 10.6 and later.
• + Faster to configure as it does not require installation of another application.
• — Not built into Mac OS X 10.5.

Cisco Remote Access VPN Client

• + Supported in Mac OS X 10.5 and 10.6.
• — Requires installation of another software application on your Mac.
• — In early 2011 Mac began to ship Mac OS X 10.6 with a 64-bit kernel. This is not supported by the Cisco Remote Access VPN Client and results in Error 51 after install. Refer to Cisco IPsec VPN Client on MAC OS X generates the error «Error 51: Unable to communicate with the VPN subsystem».

Q. How do I configure the Mac built-in VPN Client?

In Mac OS X 10.6 and later:

1. Choose System Preferences > Network.
2. Click the lock button in order to unlock it and make changes.
3. Click the plus sign above the unlocked lock button in order to add an interface.
4. From the Interface drop-down list, choose VPN.
5. From the VPN Type drop-down list, choose Cisco IPSec.
6. In the Service Name text box, type an easy to remember interface name such as ‘Corp IPsec VPN’.
7. Click OK and then select this new interface.
8. Click the new VPN interface in order to configure the interface.
   • Server Address-VPN headend’s outside interface IP address (WAN/publicly routable IP address)
   • Account Name-Username
   • Account Password-User’s password
9. Click Authentication Settings.
   • Under Machine Authentication, click the radio button for your respective authentication mechanism (pre-shared-key or certificate authentication).
   • If a pre-shared key that matches the pre-shared-key defined on the VPN headend is used, type the key into the Shared Secret dialog box.
   • Enter the Group Name that matches the one defined in the EZVPN configuration on the VPN headend device (ASA ‘tunnel-group’, IOS ‘crypto ipsec client ezvpn group’).

Q. I tried to use the built-in Mac Client on Lion, but I receive a phase 2 mismatch. What should I do?

If your Microsoft Windows clients work or your older Macs that use the Cisco Remote Access VPN Clients work, and only the Lion machines do not seem to be able to connect, then it is likely a phase 2 mismatch issue. You see this error message if you enable ‘debug crypto ipsec’ on the ASA. This essentially means the transform sets used probably do not support the encryption used by the Mac built-in client. For Lion, the client uses 3DES or AES. It does not support DES. In order to work around this issue, either switch the transform set to use 3DES completely or add multiple transform sets as shown here:

This issue is usually caused by running an ASA software release earlier than Release 8.4. The later ASA software comes with all transforms sets defined by default, so additional configuration is not required to make it work.

Q. Are there any compatibility issues with the Cisco Remote Access VPN Client?

Refer to the Software Release Notes first for compatibility guidelines. Note the Error 51 compatibility issue between the Cisco Remote Access VPN Client and 64-bit Mac kernel mentioned later in this document.

Q. Where can I download the Cisco Remote Access VPN Client?

1. Open the Cisco Support Page.
2. Click Download Software.
3. Choose Products > Security > Virtual Private Networks (VPN) > Cisco VPN Clients > Cisco VPN Client.
4. Choose Cisco VPN Client v4.x.
5. Choose Mac OS.

Note: The VPN Client v5.x was only released for Windows PCs. The latest Mac release is v4.9.

Q. I tried to use Cisco VPN Client, but received Error 51. What should I do?

Q. Does the built-in Mac VPN Client support ESP-NULL transforms?

No, the built-in client does not support this transform set.

Источник