Установить cisco anyconnect для mac os

AnyConnect VPN Client Troubleshoot TechNote for MAC OSX Machines

Available Languages

Download Options

Contents

Introduction

This document briefly describes the possible error messages that appear during the installation of AnyConnect VPN client on Apple MAC machines and their corresponding resolutions.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

Cisco ASA Security Appliance that runs software version 8.x

Cisco IOS ® Router that runs Cisco IOS Software Release 12.4(20)T

Cisco AnyConnect Client software version 2.x

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Error Messages

This section shows a list of error messages along with the solutions.

Package Corrupt Error Message

When AnyConnect 2.3 is launched from an Apple MAC machine, the Anyconnect Package corrupt or unavailable error message appears and eventually, the connection attempt fails.

Solution

This can be a problem with the absence of the MAC-related AnyConnect package on the flash of the router. Upload the suitable AnyConnect package for MAC in order to resolve this issue. Upload the corresponding AnyConnect package, which depends upon the MAC architecture. For MACs on the Intel processor, you need the i386 macos image and for MACs that run the Power PC processor (PPC) you need the powerpc macos image. These are example packages for your reference:

Split DNS Issues

When split DNS is enabled on an AnyConnect setup, it is found that all the DNS queries are sent in clear but not tunneled. This is a problem with only the Apple MAC machines and works fine with Windows machines.

Solution

This behavior is observed and filed in Cisco bug ID CSCtf03894 (registered customers only) . In order to resolve this issue, you can upgrade to the AnyConnect release 3.0.4235, which has the Split DNS Functionality Enhancement. As a workaround, you can also use the built-in IPSec VPN client supported by Apple, which does not have this issue.

SVC Error Message

The launch of AnyConnect from a Macbook Pro running OSX Leopard is not successful. The VPN gateway is ASA running 8.0.4. The connection fails and the SVC Message: 16/ERROR: Initialization failure (mem allocfailed, etc.) error message appears.

Solution

This can be a problem with the way the MAC machine attempts to connect to the ASA. First verify if any IPv6 adaptors are enabled on the MAC machine and check if MAC tries to contact ASA over the IPv6 network. If so, it fails as the IPv6 is not supported with AnyConnect. In order to resolve this, disable the IPv6 related services on the MAC machine and try to connect with an IPv4 address.

Web-based Installation Error Message when AnyConnect is Launched on MAC

There are intermittent issues with you launch the AnyConnect version 2.5 on the MAC with OSX 10.5.6. The web-based installation was unsuccessful error message appears. At that time, you are unable to download and install AnyConnect, and the browser used is Firefox. If you reboot the MAC machine, this fixes the issue temporarily, but intermittently, the issue happens again.

Solution

Verify if your VPN gateways are connected in Load-balancer mode. If it is connected, then there could be some DNS cache-related issues that cause improper DNS redirects. In order to resolve this issue, always try to map the DNS URL to connect to one specific VPN gateway only.

MAC OSX 10.6.3 is Unable to get to Internet

When you use the AnyConnect on a MAC machine, you can access the Internal Corporate network but you are unable to browse to the Internet. It neither works by FQDN nor by IP address. There is a proxy server in use for Internet traffic.

Solution

The issue can be due to the length of the PMTU. Verify the existing MTU size on the VPN gateway, for example, ASA and modify it to a lesser value. In this sample output, the mtu size is reduced to 1204 from existing 1400.

AnyConnect on MAC fails to launch to Cisco IOS Router

The attempt to launch AnyConnect in standalone mode to a Cisco IOS ® Router running Cisco IOS Software Release 12.4(20)T is unsuccessful. The anyconnect internal error (state: not connected) error message appears.

Solution

Cisco IOS Software Release 12.4(20)T supports AnyConnect on MAC in standalone mode without any problem. In order to resolve this, try to use the complete URL when you connect to the Cisco IOS head-end device. This is a sample URL:

If this issue persists, contact Cisco TAC (registered customers only) for further troubleshooting.

Note: You need to have valid Cisco user credentials to contact Cisco TAC.

Wireless CSSC for an Apple MAC

Currently, the NAM module on the AnyConnect 3.0 product replaces the Cisco Secure Services Client (CSSC). Refer to Network Access Manager (Replacement for CSSC) for more information. There is no current plan to enable NAM to support MAC OSX platform.

Unable to Upgrade Firefox while AnyConnect is Installed on MAC

This error message appears when you upgrade Firefox on Apple machine version 10.6:

On machines that use softtokens, this error message appears:

It is observed that these MAC machines have AnyConnect version 2.5 installed. The current version of Firefox is 3.6.13.

Solution

This behavior has been tested and filed in Cisco bug ID CSCtn93915 (registered customers only) . As a workaround, you can try any of these described options.

Uninstall AnyConnect, upgrade Firefox and then install AnyConnect again.

Uninstall the current version of firefox then install the new version. All other upgrades after this should work fine.

Web-based Installation of AnyConnect Hangs

The authentication phase works fine but the VPN system hangs at the Using Sun Java for installation phase.

Solution

The issue could be with the Java and Web applet settings on the machine. Sometimes, Java gets stuck when you use the web launch with MAC machine. Refer to Cisco bug ID CSCtq86368 (registered customers only) for more information. In order to resolve this issue, follow the below steps.

Open Java preferences.

Change to run applets in their own process.

Drag the 32 bit Java on top.

If this does not help, upgrade the AnyConnect client to the latest available release.

Unable to Launch AnyConnect on MAC

You are unable to launch AnyConnect on the MAC machine due to certain incompatible software. What are other options to use this MAC machine as a remote access VPN client?

Solution

Refer to What options do I have for providing remote access to Mac users? for more information. Refer to IPSec VPN client for Apple MAC for more information and complete details.

Unable to Download the MAC AnyConnect Package

There are issues when you download the AnyConnect for MAC software from Cisco.com.

Solution

Open the Cisco AnyConnect VPN Client home page and click on Download Software (registered customers only) on the right hand side of the web page. Choose the required software package and download with valid Cisco user credentials.

Источник

Install Cisco AnyConnect Secure Mobility Client on a Mac Computer

Available Languages

Download Options

Objective

This article shows you how to download and install the Cisco AnyConnect Secure Mobility Client version 4.9.x on a Mac Computer.

This article is only applicable to the RV34x series routers, not Enterprise products.

Introduction

AnyConnect Secure Mobility Client is a modular endpoint software product. It not only provides Virtual Private Network (VPN) access through Secure Sockets Layer (SSL) and Internet Protocol Security (IPsec) Internet Key Exchange version2 (IKEv2) but also offers enhanced security through various built-in modules.

AnyConnect Software Version

Install AnyConnect Secure Mobility Client

This toggled section provides details and tips for beginners.

Prerequisites

• You need to purchase client license(s) from a partner like CDW or through your company’s device procurement. There are options for 1 user (L-AC-PLS-3Y-S5) or packets of licenses including one year for 25 users (AC-PLS-P-25-S). Other license options available as well, including perpetual licenses. For more details on licensing, check out the links in the Licensing Information section below.
• Download the latest version of firmware available for your router.

Make sure your operating system has one of the following versions: macOS 11.x (including Big Sur when using the latest version of AnyConnect firmware), 10.15, 10.14, and 10.13 (only 64-bit is supported from 10.15 and later). If you are not sure if a macOS version is supported, you can check the release notes. View the release notes from May 2021.

Check these other articles out!

Applicable Devices | Software Version

• RV340 | 1.0.03.21 (Download latest)
• RV340W | 1.0.03.21 (Download latest)
• RV345 | 1.0.03.21 (Download latest)
• RV345P | 1.0.03.21 (Download latest)

Licensing Information

AnyConnect client licenses allow the use of the AnyConnect desktop clients as well as any of the AnyConnect mobile clients that are available. You will need a client license to download and use the Cisco AnyConnect Secure Mobility Client. A client license enables the VPN functionality and are sold in packs of 25 from partners like CDW or through your company’s device procurement.

Want to know more about AnyConnect licensing? Here are some resources:

Step 1

Open a web browser and navigate to the Cisco Software Downloads webpage.

Step 2

In the search bar, start typing ‘Anyconnect’ and the options will appear. Select AnyConnect Secure Mobility Client v4.x.

Step 3

Download the Cisco AnyConnect VPN Client. Most users will select the AnyConnect Pre-Deployment Package (Mac OS) option.

The images in this article are for AnyConnect v4.9.x, which was latest version at the time of writing this document.

Step 4

Double-click the installer.

Step 5

Step 6

Go over the Supplemental End User License Agreement and then click Continue.

Step 7

Step 8

Choose the components to be installed by checking or unchecking the corresponding check boxes. All components are installed by default.

The items you select in this screen will appear as options in AnyConnect. If deploying AnyConnect for end-users, you may want to consider deselecting options.

Step 9

Step 10

Step 11

(Optional) Enter your password in the Password field.

Step 12

Click Install Software.

Step 13

You have now successfully installed the AnyConnect Secure Mobility Client Software on your Mac computer.

Additional Resources

AnyConnect App

To try out AnyConnect on mobile devices, the App can be downloaded from Google Play store or Apple store.

View a video related to this article.

Источник

VPN Clients For Mac OS X FAQ

Available Languages

Contents

Introduction

This document answers frequently asked questions about Cisco’s VPN Client solutions available on Mac OS X.

Tip: Cisco recommends that you migrate to the AnyConnect VPN Client for both Secure Sockets Layer (SSL) as well as IPsec. The built-in IPsec client on Mac OS is an Apple product, so any questions/upgrades/bug fixes and other issues on the client side need to be addressed by Apple while the Cisco Remote Access VPN client is EOS. Therefore, no fixes will be put in for this client.

General Questions

Q. What options do I have in order to provide remote access to Mac users?

There are three VPN Client solutions that can be implemented, dependent upon the Mac OS Version.

Mac OS X 10.5
Leopard

Mac OS X 10.6
Snow Leopard

Mac OS X 10.7
Lion

Mac OS X 10.8
Mountain Lion

Mac OS X 10.9
Mavericks

VPN Client	Technology/Protocol	Mac OS X 10.10 Yosemite	Mac OS X 10.11 El Capitan
Mac Built-in VPN Client	IPsec	X	X	X	X	X	X
Cisco Remote Access IPsec Client	IPsec	X	X
Cisco AnyConnect Secure Mobility Client	SSL, IKEv2/IPsec	X*	X	X**	X***	X	X	X****

*Mac OS X 10.5 (Leopard) is no longer supported in AnyConnect Release 3.1. Also, PowerPC support was dropped in Release 3.0 and later.
**Mac OS X 10.7 (Lion) is supported in AnyConnect Releases 2.5.3051 and 3.0.3054 and later.
***Mac OS X 10.8 (Mountain Lion) is supported in AnyConnect Releases 3.0.08057 and 3.1 and later.
****MAC OS X 10.11 (El Capitan) is supported in Anyconnect 4.1.04011 and later. El Capitan support will not be provided in AnyConnect 3.x as new OS support ended in July 2015. Refer to End-of-Sale and End-of-Life Announcement for the Cisco AnyConnect Secure Mobility Client Version 3.x.

Q. How do I uninstall Cisco VPN Client on Mac OS X?

In order to uninstall the Cisco VPN Client, complete these steps:

1. Enter these commands in order to clean out the old Cisco VPN kernel extension and reboot the system.
2. If you installed the Cisco VPN for Mac version 4.9.01.0180 package, enter these commands in order to delete the misplaced files. The deletion of these files will not affect your system, since applications do not use these misplaced files in their current location.
3. Enter these commands if you no longer need the old Cisco VPN Client or Shimo.

Q. What are the feature differences between the Cisco Remote Access VPN Client and AnyConnect VPN Client?

This is beyond the scope of this document, but fundamentally SSL VPN has more features than the Cisco Remote Access Software VPN Client as it is a newer technology and new features are rolled into each new release of AnyConnect. The latest AnyConnect Mobility Client, Version 3.0, includes the same feature-rich support for both SSL VPN and IKEv2.

IPsec VPN Questions

Q. If I want to use IPsec, should I use the built-in Mac VPN Client or the Cisco Remote Access VPN Client?

A. Although it is possible to use either VPN Client, the advantages of each are explained here.

Note: Cisco recommends that you use AnyConnect, which allows you to take advantage of Next Generation Encryption (NGE) ciphers and advancements in the IKEv2 protocol.

Mac VPN Client

• + The Apple built-in client ensures support as the Mac OS evolves.
• + The client is integrated into Mac OS X 10.6 and later.
• + Faster to configure as it does not require installation of another application.
• — Not built into Mac OS X 10.5.

Cisco Remote Access VPN Client

• + Supported in Mac OS X 10.5 and 10.6.
• — Requires installation of another software application on your Mac.
• — In early 2011 Mac began to ship Mac OS X 10.6 with a 64-bit kernel. This is not supported by the Cisco Remote Access VPN Client and results in Error 51 after install. Refer to Cisco IPsec VPN Client on MAC OS X generates the error «Error 51: Unable to communicate with the VPN subsystem».

Q. How do I configure the Mac built-in VPN Client?

In Mac OS X 10.6 and later:

1. Choose System Preferences > Network.
2. Click the lock button in order to unlock it and make changes.
3. Click the plus sign above the unlocked lock button in order to add an interface.
4. From the Interface drop-down list, choose VPN.
5. From the VPN Type drop-down list, choose Cisco IPSec.
6. In the Service Name text box, type an easy to remember interface name such as ‘Corp IPsec VPN’.
7. Click OK and then select this new interface.
8. Click the new VPN interface in order to configure the interface.
   • Server Address-VPN headend’s outside interface IP address (WAN/publicly routable IP address)
   • Account Name-Username
   • Account Password-User’s password
9. Click Authentication Settings.
   • Under Machine Authentication, click the radio button for your respective authentication mechanism (pre-shared-key or certificate authentication).
   • If a pre-shared key that matches the pre-shared-key defined on the VPN headend is used, type the key into the Shared Secret dialog box.
   • Enter the Group Name that matches the one defined in the EZVPN configuration on the VPN headend device (ASA ‘tunnel-group’, IOS ‘crypto ipsec client ezvpn group’).

Q. I tried to use the built-in Mac Client on Lion, but I receive a phase 2 mismatch. What should I do?

If your Microsoft Windows clients work or your older Macs that use the Cisco Remote Access VPN Clients work, and only the Lion machines do not seem to be able to connect, then it is likely a phase 2 mismatch issue. You see this error message if you enable ‘debug crypto ipsec’ on the ASA. This essentially means the transform sets used probably do not support the encryption used by the Mac built-in client. For Lion, the client uses 3DES or AES. It does not support DES. In order to work around this issue, either switch the transform set to use 3DES completely or add multiple transform sets as shown here:

This issue is usually caused by running an ASA software release earlier than Release 8.4. The later ASA software comes with all transforms sets defined by default, so additional configuration is not required to make it work.

Q. Are there any compatibility issues with the Cisco Remote Access VPN Client?

Refer to the Software Release Notes first for compatibility guidelines. Note the Error 51 compatibility issue between the Cisco Remote Access VPN Client and 64-bit Mac kernel mentioned later in this document.

Q. Where can I download the Cisco Remote Access VPN Client?

1. Open the Cisco Support Page.
2. Click Download Software.
3. Choose Products > Security > Virtual Private Networks (VPN) > Cisco VPN Clients > Cisco VPN Client.
4. Choose Cisco VPN Client v4.x.
5. Choose Mac OS.

Note: The VPN Client v5.x was only released for Windows PCs. The latest Mac release is v4.9.

Q. I tried to use Cisco VPN Client, but received Error 51. What should I do?

Q. Does the built-in Mac VPN Client support ESP-NULL transforms?

No, the built-in client does not support this transform set.

Источник