VPN Client on Macintosh

Answered Question
Feb 16th, 2010
User Badges:

The user is running Macintosh, Leopard 10.5.8.  It is a MacBook Pro.  I tried to download the VPN client for the Mac, version 4.9.01.0180.  When the VPN client has finished downloading to the desktop and we are ready to install the VPN client, the laptop is locked up.  The user had to Force Quit the computer before the Mac can restart.  It looks like this VPN client is not compatible with this version of Macintosh. Have you run into this type of problems before?  Do you have any suggestion on how to install the Cisco VPN client for Macintosh, ver. 10.5.8?


Thanks.


Diane

Correct Answer by stevebohrer about 7 years 2 months ago

Sorry I did not follow up to the forum. I got prices for the "full" SSL VPN license for the 5500 series of 10 users @ $850, 25 users @ $2,105. For the AnyConnect Essentials version, 250 concurrent users for $102. Part number was L-ASA-AC-E-5510.


However, for now we are not doing anything, because the plain VPN client has been working for okay our 10.5 and 10.6 macs, and they just added a 64-bit Win version.


Steve

Correct Answer by Brandon Svec about 7 years 3 months ago

Yes, that looks correct to me. It should cost about $250 or so for 5000

concurrent users.

Quite a bargain in the Cisco world..


Brandon


On Fri, Feb 19, 2010 at 2:26 PM, dianewalker <

Correct Answer by Brandon Svec about 7 years 3 months ago

I am not expert on this, but from the link:


• Cisco AnyConnect Essentials: This feature offers basic AnyConnect

tunneling support for customers who require VPN remote access but do not

need Cisco Secure Desktop features or clientless SSL VPN capabilities.

AnyConnect Essentials supports mobile connectivity options with the

AnyConnect Mobile license. Upgrade to the full-featured AnyConnect Premium

license (traditional AnyConnect) is available by applying a traditional

AnyConnect license or shared license to the ASA appliance.


So if you don't need secure desktop or clientless VPN this should be OK for

you. I think it also would not support voip because that requires vpn user

to user traffic which is likely not included.


If you have a part # I can tell you a cost. Essentials is basically free

wheras the full VPN licenses tend to be 5 digits in price..


Brandon



On Thu, Feb 18, 2010 at 12:13 PM, dianewalker <

Correct Answer by Brandon Svec about 7 years 3 months ago

I should have asked what VPN server you are using?  I have configured built in VPN client on 10.6 to conenct via IPSEC on my ASA 5510.

If you can, I would try AnyConnect.  It is simple to setup and deploy for basic VPN needs.


Brandon

Correct Answer by Brandon Svec about 7 years 3 months ago

Correct that AnyConnect is the current way to go.  Also correct that ASA only comes with 2 seats.


However- 250 seats on an ASA5510 is only about $100! (Basically free in the Cisco world)


You need to be running 8.2.  See this link for more info and part numbers for various ASA models.

https://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-526545.html


The license is called AnyConnect Essentials.


Brandon

Correct Answer by stevebohrer about 7 years 3 months ago

We have not yet hit issues with OS 10.5, but our use of the VPN Client is pretty basic. However, as far as I can tell, this form of the VPN client seems on the way out: No Mac version version v5.x client has been provided, and, on the Windows side, no 64-bit support.


In the release notes for the latest Windows version ( http://www.cisco.com/en/US/customer/docs/security/vpn_client/cisco_vpn_client/vpn_client5006/release/notes/vpnclient5006.html#wp75888) Cisco says, "For x-64 support, customers should explore with  their Cisco sales representative the use of the next-generation Cisco  AnyConnect VPN Client."


As instructed I contacted my rep, and he wrote "The nice part of the current IPSec client is that it is essentially free and there are version that will support both Windows XP, Vista, & 7 32-bit and OS X up to 10.6 at least.  But yes Cisco appears to have used the flip to 64-bit Windows OS’s as a reason to discontinue development for the IPSec client.

On the other hand the SSL client is pretty slick and can be configured to auto-install and auto-update for authorized users.  In many ways from a support standpoint this is probably the way to go if you plan on larger deployment numbers.

The downside is that more than 2 concurrent SSL connections to an ASA is a licensed feature add-on, I believe the next level up is 25 concurrent users."


I'm taking his statement of "OS X up to 10.6 at least" as a bit of a hand-wave, since Cisco's latest release notes on the Mac client don't mention either 10.5 or 10.6, but instead make a big deal about how they now support Intel processors and have dropped support for 10.3.9; this is not particularly current news, despite the revision date on these notes of Dec 2009.  ( http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client49/release/notes/49client.pdf )


So, seems like we're being shoved toward AnyConnect to get support for current OSes. I can only assume the reason for this is to get us to buy licenses rather than using the "free" (with purchase of an ASA!)  IPSec VPN Client.


Steve

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (6 ratings)
Loading.
Correct Answer
stevebohrer Wed, 02/17/2010 - 09:10
User Badges:

We have not yet hit issues with OS 10.5, but our use of the VPN Client is pretty basic. However, as far as I can tell, this form of the VPN client seems on the way out: No Mac version version v5.x client has been provided, and, on the Windows side, no 64-bit support.


In the release notes for the latest Windows version ( http://www.cisco.com/en/US/customer/docs/security/vpn_client/cisco_vpn_client/vpn_client5006/release/notes/vpnclient5006.html#wp75888) Cisco says, "For x-64 support, customers should explore with  their Cisco sales representative the use of the next-generation Cisco  AnyConnect VPN Client."


As instructed I contacted my rep, and he wrote "The nice part of the current IPSec client is that it is essentially free and there are version that will support both Windows XP, Vista, & 7 32-bit and OS X up to 10.6 at least.  But yes Cisco appears to have used the flip to 64-bit Windows OS’s as a reason to discontinue development for the IPSec client.

On the other hand the SSL client is pretty slick and can be configured to auto-install and auto-update for authorized users.  In many ways from a support standpoint this is probably the way to go if you plan on larger deployment numbers.

The downside is that more than 2 concurrent SSL connections to an ASA is a licensed feature add-on, I believe the next level up is 25 concurrent users."


I'm taking his statement of "OS X up to 10.6 at least" as a bit of a hand-wave, since Cisco's latest release notes on the Mac client don't mention either 10.5 or 10.6, but instead make a big deal about how they now support Intel processors and have dropped support for 10.3.9; this is not particularly current news, despite the revision date on these notes of Dec 2009.  ( http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client49/release/notes/49client.pdf )


So, seems like we're being shoved toward AnyConnect to get support for current OSes. I can only assume the reason for this is to get us to buy licenses rather than using the "free" (with purchase of an ASA!)  IPSec VPN Client.


Steve

Correct Answer
Brandon Svec Wed, 02/17/2010 - 09:41
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Small Business, February 2016

Correct that AnyConnect is the current way to go.  Also correct that ASA only comes with 2 seats.


However- 250 seats on an ASA5510 is only about $100! (Basically free in the Cisco world)


You need to be running 8.2.  See this link for more info and part numbers for various ASA models.

https://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-526545.html


The license is called AnyConnect Essentials.


Brandon

dianewalker Thu, 02/18/2010 - 12:13
User Badges:

Brandon,


Thanks for your response.  Can you tell me briefly the difference between Anyconnect Essentials and AnyConnect SSL client?  Do you have any ideas how much would AnyConnect SSL client cost?


Thanks.


Diane

Correct Answer
Brandon Svec Thu, 02/18/2010 - 12:21
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Small Business, February 2016

I am not expert on this, but from the link:


• Cisco AnyConnect Essentials: This feature offers basic AnyConnect

tunneling support for customers who require VPN remote access but do not

need Cisco Secure Desktop features or clientless SSL VPN capabilities.

AnyConnect Essentials supports mobile connectivity options with the

AnyConnect Mobile license. Upgrade to the full-featured AnyConnect Premium

license (traditional AnyConnect) is available by applying a traditional

AnyConnect license or shared license to the ASA appliance.


So if you don't need secure desktop or clientless VPN this should be OK for

you. I think it also would not support voip because that requires vpn user

to user traffic which is likely not included.


If you have a part # I can tell you a cost. Essentials is basically free

wheras the full VPN licenses tend to be 5 digits in price..


Brandon



On Thu, Feb 18, 2010 at 12:13 PM, dianewalker <

dianewalker Fri, 02/19/2010 - 14:26
User Badges:

Brandon,


Thanks for your response and info.  So, basically AnyConnect and AnyConnect Essentials are the same in term of configurations.  The only difference is AnyConnect would require a large amount of money to buy licenses and AnyConnect Essentials licenses are free.  I don't need Secure Desktop and VoIP.  So, I guess AnyConnect Essentials would work for me.  I have ASA 5550 VPN Premium License.  Do I contact my Rep to get AnyConnect Essentials free license?


Thanks.


Diane

Correct Answer
Brandon Svec Sat, 02/20/2010 - 10:40
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Small Business, February 2016

Yes, that looks correct to me. It should cost about $250 or so for 5000

concurrent users.

Quite a bargain in the Cisco world..


Brandon


On Fri, Feb 19, 2010 at 2:26 PM, dianewalker <

dianewalker Thu, 02/18/2010 - 12:20
User Badges:

Steve,


Thanks for your response and information.  Have you used SSL clientless?  What is your opinion about SSL clientless and AnyConnect?


Thanks.


Diane

Correct Answer
Brandon Svec Wed, 02/17/2010 - 09:48
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Small Business, February 2016

I should have asked what VPN server you are using?  I have configured built in VPN client on 10.6 to conenct via IPSEC on my ASA 5510.

If you can, I would try AnyConnect.  It is simple to setup and deploy for basic VPN needs.


Brandon

dianewalker Thu, 02/18/2010 - 12:16
User Badges:

Brandon,


I have ASA 5550.  Have you used SSL clientless?  What is your opinion about SSL clientless and AnyConnect?


Thanks.


Diane

Brandon Svec Thu, 02/18/2010 - 12:23
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Small Business, February 2016

Clientless is really useless for my needs, but it depends on what you want

to do..


Brandon


On Thu, Feb 18, 2010 at 12:16 PM, dianewalker <

stevebohrer Thu, 02/18/2010 - 14:31
User Badges:

Brandon,


Thanks for the info. After your first post I asked my rep for a quote on AnyConnect, and it was thousands for 10 users. However, I'll try again, and specify the "Essentials" version, as we're small enough that the manual installation of the basic VPN client has worked well for us.


Steve

dianewalker Thu, 03/18/2010 - 13:37
User Badges:

Stephen,


Did you ever find out the quote for AnyConnect Essentials?  Thanks.


Diane

Correct Answer
stevebohrer Thu, 03/18/2010 - 14:04
User Badges:

Sorry I did not follow up to the forum. I got prices for the "full" SSL VPN license for the 5500 series of 10 users @ $850, 25 users @ $2,105. For the AnyConnect Essentials version, 250 concurrent users for $102. Part number was L-ASA-AC-E-5510.


However, for now we are not doing anything, because the plain VPN client has been working for okay our 10.5 and 10.6 macs, and they just added a 64-bit Win version.


Steve

dianewalker Fri, 03/19/2010 - 07:46
User Badges:

Thanks very much for your prompt reply and information, Steve.


Diane

Actions

This Discussion