newbie; trying to use Cisco AnyConnect with MacOS 10.6. need help creating connection

Unanswered Question
Jun 4th, 2010

I realize most of you are highly technical folk. I am not. Just granted VPN access by my hospital. I use a Mac (OS10.6).Our IS folk have no clue how to set  up Mac  with Cisco AnyConnect to make a VPN

I don't know how to connect from my Mac to my PC workstation in my office.

My PC workstation supposedly was set up so that it will allow me to connect to it.The PC Is on, not hibernating.Running XP

I tried using Microsoft Remote Desktop and could not get it to work.

I found out that Mac OS 10. 6 has VPN interface build in

However when I selected VPN in my Network preference panel, I did not know which of the following three types of VPN to use Cisco AnyConnect

Mac OS gives me choice between a) Cisco IPsec  b)PPTP  c) L2TP over IPsec.

What do I use?

Can you help me identify the questions I have to ask my IS folks at my hospital?

I was told nothing

One of the three types of VPN available to me  asks for Authentication of something called Shared Secret. What is that?
I have the IP address of my workstation  and , of course, I know my log in name and password.

What else do I need?

I really need baby steps to walk me through this.

Thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Sat, 06/05/2010 - 21:27


I have set up ASA to do remote access and we have users who are successfully using MAC to do AnyConnect, so I know it works. But I am not a MAC user and am not personally familiar with the setup on the MAC.

One of your questions was about Shared Secret. The Shared Secret is part of ISAKMP, which is part of IPSec. Traditional VPNs were based on IPSec. And notice that 2 of 3 choices you were given mention IPSec. But AnyConnect does not use IPSec. It uses SSL instead. So no choice that mentions IPSec is the right choice. And I believe that what you want to do does not involve the VPN built in on the MAC.

AnyConnect is client software to provide the VPN functionality. I know in Windows it is just an application that you run. I suspect that it is the same on the MAC. So the first thing that you need to do is to load the client software. The are 2 options about how to get the client. One option is that the hospital folks may give you a CD with an installer for the MAC client. (note that there is a Windows version, and 2 MAC versions). If they give you a CD then installation should be pretty straightforward. Or the second option (which I prefer) is to load and install the AnyConnect client on line. Assuming that they have set up the ASA to support this, you would simply point your browser to https:// It should prompt for your user ID and password (the hospital has given you a user ID and password, right?) and then should take you to a page with an option to download and install the AnyConnect client.

So I would suggest that these are questions to ask the IS folks at the hospital:

1) if they have really told you nothing, then ask them what user ID and password you should use to login to the VPN

2) ask them if they already have users successfully running MAC OS10.6 and using AnyConnect. If they already have users of MAC OS10.6 then you should be good to go and all you need to do is to load the AnyConnect client.

3)if they do not already have users running AnyConnect for MAC OS10.6 then ask them if they have the MAC OS10.6 AnyConnect client loaded and configured on the ASA.

4) ask them if you can download the client on line or whether they prefer to install from CD.

I hope that helps. Give it a try. If you have more questions then post back.



barbpassman Mon, 06/07/2010 - 08:02

Thank you RBurts

I HAVE the AnyConnect client installed. I was given a link to download with install instructions which worked perfectly. I use my hospital log in, User Name and Password.

The ANYCONNECT client seems to start working. I see "time elapsed" "packets" but  our IT dept told me I needed a "remote desktop" in conjunction.

I downloaded the Microsoft Remote Desktop for Mac..have no clue how to interface it with  AnyConnect

So, having read in recent Mac publication that OS10.6 contains VPN capability, I found the three possible VPN 'settings, as I posted here. But could not get the built in VPN settings to work,either.

So, in summary, AnyConnect is useless for me.. I see it running but so? .

My question is : What  do I need, in combination with AnyConnect to actually connect  my Mac to my employer's servers and applications?

What Remote Desktop application do I need?

What do Windows people need ? ( Perhaps I can translate Windoz info and tha will help me use my Mac)

All help will be appreciated

Richard Burts Mon, 06/07/2010 - 09:53


If you already have the AnyConnect client installed that is good. If you start it, get prompted for login credentials, and successfully authenticate that is even better. I believe that most of your problem is solved. I believe that the remaining issue is RDP.

When you run AnyConnect and do connect to the Corporate network then the AnyConnect client is assigned an IP address in the Corporate network address space. So when you are running AnyConnecct it is just like your laptop was connected directly on the Corporate network. If you want to verify that then you can look at AnyConnect when it is running and it will show the client address that was assigned. You can take that address and verify that it is a Corporate network address.

So if your laptop were directly connected to the Corporate network what would you do on your MAC to RDP to your desktop? As a windows user I would simply open the RDP application, give it the address that I wanted to connect to, and the connection would be established. I suspect that you would do pretty much the same thing on your MAC.

Do not worry about interfacing RDP to AnyConnect. The AnyConnect client provides connectivity to the network and does not care what applications that you run so it does not need to know about RDP. And RDP uses the established connectivity and does not need to know what provides that connectivity, so it does not need to know about AnyConnect.



barbpassman Mon, 06/07/2010 - 11:10

Thank you.

I saw the "client server" IP addreses in the AnyConnect Window.

I recall being told by my IT dept to use the IP address of my workstation- the techie had me use IPConfig command line to  learn the IP address of the workstation on my desk.and I think that is the IP address I input to the RDP and  was told "connection could not be established."

I made sure my workstation was not in Hibernate mode.`

I can't recall if I input the IP address which I saw in the AnyConnect Window.

Our IT folk told me they made the adjustment to my workstation so I could access remotely.(But wouldn't that imply that I was to use the IP address of my workstation? I think that is why I input "my" IP address and not what I saw in the AnyConnect Window

Will try tonight.

I also know that we are automatically logged out of our workstations after a period of inactivity althought the workstation is not shut down. I did not know if that, also makes a difference.

Richard Burts Mon, 06/07/2010 - 11:50


Perhaps I got things a bit confused by talking about the AnyConnect client address. My point about the address was that it would demonstrate that you were connected "as if" you were physically in the Corporate network and not remote. I did not mean to suggest that you should use that address in RDP.

The address to use with RDP is the address of your PC (the address that you got with ipconfig). If you have AnyConnect running, then you start RDP, give RDP the address of your work PC, and tell RDP to connect. It should connect. If it does not connect then obviously there is a problem, and I do not believe that the problem is with VPN or with AnyConnect.

I think it should not matter if your work PC is in hibernate mode. And it should not matter that there is an automatic logout on the work PC. RDP should work ok through either of these conditions.

If you try again, being sure to use the IP of your work PC for RDP, and RDP still says unable to establish the connection, then I believe that you should talk to the IT dept again and ask them to check for possible issues.

I wonder if it is possible for you to bring your MAC laptop in to work, connect it to the work network somewhere, give it an IP address from the work network, and try RDP where it is not dependent on VPN.



barbpassman Mon, 06/07/2010 - 12:11

You are on target.

After several phone calls to various divisions of my IT dept, it seems that, indeed, a specific adjustment to MY workstation was not done despite eariler assurances.

This adjustment will be done and then I should be able to remote in.

I also learned how to use  browser to remote into our hospital environment. I will use the RDP to reach my specific workstation.

Thank you. Finally beginning to make sens


This Discussion

Related Content