Cisco AnyConnect 3.0.2 and Mac OS X 10.7

Answered Question
Jul 6th, 2011
User Badges:

I'm having trouble getting this to work, after my upgrade to Mac OS X Lion the Anyconnect client can no longer login. Reinstalling didn't work for me. What are other experiencing?

Correct Answer by slawford about 5 years 7 months ago

Hi All,


Thanks for your private messages. I had noticed the Subject Alternate name pattern in the vast majority of problem cases, which I forwarded to the developers.


Please note that version 3.0.3054 has just been posted to Cisco.com which contains the fix for CSCtr64798.


The updated client can be found here:

http://www.cisco.com/cisco/software/release.html?mdfid=283000185&softwareid=282364313&release=3.0.3054&relind=AVAILABLE&rellifecycle=&reltype=latest&i=rm


Regards,


Steve.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Herbert Baerten Mon, 07/11/2011 - 01:46
User Badges:
  • Cisco Employee,

The current version of Anyconnect is not supported on Lion, sorry. Personally, I have no idea when this can be expected - you may want to check with your CAM.


hth

Herbert

Roman Rodichev Wed, 07/20/2011 - 18:08
User Badges:
  • Gold, 750 points or more

This is beyond ridiculous guys Are you telling me noone at Cisco bothered to get such an essential software to work with a 10.7 which you would expect EVERYONE would download and install first day after it came out, which is today?


Any(except Lion)Connect?

Steven Glogger Thu, 07/21/2011 - 06:29
User Badges:

for lion I got via twitter:


Cisco AnyConnect (@AnyConnect)

20.07.11 17:52

@mrmouse79 I am not sure what your issue is based on the description, but official support is due out in 3.0.3 (targeted for this week).




Roman Rodichev Mon, 07/25/2011 - 11:31
User Badges:
  • Gold, 750 points or more

3.0.3050 was released on Friday with release notes claiming it supports Lion 10.7


I've tested it several times. No, it doesn't work. Same behavior. Did anyone bother to test it before releasing it?

CoreyDotCom Tue, 07/26/2011 - 12:04
User Badges:

I too am now using 3.0.3050 but I'm still unsuccesful at connecting from OSX Lion. 


"AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again."


..and I cannot use the built-in OSX client because we are not given access to our shared secret or group name.


Can someone from Cisco please help??

jdsuhr Wed, 07/27/2011 - 07:03
User Badges:

Same here - 3.0.3050 hasn't fixed the issue in Lion. I get the same error.

Roman Rodichev Wed, 07/27/2011 - 07:27
User Badges:
  • Gold, 750 points or more

Got in touch with TAC engineer. He asked to send him "/var/log/system.log" which shows anyconnect connection process. I retested it with three customers. Two of them don't work, and one actually works. The new Windows Anyconnect works on all three. I sent TAC all three tests. One major difference is that the good one uses premium ssl vpn licenses, and the two bad ones use anyconnect essentials. I'll let you know what I hear.

Roman Rodichev Tue, 07/26/2011 - 17:46
User Badges:
  • Gold, 750 points or more

I've had a case opened since Monday 1PM. Had engineer ask some question around 6PM and nothing today. I'm requeueing it.

ronbuchalski Wed, 07/27/2011 - 09:25
User Badges:

Can you be more specific regarding the problem?  And when the problem started?


I was having trouble with AnyConnect that began about a week before Lion was released.  I was running with Snow Leopard and AnyConnect Mobile Security Client 3.0.2052.  I started to get 'Certificate Validation Failure' messages.  I ended up setting the ASA certificate to be ALWAYS TRUSTED, as it is a self-generated certificate from the ASA.  The only 'problem/change' from previous operation is that every time I connect via VPN I need to enter my keychain credentials to allow the AnyConnect app to access the keychain.  Even when I chose to ALWAYS TRUST the application, it continues to prompt for the keychain password.


The same ASA client (3.0.2052) is now working with Lion.  I have the 3.0.3050 client downloaded but have not installed it yet.


By the way, there is an issue with 10.7 and Java, where 10.7 does not come with a Java runtime.  See:


http://support.apple.com/kb/DL1421


-rb

KAJ J. NIEMI Wed, 07/27/2011 - 10:22
User Badges:

We too have a self cooked certificate although it is part of a CA chain. The funny thing is authentication works fine but only afterwards are there SSL related errors - after successful authentication when profiles and updates are being attempted to download. We fixed it as follows as one can override the system certificate store.. it's just really obscurely documented.



1. mkdir -p ~/.cisco/certificates/ca

2. cd ~/.cisco/certificates/ca

3. put the public part of the root CA in that directory. The filename can be anything as long as it ends .pem. Obviously the format has to be PEM.

4. AnyConnect 3.0.3050 works now.



HTH

ronbuchalski Wed, 07/27/2011 - 12:03
User Badges:

Thank you, Kajtzu, I'll check it out.  Can you provide a pointer to where this is documented?


-rb

Roman Rodichev Thu, 07/28/2011 - 20:15
User Badges:
  • Gold, 750 points or more

This solution worked. Thank you!


I presume this requirements will be removed in the next version.

KAJ J. NIEMI Thu, 07/28/2011 - 21:21
User Badges:

I wouldn't presume anything .... I'd open a ticket with TAC and insist on at least an EE/DE looking at it.

slawford Fri, 07/29/2011 - 03:17
User Badges:
  • Cisco Employee,

Hi All,


I am from the TAC and have been looking into a few of these issues.


For those of you that are seeing certificate related errors in /var/log/system.log, could you please send me a private message with the address of your headend, or let me know if you have one or multiple values set under the "Subject Alternate Name" field on your certificate.


I am trying to rule out a pattern I have noticed in a number of cases that I am raising with our development team, and want to make sure that these issues are addressed under

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtr64798


Thanks,


Steve.

CHARLES FRANCIS Mon, 08/01/2011 - 06:24
User Badges:

Has anyone had any further luck with this? 


We are using a Verisign signed cert and this issue is only with our Lion clients.  We haven't been able to get the prompt to install the client from the webpage using Safari, Firefox or Chrome even though Java was installed/

sandervanloosbroek Mon, 08/01/2011 - 06:30
User Badges:

If you email your headend address to Steve (see the post above yours in this thread) he will confirm to you if your certificate is affected and if 3.0.3 will work for you. They are aware of an issue with some certificates and are working on it.

Correct Answer
slawford Thu, 08/04/2011 - 18:50
User Badges:
  • Cisco Employee,

Hi All,


Thanks for your private messages. I had noticed the Subject Alternate name pattern in the vast majority of problem cases, which I forwarded to the developers.


Please note that version 3.0.3054 has just been posted to Cisco.com which contains the fix for CSCtr64798.


The updated client can be found here:

http://www.cisco.com/cisco/software/release.html?mdfid=283000185&softwareid=282364313&release=3.0.3054&relind=AVAILABLE&rellifecycle=&reltype=latest&i=rm


Regards,


Steve.

mtdotfuji Fri, 08/05/2011 - 17:47
User Badges:

3054 fixed my issues connecting as well. But unfortunately once connected my Macbook Air (2011) now crashes sporadically. Anyone else?

terrancewbennett Thu, 02/09/2012 - 11:30
User Badges:

Yes, we are having crashes after installing the 3054 fix.... Any help would be nice.

kmccourt Thu, 02/09/2012 - 22:10
User Badges:
  • Bronze, 100 points or more

There have been several Anyconnect releases with bug fixes since 3.0.3054 and the current version is 3.0.5080. Have you tried any of these?

ronbuchalski Fri, 02/10/2012 - 11:39
User Badges:

We discovered that our issue was not with the AnyConnect client, but in fact was with ASA software 8.4.(2), which contained a bug which broke AnyConnect connectivity from Mac.  Not sure if it was isolated to 10.7 or not.


The ddts for the ASA bug is CSCts80367.  It was resolved in ASA software interim build 8.4.(2.18), and is now available in release 8.4.(3).


We loaded 8.4.(3) onto the ASA, tried to VPN from a Mac using AnyConnect, and it worked!


-rb

Dan Schauss Mon, 07/29/2013 - 12:28
User Badges:

So was the fix applied only to 8.4 code? 

We're running 8.2(5)44 on a ASA 5520 and are having no luck with loading the AnyConnect client (anyconnect-macosx-i386-3.1.00495-k9.pkg) on a MAC os X 10.8.  We tried saving the file and loading it manually and then tried the auto config when JAVA was loaded.  Neither approach worked.  We still get the same 'file damaged error' message.  ??


dan

Karsten Iwen Mon, 07/29/2013 - 23:20
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, VPN

You have to *disable* Gatekeeper on your Mac. Then you can install AnyConnect (I had the same Problem with ASDM) and enable Gatekeeper again. Now it will work as usual.


Sent from Cisco Technical Support iPad App

terrancewbennett Tue, 07/30/2013 - 07:35
User Badges:

Hope this helps steps to install the VPN client.

  1. Open up your System Preferences (hit Command+Space, type ‘System Preferences’ and then Enter)


  2. Click ‘Security & Privacy’


  3. Click the lock icon in the lower left, and enter your password


  4. Under ‘Allow applications downloaded from:’, select ‘Anywhere’, and from the popup, click ‘Allow From Anywhere’.


  5. Now install the VPN client.


  6. After you are done, under ‘Allow applications downloaded from:’ select ‘Mac App Store and identified developers’


  7. Close your ‘Security & Privacy’ settings window.


Actions

This Discussion

Related Content