Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
5
Replies

PC can have connection, but why cannot MAC have Anyconnect VPN ?

Go to solution
eigrpy
Level 4
Level 4

‎07-29-2015 11:49 AM - edited ‎02-21-2020 08:22 PM

Hi, We have MAC and PC users. Both users could reach inside network through ASA and Anyconnect VPN. however, MAC users cannot have connection(Please see screenshot in attachment). The output of command show run webvpn is below:

 

act(config-webvpn)# sh run webvpn 
webvpn
 enable outside
 enable inside
 csd image disk0:/csd_3.5.841-k9.pkg
 anyconnect image disk0:/anyconnect-win-3.1.04066-k9.pkg 1
 anyconnect enable
 tunnel-group-list enable
 auto-signon allow ip 0.0.0.0 0.0.0.0 auth-type all

The configuration lacks "anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg" all the time. we do not think this is reason why MAC users cannot reach the inside network because we do not have this command for long time. Any one can give suggestion ? Thank you. 

 

Labels:
Preview file
56 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎07-29-2015 01:03 PM

The best practice is that we have the anyconnect images on the ASA for all the OS.

Please add this command :

webvpn
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2

Then share the output of show run webvpn and try connecting again.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts. 

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to eigrpy

‎07-29-2015 02:02 PM

> The question is the command for MAC was not there for long time. Why could it work when the command was not there ?

I'm not sure, but I remember that in older releases it was not needed to have *all* images installed in flash. Perhaps that changed sometime. Did you upgrade your ASA recently before the problems started?

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Karsten Iwen
VIP
VIP

‎07-29-2015 12:59 PM

You have to install images for all needed desktop-os. Here, add the Mac-image with sequence "2" and the Mac users should be able to connect.

0 Helpful

Go to solution
eigrpy
Level 4
Level 4
In response to Karsten Iwen

‎07-29-2015 01:55 PM

Hi Thank you two! It work out. The following is its output.

The question is the command for MAC was not there for long time. Why could it work when the command was not there ?

 

 

----------------

act(config-webvpn)# sh run webvpn

webvpn

enable outside

enable inside

no anyconnect-essentials

csd image disk0:/csd_3.5.841-k9.pkg

anyconnect image disk0:/anyconnect-win-3.1.04066-k9.pkg 1

anyconnect image disk0:/anyconnect-macosx-i386-3.1.05170-k9.pkg 2

anyconnect enable

tunnel-group-list enable

  auto-signon allow ip 0.0.0.0 0.0.0.0 auth-type all

 

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to eigrpy

‎07-29-2015 02:02 PM

> The question is the command for MAC was not there for long time. Why could it work when the command was not there ?

I'm not sure, but I remember that in older releases it was not needed to have *all* images installed in flash. Perhaps that changed sometime. Did you upgrade your ASA recently before the problems started?

0 Helpful

Go to solution
eigrpy
Level 4
Level 4
In response to Karsten Iwen

‎07-29-2015 02:32 PM

I think you are right. I need to confirm if the ASA was upgraded recently. Thank you again.

0 Helpful

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎07-29-2015 01:03 PM

The best practice is that we have the anyconnect images on the ASA for all the OS.

Please add this command :

webvpn
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2

Then share the output of show run webvpn and try connecting again.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts. 

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful
Customers Also Viewed These Support Documents