cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6683
Views
0
Helpful
14
Replies

VPN Client on Macintosh

dianewalker
Level 1
Level 1

The user is running Macintosh, Leopard 10.5.8.  It is a MacBook Pro.  I tried to download the VPN client for the Mac, version 4.9.01.0180.  When the VPN client has finished downloading to the desktop and we are ready to install the VPN client, the laptop is locked up.  The user had to Force Quit the computer before the Mac can restart.  It looks like this VPN client is not compatible with this version of Macintosh. Have you run into this type of problems before?  Do you have any suggestion on how to install the Cisco VPN client for Macintosh, ver. 10.5.8?

Thanks.

Diane

6 Accepted Solutions

Accepted Solutions

stevebohrer
Level 1
Level 1

We have not yet hit issues with OS 10.5, but our use of the VPN Client is pretty basic. However, as far as I can tell, this form of the VPN client seems on the way out: No Mac version version v5.x client has been provided, and, on the Windows side, no 64-bit support.

In the release notes for the latest Windows version ( http://www.cisco.com/en/US/customer/docs/security/vpn_client/cisco_vpn_client/vpn_client5006/release/notes/vpnclient5006.html#wp75888) Cisco says, "For x-64 support, customers should explore with  their Cisco sales representative the use of the next-generation Cisco  AnyConnect VPN Client."

As instructed I contacted my rep, and he wrote "The nice part of the current IPSec client is that it is essentially free and there are version that will support both Windows XP, Vista, & 7 32-bit and OS X up to 10.6 at least.  But yes Cisco appears to have used the flip to 64-bit Windows OS’s as a reason to discontinue development for the IPSec client.

On the other hand the SSL client is pretty slick and can be configured to auto-install and auto-update for authorized users.  In many ways from a support standpoint this is probably the way to go if you plan on larger deployment numbers.

The downside is that more than 2 concurrent SSL connections to an ASA is a licensed feature add-on, I believe the next level up is 25 concurrent users."

I'm taking his statement of "OS X up to 10.6 at least" as a bit of a hand-wave, since Cisco's latest release notes on the Mac client don't mention either 10.5 or 10.6, but instead make a big deal about how they now support Intel processors and have dropped support for 10.3.9; this is not particularly current news, despite the revision date on these notes of Dec 2009.  ( http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client49/release/notes/49client.pdf )

So, seems like we're being shoved toward AnyConnect to get support for current OSes. I can only assume the reason for this is to get us to buy licenses rather than using the "free" (with purchase of an ASA!)  IPSec VPN Client.

Steve

View solution in original post

Correct that AnyConnect is the current way to go.  Also correct that ASA only comes with 2 seats.

However- 250 seats on an ASA5510 is only about $100! (Basically free in the Cisco world)

You need to be running 8.2.  See this link for more info and part numbers for various ASA models.

https://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-526545.html

The license is called AnyConnect Essentials.

Brandon

-- please remember to rate and mark answered helpful posts --

View solution in original post

Brandon Svec
Level 7
Level 7

I should have asked what VPN server you are using?  I have configured built in VPN client on 10.6 to conenct via IPSEC on my ASA 5510.

If you can, I would try AnyConnect.  It is simple to setup and deploy for basic VPN needs.

Brandon

-- please remember to rate and mark answered helpful posts --

View solution in original post

I am not expert on this, but from the link:

• Cisco AnyConnect Essentials: This feature offers basic AnyConnect

tunneling support for customers who require VPN remote access but do not

need Cisco Secure Desktop features or clientless SSL VPN capabilities.

AnyConnect Essentials supports mobile connectivity options with the

AnyConnect Mobile license. Upgrade to the full-featured AnyConnect Premium

license (traditional AnyConnect) is available by applying a traditional

AnyConnect license or shared license to the ASA appliance.

So if you don't need secure desktop or clientless VPN this should be OK for

you. I think it also would not support voip because that requires vpn user

to user traffic which is likely not included.

If you have a part # I can tell you a cost. Essentials is basically free

wheras the full VPN licenses tend to be 5 digits in price..

Brandon

On Thu, Feb 18, 2010 at 12:13 PM, dianewalker <

-- please remember to rate and mark answered helpful posts --

View solution in original post

Yes, that looks correct to me. It should cost about $250 or so for 5000

concurrent users.

Quite a bargain in the Cisco world..

Brandon

On Fri, Feb 19, 2010 at 2:26 PM, dianewalker <

-- please remember to rate and mark answered helpful posts --

View solution in original post

Sorry I did not follow up to the forum. I got prices for the "full" SSL VPN license for the 5500 series of 10 users @ $850, 25 users @ $2,105. For the AnyConnect Essentials version, 250 concurrent users for $102. Part number was L-ASA-AC-E-5510.

However, for now we are not doing anything, because the plain VPN client has been working for okay our 10.5 and 10.6 macs, and they just added a 64-bit Win version.

Steve

View solution in original post

14 Replies 14

stevebohrer
Level 1
Level 1

We have not yet hit issues with OS 10.5, but our use of the VPN Client is pretty basic. However, as far as I can tell, this form of the VPN client seems on the way out: No Mac version version v5.x client has been provided, and, on the Windows side, no 64-bit support.

In the release notes for the latest Windows version ( http://www.cisco.com/en/US/customer/docs/security/vpn_client/cisco_vpn_client/vpn_client5006/release/notes/vpnclient5006.html#wp75888) Cisco says, "For x-64 support, customers should explore with  their Cisco sales representative the use of the next-generation Cisco  AnyConnect VPN Client."

As instructed I contacted my rep, and he wrote "The nice part of the current IPSec client is that it is essentially free and there are version that will support both Windows XP, Vista, & 7 32-bit and OS X up to 10.6 at least.  But yes Cisco appears to have used the flip to 64-bit Windows OS’s as a reason to discontinue development for the IPSec client.

On the other hand the SSL client is pretty slick and can be configured to auto-install and auto-update for authorized users.  In many ways from a support standpoint this is probably the way to go if you plan on larger deployment numbers.

The downside is that more than 2 concurrent SSL connections to an ASA is a licensed feature add-on, I believe the next level up is 25 concurrent users."

I'm taking his statement of "OS X up to 10.6 at least" as a bit of a hand-wave, since Cisco's latest release notes on the Mac client don't mention either 10.5 or 10.6, but instead make a big deal about how they now support Intel processors and have dropped support for 10.3.9; this is not particularly current news, despite the revision date on these notes of Dec 2009.  ( http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client49/release/notes/49client.pdf )

So, seems like we're being shoved toward AnyConnect to get support for current OSes. I can only assume the reason for this is to get us to buy licenses rather than using the "free" (with purchase of an ASA!)  IPSec VPN Client.

Steve

Correct that AnyConnect is the current way to go.  Also correct that ASA only comes with 2 seats.

However- 250 seats on an ASA5510 is only about $100! (Basically free in the Cisco world)

You need to be running 8.2.  See this link for more info and part numbers for various ASA models.

https://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-526545.html

The license is called AnyConnect Essentials.

Brandon

-- please remember to rate and mark answered helpful posts --

Brandon,

Thanks for your response.  Can you tell me briefly the difference between Anyconnect Essentials and AnyConnect SSL client?  Do you have any ideas how much would AnyConnect SSL client cost?

Thanks.

Diane

I am not expert on this, but from the link:

• Cisco AnyConnect Essentials: This feature offers basic AnyConnect

tunneling support for customers who require VPN remote access but do not

need Cisco Secure Desktop features or clientless SSL VPN capabilities.

AnyConnect Essentials supports mobile connectivity options with the

AnyConnect Mobile license. Upgrade to the full-featured AnyConnect Premium

license (traditional AnyConnect) is available by applying a traditional

AnyConnect license or shared license to the ASA appliance.

So if you don't need secure desktop or clientless VPN this should be OK for

you. I think it also would not support voip because that requires vpn user

to user traffic which is likely not included.

If you have a part # I can tell you a cost. Essentials is basically free

wheras the full VPN licenses tend to be 5 digits in price..

Brandon

On Thu, Feb 18, 2010 at 12:13 PM, dianewalker <

-- please remember to rate and mark answered helpful posts --

Brandon,

Thanks for your response and info.  So, basically AnyConnect and AnyConnect Essentials are the same in term of configurations.  The only difference is AnyConnect would require a large amount of money to buy licenses and AnyConnect Essentials licenses are free.  I don't need Secure Desktop and VoIP.  So, I guess AnyConnect Essentials would work for me.  I have ASA 5550 VPN Premium License.  Do I contact my Rep to get AnyConnect Essentials free license?

Thanks.

Diane

Yes, that looks correct to me. It should cost about $250 or so for 5000

concurrent users.

Quite a bargain in the Cisco world..

Brandon

On Fri, Feb 19, 2010 at 2:26 PM, dianewalker <

-- please remember to rate and mark answered helpful posts --

Steve,

Thanks for your response and information.  Have you used SSL clientless?  What is your opinion about SSL clientless and AnyConnect?

Thanks.

Diane

Brandon Svec
Level 7
Level 7

I should have asked what VPN server you are using?  I have configured built in VPN client on 10.6 to conenct via IPSEC on my ASA 5510.

If you can, I would try AnyConnect.  It is simple to setup and deploy for basic VPN needs.

Brandon

-- please remember to rate and mark answered helpful posts --

Brandon,

I have ASA 5550.  Have you used SSL clientless?  What is your opinion about SSL clientless and AnyConnect?

Thanks.

Diane

Clientless is really useless for my needs, but it depends on what you want

to do..

Brandon

On Thu, Feb 18, 2010 at 12:16 PM, dianewalker <

-- please remember to rate and mark answered helpful posts --

Brandon,

Thanks for the info. After your first post I asked my rep for a quote on AnyConnect, and it was thousands for 10 users. However, I'll try again, and specify the "Essentials" version, as we're small enough that the manual installation of the basic VPN client has worked well for us.

Steve

Stephen,

Did you ever find out the quote for AnyConnect Essentials?  Thanks.

Diane

Sorry I did not follow up to the forum. I got prices for the "full" SSL VPN license for the 5500 series of 10 users @ $850, 25 users @ $2,105. For the AnyConnect Essentials version, 250 concurrent users for $102. Part number was L-ASA-AC-E-5510.

However, for now we are not doing anything, because the plain VPN client has been working for okay our 10.5 and 10.6 macs, and they just added a 64-bit Win version.

Steve

Thanks very much for your prompt reply and information, Steve.

Diane

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: