Contents
The Cisco AnyConnect VPN Client is desktop software that secures traffic between your computer and restricted campus services. With the Cisco AnyConnect VPN Client software running in the background, network traffic is automatically routed and encrypted using Datagram Transport Layer Security (DTLS) over SSL or Transport Layer Security (TLS). Basically if i connect with the cisco vpn client on my laptop and do an ipconfig /all it shows the cisco systems vpn adapter info with a mac address of say 00-12-3a-4b-56-78. If i then connect from my home pc with same client and do the ipconfig /all it shows the exact same mac addess as my laptop for the cisco vpn adapter.
- The instructions below are tested on Mac OS 10.7.3 (Lion). Open System Preferences Network from Mac applications menu. Click the '+' button to create a new service, then select VPN as the interface type, and choose L2TP over IPsec from the pull-down menu.
- How to Configure Cisco AnyConnect VPN Client for Mac Overview. Stanford's VPN allows you to connect to Stanford's network as if you were on campus, making access to. Install the VPN client. Download the Cisco AnyConnect installer for Mac. Double-click the InstallAnyConnect.pkg file to.
![Mac Mac](/uploads/1/0/5/9/105990885/928961063.png)
Introduction
This document briefly describes the possible error messages that appear during the installation of AnyConnect VPN client on Apple MAC machines and their corresponding resolutions.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
- Cisco ASA Security Appliance that runs software version 8.x
- Cisco IOS® Router that runs Cisco IOS Software Release 12.4(20)T
- Cisco AnyConnect Client software version 2.x
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Error Messages
This section shows a list of error messages along with the solutions.
Package Corrupt Error Message
When AnyConnect 2.3 is launched from an Apple MAC machine, the Anyconnect Package corrupt or unavailable error message appears and eventually, the connection attempt fails.
Solution
This can be a problem with the absence of the MAC-related AnyConnect package on the flash of the router. Upload the suitable AnyConnect package for MAC in order to resolve this issue. Upload the corresponding AnyConnect package, which depends upon the MAC architecture. For MACs on the Intel processor, you need the i386 macos image and for MACs that run the Power PC processor (PPC) you need the powerpc macos image. These are example packages for your reference:
- anyconnect-macosx-i386-2.5.3055-k9.pkg
- anyconnect-macosx-powerpc-2.5.3055-k9.pkg
Split DNS Issues
When split DNS is enabled on an AnyConnect setup, it is found that all the DNS queries are sent in clear but not tunneled. This is a problem with only the Apple MAC machines and works fine with Windows machines.
Solution
This behavior is observed and filed in Cisco bug ID CSCtf03894 (registered customers only) . In order to resolve this issue, you can upgrade to the AnyConnect release 3.0.4235, which has the Split DNS Functionality Enhancement. As a workaround, you can also use the built-in IPSec VPN client supported by Apple, which does not have this issue.
SVC Error Message
The launch of AnyConnect from a Macbook Pro running OSX Leopard is not successful. The VPN gateway is ASA running 8.0.4. The connection fails and the SVC Message: 16/ERROR: Initialization failure (mem allocfailed, etc.) error message appears.
Solution
This can be a problem with the way the MAC machine attempts to connect to the ASA. First verify if any IPv6 adaptors are enabled on the MAC machine and check if MAC tries to contact ASA over the IPv6 network. If so, it fails as the IPv6 is not supported with AnyConnect. In order to resolve this, disable the IPv6 related services on the MAC machine and try to connect with an IPv4 address.
Web-based Installation Error Message when AnyConnect is Launched on MAC
There are intermittent issues with you launch the AnyConnect version 2.5 on the MAC with OSX 10.5.6. The web-based installation was unsuccessful error message appears. At that time, you are unable to download and install AnyConnect, and the browser used is Firefox. If you reboot the MAC machine, this fixes the issue temporarily, but intermittently, the issue happens again.
Solution
Verify if your VPN gateways are connected in Load-balancer mode. If it is connected, then there could be some DNS cache-related issues that cause improper DNS redirects. In order to resolve this issue, always try to map the DNS URL to connect to one specific VPN gateway only.
MAC OSX 10.6.3 is Unable to get to Internet
When you use the AnyConnect on a MAC machine, you can access the Internal Corporate network but you are unable to browse to the Internet. It neither works by FQDN nor by IP address. There is a proxy server in use for Internet traffic.
Solution
The issue can be due to the length of the PMTU. Verify the existing MTU size on the VPN gateway, for example, ASA and modify it to a lesser value. In this sample output, the mtu size is reduced to 1204 from existing 1400.
AnyConnect on MAC fails to launch to Cisco IOS Router
The attempt to launch AnyConnect in standalone mode to a Cisco IOS® Router running Cisco IOS Software Release 12.4(20)T is unsuccessful. The anyconnect internal error (state: not connected) error message appears.
Solution
Cisco IOS Software Release 12.4(20)T supports AnyConnect on MAC in standalone mode without any problem. In order to resolve this, try to use the complete URL when you connect to the Cisco IOS head-end device. This is a sample URL:
If this issue persists, contact Cisco TAC (registered customers only) for further troubleshooting.
Note: You need to have valid Cisco user credentials to contact Cisco TAC.
Wireless CSSC for an Apple MAC
Currently, the NAM module on the AnyConnect 3.0 product replaces the Cisco Secure Services Client (CSSC). Refer to Network Access Manager (Replacement for CSSC) for more information. There is no current plan to enable NAM to support MAC OSX platform.
Unable to Upgrade Firefox while AnyConnect is Installed on MAC
This error message appears when you upgrade Firefox on Apple machine version 10.6:
On machines that use softtokens, this error message appears:
It is observed that these MAC machines have AnyConnect version 2.5 installed. The current version of Firefox is 3.6.13.
Solution
This behavior has been tested and filed in Cisco bug ID CSCtn93915 (registered customers only) . As a workaround, you can try any of these described options.
Cisco Vpn For Mac Download
- Uninstall AnyConnect, upgrade Firefox and then install AnyConnect again.
- Uninstall the current version of firefox then install the new version. All other upgrades after this should work fine.
Web-based Installation of AnyConnect Hangs
The authentication phase works fine but the VPN system hangs at the Using Sun Java for installation phase.
Solution
The issue could be with the Java and Web applet settings on the machine. Sometimes, Java gets stuck when you use the web launch with MAC machine. Refer to Cisco bug ID CSCtq86368 (registered customers only) for more information. In order to resolve this issue, follow the below steps.
Cisco Vpn For Mac
- Uninstall AnyConnect.
- Open Java preferences.
- Change to run applets in their own process.
- Drag the 32 bit Java on top.If this does not help, upgrade the AnyConnect client to the latest available release.
Unable to Launch AnyConnect on MAC
You are unable to launch AnyConnect on the MAC machine due to certain incompatible software. What are other options to use this MAC machine as a remote access VPN client?
Solution
Refer to What options do I have for providing remote access to Mac users? for more information. Refer to IPSec VPN client for Apple MAC for more information and complete details.
Unable to Download the MAC AnyConnect Package
There are issues when you download the AnyConnect for MAC software from Cisco.com.
Solution
Open the Cisco AnyConnect VPN Client home page and click on Download Software (registered customers only) on the right hand side of the web page. Choose the required software package and download with valid Cisco user credentials.
Related Information
Configuring an IPSEC VPN using the MAC Built in Client to RV32x Series Router
Objective
The objective of this document is to show users how to use the MAC Built in client to connect to an RV32x Router.
Applicable Devices | Software Version
- RV320 | 1.3.2.02
- RV325 | 1.4.2.22
Introduction
An Internet Protocol Security Virtual Private Network (IPSEC VPN) allows you to securely obtain remote resources by establishing an encrypted tunnel across the internet. The MAC built-in client, is a built in Client available on all MACs that allows you to connect to the VPN using IPSEC. The RV32x routers work as IPSEC VPN servers and support the MAC built-in client.
This document has two parts:
- Configure RV32x Series Router
- Configure MAC built-in Client
Configure RV32x Series Router:
We will start by configuring the Client-to-Site VPN on the RV32x series router.
Step 1
Log in to the router using valid credentials.
Step 2
Navigate to VPN > VPN passthrough. Confirm IPSEC Passthrough is enabled and click Save.
Step 3
Navigate to VPN > Client to Gateway.
Step 4
Select the Easy VPN Option.
Step 5
Configure Tunnel Name, enter a Password, select the WAN interface, and enable the Tunnel and select Tunnel Mode. ClickSave to save the configurations.
Full tunnel mode chosen and password complexity has been disabled.
Step 6
Navigate to VPN > Summary and confirm VPN tunnel has been configured.
Step 7
Confirm the VPN tunnel has been configured.
Step 8
Navigate to User Management and select the add button under User Management table
Step 9
Enter Username,Password, select Group, Domain and click Save.
Cisco Anyconnect Vpn Mac
Configure MAC Built inClient
We will now configure the MAC Built in Client.
Step 1
Navigate to the apple icon in the tool bar. Choose System Preferences.
Step 2
Navigate to Network
Step 3
Go to Add button and then select interface tab will appear.
Step 4
Select Interface as VPN, VPN Type as Cisco IPSec, and enter the Service Name to match the Tunnel name that was configured in your router. Click Create.
Step 5
Navigate to the VPN, enter Server Address, Account Name and Password.
The account name and password are those configured in User Accounts.
Step 6
![Vpn Vpn](/uploads/1/0/5/9/105990885/330418549.png)
Choose Authentication Settings button, the Machine Authentication tab will appear. Enter the Tunnel password key in Shared Secret and Tunnel name in Group Name, press OK.
Step 7
Press Connect, a warning will appear, press Apply.
Step 8
The connection status should show as Connected.
Conclusion
We have configured the Easy VPN tunnel using IPSEC IKEV1 between the RV32X series router and a MAC computer by using the MAC built-in client. It’s important to be sure the tunnel is configured on the router using Easy VPN for this connection and entering the same information on the client side to ensure a connection. Now you are able to connect to your VPN and access the information you may need to access.