02-17-2019 07:01 AM - edited 02-17-2019 09:20 AM
Hi All
Please advice how to change setting of MAC OS or router if necessary
My company is using Cisco ASR1001-x with IOS: asr1001x-universalk9.16.07.02.SPA.bin.
Due to ASR1001-X doesn't support SSL VPN so I did configure FlexVPN IKEv2. I am following the guide "https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html"
After following configuration, I tested on many OS and see that
+ With Windows 10, with Cisco Anyconnect (anyconnect-win-4.7.00136-predeploy-k9) -> connect successfully, can connect to hosts on VPN side normally (can ping, remote or http to Servers)
+ With Android phone, IOS (IPhone) with Cisco Anyconnect from GG/Apple stores -> connect successfully, can connect to host on VPN side normally (can ping, or access http to Servers)
*** BUT with MAC OS 10.14 (mojave), 10.13 (high sierra) with Cisco Anyconnect (anyconnect-macos-4.7.00136-predeploy-k9.dmg) -> connect successfully. But cannot connect to any hosts on VPN side by all protocols ping/tracert/remote/http....
I did some checking as
1. I used the same profile that was used on Windows 10 but the situation still the same.
2. After VPN connected, with "netstat -rn" I can see the route to VPN on MacOS but I don't know why all connections were fail.
-----------------
Mac:~$ netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.68.254 UGSc 75 2 en0
10.136/16 192.168.102.9 UGSc 0 0 utun1 -> this is the split tunnel route
..
------------
3. On router 1001-X, when I showed "show crypto session detail " I could see the packets increase when ping from MAC OS even the pings were timeout
Inbound: #pkts dec'ed 34 drop 0 life (KB/Sec) 4607997/2711
Outbound: #pkts enc'ed 10 drop 0 life (KB/Sec) 4607999/2711
Please advise how can I do to use Anyconnect VPN on MacOS to ASR1001-x
The link I followed and also mentioned above: "https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html"
Many tks
Hai