Showing results for 
Search instead for 
Did you mean: 

AnyConnect compatibility with macOS High Sierra (10.13)

Cisco Employee

We're pleased to announce that AnyConnect is macOS High Sierra (10.13) compatible.

Our recommended version for High Sierra is 4.5MR2 (4.5.02033), available today 9/25/17. This version includes additional guidance to ensure that the AnyConnect Kernel Extension (KEXT) is properly approved by the end user. This is a new requirement in High Sierra.

4.4MR4 and 4.5MR1 have also been tested for High Sierra compatibility, but will provide no further guidance to the end user (beyond the single OS prompt) that manual steps are required to provide full AnyConnect capabilities. Additionally, with these older (compatible) AnyConnect releases, a reboot may be required after manually approving the AnyConnect extension to continue to run. This step is not required with 4.5MR2.

Note: Customers using Host Scan must be running version 4.3.5038 or later of the module in order to detect the presence of the macOS 10.13 firewall.

We will continue to look at any way we can optimize this experience in subsequent maintenance releases.

Please direct any questions to


Same here...Running Cisco VPN 4.6, worked on 10.13.3, upgraded to 10.13.4 and started receiving the above error "AnyConnect cannot confirm it is connected to your secure gateway.  The local network may not be trustworthy.  Please try another network.". 

Anyconnect VPN also failed connection with the same error  after formatting and  re-installing 10.13.4 (where the Anyconnect VPN client v.4.6 is the ONLY 3rd party software running on it). 

Cisco Employee

Please generate a DART (Diagnostic report) and send to with this information.




Cisco Employee

Safari seems unhappy with your self-signed cert, it reports:

"certificate is using a broken signature algorithm".

Not yet sure what is terribly wrong with your self signed cert, but that is likely why we cannot operate

A workaround while we investigate what changed in 10.13.4 would be to get a real trusted cert on your head-end, which is good security practice nonetheless.

You can see this error yourself by opening up Safari, going to your head-end https://fqdn Click Show Details then click "View this certificate"



My pc is running on MacOS High Sierra 10.13.4 and the Cisco Anyconnect version is 4.2.01022. Configured the certificate but ended up with the message "Login denied. Your environment does not meet the access criteria defined by your administrator." Does this error has anything to do with compatibility issue? Please let me know. FYI, my friends have been using this without any error and we are on the same network.

Cisco Employee

Please ask your IT Department to upgrade you and the Host Scan configuration to AnyConnect 4.6. They do not have you on a version of AnyConnect which is supported with 10.13.x, nor are they running a version of the Host Scan module which includes checks compatible with 10.13.x.