10-09-2019 01:15 AM - edited 02-21-2020 09:46 PM
I got this error after updating to macOS Catalina. I have tried to install the version 4.6, 4.7, 4.8 but still the same.
"AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network."
Any ideas are welcome.
Solved! Go to Solution.
10-16-2019 11:55 PM
open terminal and do the following (you will need administrator rights on your Mac)
cd /opt/cisco/AnyConnect
10-09-2019 08:22 AM
Are you using a third party certificate on the ASA? if yes is the CA certificate also installed on the Mac?
If no, have you installed the ASA self signed certificate in the Mac?
10-09-2019 09:21 AM
This worked for a user I had who had this issue.
Not sure what changed on Mac with this but on Catalina the user installed the self signed from the firewall. They were then able to connect again!
Thanks!
10-09-2019 10:45 AM
Could you please select the post as the correct answer so we stop monitoring the question if it is solved.
Thank you.
10-13-2019 06:36 PM - edited 10-13-2019 06:39 PM
How to install the self signed from the firewall?
My workmate talked me all certificates should be installed automatically when you connect to the VPN.
10-13-2019 07:26 PM
"Are you using a third party certificate on the ASA? if yes is the CA certificate also installed on the Mac?"
I am not sure. But I have exported the CA certificate from the other Mac and install it on my Mac, unfortunately it still doesn't work.
10-15-2019 09:02 AM
Hello,
I recently updated to MacOS Catalina (v10.15) and since then I am getting this error (Anyconnect cannot confirm if its connected to your secure gateway...) while connecting via vpn (even tried updating to the latest version of VPN client - v4.8.00175).
We do not have any certificate installed on the ASA. Any thoughts on how do I get this working?
04-07-2020 06:43 PM
The problem is that the certificate (either 3rd party signed or self-signed) that is loaded on your ASA was created with an RSA key of size lower than 2048:
ASA# sh run ssl ssl trust-point AC_cert Outside ASA# show crypto ca certificates AC_cert Certificate Status: Available Certificate Serial Number: xxxx Certificate Usage: General Purpose Public Key Type: RSA (1024 bits) <<<<<
Starting on MacOS 10.15 (Catalina), those certificates are no longer trusted by Apple and therefore you will receive the error message on AnyConnect
https://support.apple.com/en-us/HT210176 TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits.
Certificates using RSA key sizes smaller than 2048 bits are no longer trusted for TLS.
02-06-2024 12:44 PM
Why shouldn't the AnyConnectLocalPolicy.xml file be edited? Was does editing it do? Any type of vulnerability? explanations please.
10-15-2019 09:42 AM
upgraded to Catalina and got Cisco Anyconnect version 4.8.00175
All certificates are there.
Connection error:
Posture Assessment Failed: Unable to download CSD library. Please try again
Any ideas?
10-16-2019 11:55 PM
open terminal and do the following (you will need administrator rights on your Mac)
cd /opt/cisco/AnyConnect
10-23-2019 03:35 PM
I have tired the suggested change. I get a warning and hit Connect Anyway, and then I go right back to the same error.
Any thoughts on what may still be the problem? This groups is the closest thing I have found. Thanks!
11-06-2019 08:25 AM
Same issue. After updating the XML file, I got the Certificate is from an untrusted source.
I tried Connect Anway (with and without Always Trust Server... checkbox checked)
I just upgraded from macOS 10.14.x to macOS 10.15.1 in place.
I upgrade my AnyConnect client from 4.6.x to 4.8.00175
VPN had been working fine under Mojave.
Reading (now) others are having issues in this forum and around the web.
Any suggestions
11-08-2019 11:30 AM
When I tick the "Always trust this server and import the certificate" checkbox, the login fails -- if I do NOT check that box, the login succeeds for me.
10-25-2019 02:03 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: