06-26-2013 03:56 AM
Hi there,
The weblaunch for Cisco Secure Desktop is not working with MAC OS X 10.7.5 on Safari and Firefox (latest one).
On Windows ist it working properly.
Java is enabled on the browser. With the local installed hostscan it works, but how can the weblauch be enabled for MAC OS X?
Here the error:
Access Denied
Thank you,
Norbert
07-23-2013 09:24 PM
I am having the same issue on Mac OSX 10.8.4. If i install the client (3.1.04059) I can connect fine. We are using aaa and certificate auth. my cert is installed and working since my client works fine. However the web vpn which is how most of our users will be installing the client does not work. I have the file installed on the ASA actually version 3.1.03103) but no known bugs for that version installing from webvpn.
I get the same error as above when trying to connect, I do recall java used to prompt me to accept or run when trying to connect to ASA, i don't see that icon anymore...and now getting this error, any one find a fix?
04-24-2015 05:31 AM
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115947-dap-adv-functions-00.html
08-26-2013 09:02 AM
Hey guys,
Any updates on how this was resolved?
Thanks!
08-26-2013 10:08 PM
Hi there,
I have a TAC case on this...
Will let you know if we got a solution.
Norbert
09-05-2013 02:58 AM
I checked the Java log and it seems a problem with the Verisign G2 cert.
Sent from Cisco Technical Support iPhone App
09-19-2013 11:26 AM
Any update? I am having the same issue with MAC OS X 10.8.
Correction!!!
It works fine with Firefox, not Safari though. Appears to be a Safari issue.
09-19-2013 11:56 AM
I worked with TAC and basically the work around for us was to update to the latest code 1st.
Next, disable the host scan requirement in order to allow the MAC to authenticate and install the proper client etc.
conf t
webvpn
no csd enable
exit
Then, make sure your secure desktop prelogin policy has Mac set to "default" vs "login denied". default is what mine is set to which gives it a green light to connect.
Once the MAC is connected, reenable the host scan.
conf t
webvpn
csd enable
exit
I have to do this each time I add a MAC
10-08-2013 02:58 PM
I'm using FireFox now and still have Cisco Secure Desktop enabled.
I have a specific DAP for my configuration looking for Antivirus and Mac OS X no specific version.
I have a macbook pro on 10.8.4.
ASA is a 5525
9.0(2) asa version
7.1(2) asdm
I'm now able to get past the initial errors on not verifying my system, but i can't get it to match a DAP for my profile unless all CSD checks are disabled...so defeats the purpose.
Only happening on Mac OS X.
10-09-2013 07:29 AM
Will need a little more info than that to diagnose exactlt why it is not matching a DAP record. Are you also specifying a AAA attribute to match on? To my knowledge, you must have a "AAA" attribute set to match in order to specify a DAP record. "The security appliance selects DAP records based on the AAA authorization information for the user and posture assessment information for the session."
02-25-2014 01:58 PM
We are matching the group policy, I can connect from the Mac using the AnyConnect client so the DAP is working correctly now. I have the DAP connection meathod as both default webvpn or clientless.
Only things I'm checking for in DAP is group policy, then OS X and Antivirus for MAC. That's it, yet WebVPN does not launch, i'm stuck at the Access Denied, system failed to be validated by Cisco Secure Desktop. I enabled the Java Plugin when prompted...same issue.
This doesn't work in Safari or FireFox.
Access Denied
02-26-2014 05:28 AM
Hi,
A couple of things here:
1- You dont have to disable CSD globally. Simply create a new tunnel-group, define a specific group-url and then check the option "Do not run CSD", then have your Mac users connect to it.
2- Have you tried with Host Scan instead of CSD?
HTH.
02-27-2014 09:27 AM
Ok I got it to work, and tried to post my fix here but Cisco website keeps telling me I can't post it for some reason???
It was a java issue, using 7u51 you have to add the address of your sslvpn fw to the list in java for mac in the security tab.
06-01-2014 11:08 AM
wow that totally fixed my issue! Thanks so much for sharing that solution!!!
04-24-2015 03:05 AM
How do you are checking for Antivirus on Mac OSX? I want to configure this also.
Best regards,
Alcides
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide