Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3763
Views
5
Helpful
3
Replies

AnyConnect Mac 4.10 and Big Sur Disconnects

WarrenPilkington
Level 1
Level 1

‎09-29-2021 03:34 AM

Good morning,

Since a recent Big Sur security update across a number of Big Sur versions (11.0 through to 11.6) we've noticed that even with the 4.10 versions of AnyConnect, we've seen some disconnections from the VPN connection, or the client crashes out when attempting to connect.

 

We use Sophos for our Anti-virus solution and manage our Macs through JAMF. 

 

We have a configuration profile set up in JAMF for AnyConnect to ensure that the system and kernel extensions are enabled, and that the socket filter is correctly set up with all the permissions required as per the Cisco Big Sur advisory article (which I should add should really have some example config screens for JAMF as it's the leading Mac management solution.)

 

We've also ensured all the necessary system extensions for Sophos anti-virus are set up as well and that those extensions are enabled by the configuration profile for that.

 

Running systemextensionsctl list shows the following (note how all enabled and active):

3 extension(s)
--- com.apple.system_extension.network_extension
enabled active teamID bundleID (version) name [state]
* * DE8Y96K9QP com.cisco.anyconnect.macos.acsockext (4.10.02086/4.10.02086) Cisco AnyConnect Socket Filter Extension [activated enabled]
* * 2H5GFH3774 com.sophos.endpoint.networkextension (10.1.2/222517) networkextension [activated enabled]
--- com.apple.system_extension.endpoint_security
enabled active teamID bundleID (version) name [state]
* * 2H5GFH3774 com.sophos.endpoint.scanextension (10.1.3/222654) com.sophos.endpoint.scanextension [activated enabled]

 

Sophos and AnyConnect both have a network extension here and both are active.

So far, what we've noted is that one of the following is a short term fix:

  • Reverting AnyConnect back to use the Kernel extension (only for Intel Macs, Kernel extensions not supported on M1 macs)
  • Removing Sophos Anti-Virus and rebooting also works, but again we don't want to leave a Mac vulnerable

Ideally though this needs to be further investigated at Cisco's end to see what the extension actually does and if we can actually ensure that the config specfied in the support article is correct, or it needs updating based on recent OS updates.  We've also got a ticket logged with Sophos so they're already investigating at their end too.

 

Does anyone else have a similar config and how did they resolve it?

5 people had this problem
Labels:
0 Helpful
3 Replies 3

stan.gordon
Level 1
Level 1

‎09-30-2021 05:01 PM - edited ‎09-30-2021 05:01 PM

Adding some additional information related to an alternate version of the client, which still exhibits the behavior as described.

- AnyConnect Mac 4.9.04043

- Using PingID for MFA on VPN connect

- Sophos Home Premium (BYOD) 10.1.4

 

Experiencing significant stability issues, and experiencing entire loss of network connectivity (wired and/or wireless) after disconnect, whether the connection was terminated intentionally or not.

 

These network issues do not occur if I have not connected to the VPN.

 

In a few rare instances I have been able to recover the network by toggling WiFi and disconnecting Ethernet cable, but this rarely works.

 

Setting the network connections down/up via ifconfig doesn't appear to help much.

 

However, if I turn off all networking, kill AnyConnect, and wait a few minutes, sometimes the network is able to find its way back to working, but this may require 5-10 minutes.

 

This "seems" to be more frequent since updating to 11.6, but it is also possible that Sophos has updated itself and I did not notice.

 

The issue for me has become extremely disruptive for the past 2 to 3 weeks (but I haven't updated AnyConnect since last November). 

0 Helpful

medley56
Level 1
Level 1

‎06-07-2022 03:00 PM - edited ‎06-07-2022 03:02 PM

Corroborating this report. This is absolutely crippling my ability to be productive. I lose the ability to resolve hostnames dozens of times per day for up to 5 minutes at a time. Notably, zoom calls are uninterrupted during these periods.

- Mac OS Monterey 12.4 (21F79)

- AnyConnect Mac 4.9.04053

- Running Avira antivirus (tried disabling realtime protection to no avail)

Bouncing my WiFi doesn't help

Waiting long enough, I always regain the ability to resolve hostnames.

Occurs 100% of the time (so far) after disconnecting from VPN. I experience a prolonged period of inability to ping google.com and I ether get timeouts or failure to resolve hostname.

0 Helpful

Saurabh Dhakate
Cisco Employee
Cisco Employee
In response to medley56

‎06-09-2022 10:27 AM

Hi medley56, 

 

Could you check with CDETS CSCwc03545 if you are hitting this? There are couple of workarounds mentioned in the bug notes

Customers Also Viewed These Support Documents