Showing results for 
Search instead for 
Did you mean: 

Anyconnect not working for Mac OS X users


I have AnyConnect newly configured on my ASA 5550, running 8.2.x code; however, Mac users cannot connect using the Apple client, nor using the Cisco AnyConnect client - they are getting a "posture error" of some kind or the laptop is failing some kind of machine profiling.

Help - I have no Apple OS experience on this.



3 Replies 3

Richard Burts
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru


My first suggestion would be to ask you to confirm that you do have the MAC versions of the client loaded and configured on the ASA.

My second suggestion would be that we might be able to find more about the problem if you post the relevant parts of the ASA config.





Thanks for your reply;

Here are the relevant parts of the ASA config:

crypto ipsec transform-set fdoe3desset esp-3des esp-md5-hmac

crypto ipsec transform-set doe-sha esp-3des esp-sha-hmac

crypto ipsec transform-set des-sha esp-des esp-sha-hmac

crypto ipsec transform-set remoteset esp-des esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map fdoedynmap 65530 set transform-set remoteset

crypto dynamic-map fdoedynmap 65530 set security-association lifetime seconds 7200

crypto map remotemap 65535 ipsec-isakmp dynamic fdoedynmap

crypto map remotemap interface outside

crypto ca trustpoint ASDM_TrustPoint0

enrollment terminal

subject-name ------------------

keypair doesslkey

crl configure

crypto ca trustpoint ASDM_TrustPoint1

enrollment terminal

subject-name --------------------

crl configure

crypto isakmp identity address

crypto isakmp enable outside

crypto isakmp policy 20

authentication pre-share

encryption des

hash md5

group 2

lifetime 3600

** snip **

crypto isakmp policy 70

authentication pre-share

encryption 3des

hash md5

group 1

lifetime 28800

crypto isakmp policy 65535

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400


enable outside

csd image disk0:/csd_3.6.6203-k9.pkg

csd enable

svc image disk0:/anyconnect-win-3.0.10055-k9.pkg 1

svc image disk0:/anyconnect-macosx-i386-3.1.00495-k9.pkg 2

svc image disk0:/anyconnect-linux-3.0.10055-k9.pkg 3

svc enable

group-policy fdoe_vpn internal

group-policy fdoe_vpn attributes

wins-server value xx.xx.xx.xx

dns-server value yy.yy.yy.yy

vpn-idle-timeout 240

vpn-session-timeout 720

vpn-tunnel-protocol IPSec svc

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split

default-domain value

The user has an AnyConnect client installed on his Apple laptop; I wasn't aware that there was a component that needed to be installed in the ASA for AnyConnect clients to work. Am I confusing AnyConnect with another web SSL VPN application for the ASA 5550?

Richard Burts
Hall of Fame Guru