Solved: Cisco AnyConnect 3.0.2 and Mac OS X 10.7

pointless_l · ‎07-06-2011

I'm having trouble getting this to work, after my upgrade to Mac OS X Lion the Anyconnect client can no longer login. Reinstalling didn't work for me. What are other experiencing?

slawford · ‎08-04-2011

Hi All,

Thanks for your private messages. I had noticed the Subject Alternate name pattern in the vast majority of problem cases, which I forwarded to the developers.

Please note that version 3.0.3054 has just been posted to Cisco.com which contains the fix for CSCtr64798.

The updated client can be found here:

http://www.cisco.com/cisco/software/release.html?mdfid=283000185&softwareid=282364313&release=3.0.3054&relind=AVAILABLE&rellifecycle=&reltype=latest&i=rm

Regards,

Steve.

View solution in original post

Herbert Baerten · ‎07-11-2011

The current version of Anyconnect is not supported on Lion, sorry. Personally, I have no idea when this can be expected - you may want to check with your CAM.

hth

Herbert

Roman Rodichev · ‎07-20-2011

This is beyond ridiculous guys Are you telling me noone at Cisco bothered to get such an essential software to work with a 10.7 which you would expect EVERYONE would download and install first day after it came out, which is today?

Any(except Lion)Connect?

Steven Glogger · ‎07-21-2011

for lion I got via twitter:

Cisco AnyConnect (@AnyConnect)

20.07.11 17:52

@mrmouse79 I am not sure what your issue is based on the description, but official support is due out in 3.0.3 (targeted for this week).

Roman Rodichev · ‎07-25-2011

3.0.3050 was released on Friday with release notes claiming it supports Lion 10.7

I've tested it several times. No, it doesn't work. Same behavior. Did anyone bother to test it before releasing it?

CoreyDotCom · ‎07-26-2011

I too am now using 3.0.3050 but I'm still unsuccesful at connecting from OSX Lion.

"AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again."

..and I cannot use the built-in OSX client because we are not given access to our shared secret or group name.

Can someone from Cisco please help??

Roman Rodichev · ‎07-26-2011

I've had a case opened since Monday 1PM. Had engineer ask some question around 6PM and nothing today. I'm requeueing it.

jdsuhr · ‎07-27-2011

Same here - 3.0.3050 hasn't fixed the issue in Lion. I get the same error.

Roman Rodichev · ‎07-27-2011

Got in touch with TAC engineer. He asked to send him "/var/log/system.log" which shows anyconnect connection process. I retested it with three customers. Two of them don't work, and one actually works. The new Windows Anyconnect works on all three. I sent TAC all three tests. One major difference is that the good one uses premium ssl vpn licenses, and the two bad ones use anyconnect essentials. I'll let you know what I hear.

ronbuchalski · ‎07-27-2011

Can you be more specific regarding the problem? And when the problem started?

I was having trouble with AnyConnect that began about a week before Lion was released. I was running with Snow Leopard and AnyConnect Mobile Security Client 3.0.2052. I started to get 'Certificate Validation Failure' messages. I ended up setting the ASA certificate to be ALWAYS TRUSTED, as it is a self-generated certificate from the ASA. The only 'problem/change' from previous operation is that every time I connect via VPN I need to enter my keychain credentials to allow the AnyConnect app to access the keychain. Even when I chose to ALWAYS TRUST the application, it continues to prompt for the keychain password.

The same ASA client (3.0.2052) is now working with Lion. I have the 3.0.3050 client downloaded but have not installed it yet.

By the way, there is an issue with 10.7 and Java, where 10.7 does not come with a Java runtime. See:

http://support.apple.com/kb/DL1421

-rb

KAJ J. NIEMI · ‎07-27-2011

We too have a self cooked certificate although it is part of a CA chain. The funny thing is authentication works fine but only afterwards are there SSL related errors - after successful authentication when profiles and updates are being attempted to download. We fixed it as follows as one can override the system certificate store.. it's just really obscurely documented.

1. mkdir -p ~/.cisco/certificates/ca

2. cd ~/.cisco/certificates/ca

3. put the public part of the root CA in that directory. The filename can be anything as long as it ends .pem. Obviously the format has to be PEM.

4. AnyConnect 3.0.3050 works now.

HTH

ronbuchalski · ‎07-27-2011

Thank you, Kajtzu, I'll check it out. Can you provide a pointer to where this is documented?

-rb

KAJ J. NIEMI · ‎07-28-2011

See http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/administration/guide/ac03features.html#wp1063686

Roman Rodichev · ‎07-28-2011

This solution worked. Thank you!

I presume this requirements will be removed in the next version.

KAJ J. NIEMI · ‎07-28-2011

I wouldn't presume anything .... I'd open a ticket with TAC and insist on at least an EE/DE looking at it.