I'm having trouble getting this to work, after my upgrade to Mac OS X Lion the Anyconnect client can no longer login. Reinstalling didn't work for me. What are other experiencing?
Solved! Go to Solution.
Thanks for your private messages. I had noticed the Subject Alternate name pattern in the vast majority of problem cases, which I forwarded to the developers.
Please note that version 3.0.3054 has just been posted to Cisco.com which contains the fix for CSCtr64798.
The updated client can be found here:
The current version of Anyconnect is not supported on Lion, sorry. Personally, I have no idea when this can be expected - you may want to check with your CAM.
This is beyond ridiculous guys Are you telling me noone at Cisco bothered to get such an essential software to work with a 10.7 which you would expect EVERYONE would download and install first day after it came out, which is today?
for lion I got via twitter:
Cisco AnyConnect (@AnyConnect)
@mrmouse79 I am not sure what your issue is based on the description, but official support is due out in 3.0.3 (targeted for this week).
3.0.3050 was released on Friday with release notes claiming it supports Lion 10.7
I've tested it several times. No, it doesn't work. Same behavior. Did anyone bother to test it before releasing it?
I too am now using 3.0.3050 but I'm still unsuccesful at connecting from OSX Lion.
"AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again."
..and I cannot use the built-in OSX client because we are not given access to our shared secret or group name.
Can someone from Cisco please help??
Got in touch with TAC engineer. He asked to send him "/var/log/system.log" which shows anyconnect connection process. I retested it with three customers. Two of them don't work, and one actually works. The new Windows Anyconnect works on all three. I sent TAC all three tests. One major difference is that the good one uses premium ssl vpn licenses, and the two bad ones use anyconnect essentials. I'll let you know what I hear.
Can you be more specific regarding the problem? And when the problem started?
I was having trouble with AnyConnect that began about a week before Lion was released. I was running with Snow Leopard and AnyConnect Mobile Security Client 3.0.2052. I started to get 'Certificate Validation Failure' messages. I ended up setting the ASA certificate to be ALWAYS TRUSTED, as it is a self-generated certificate from the ASA. The only 'problem/change' from previous operation is that every time I connect via VPN I need to enter my keychain credentials to allow the AnyConnect app to access the keychain. Even when I chose to ALWAYS TRUST the application, it continues to prompt for the keychain password.
The same ASA client (3.0.2052) is now working with Lion. I have the 3.0.3050 client downloaded but have not installed it yet.
By the way, there is an issue with 10.7 and Java, where 10.7 does not come with a Java runtime. See:
We too have a self cooked certificate although it is part of a CA chain. The funny thing is authentication works fine but only afterwards are there SSL related errors - after successful authentication when profiles and updates are being attempted to download. We fixed it as follows as one can override the system certificate store.. it's just really obscurely documented.
1. mkdir -p ~/.cisco/certificates/ca
2. cd ~/.cisco/certificates/ca
3. put the public part of the root CA in that directory. The filename can be anything as long as it ends .pem. Obviously the format has to be PEM.
4. AnyConnect 3.0.3050 works now.