07-06-2011 06:11 AM - edited 02-21-2020 05:26 PM
I'm having trouble getting this to work, after my upgrade to Mac OS X Lion the Anyconnect client can no longer login. Reinstalling didn't work for me. What are other experiencing?
Solved! Go to Solution.
08-04-2011 06:50 PM
Hi All,
Thanks for your private messages. I had noticed the Subject Alternate name pattern in the vast majority of problem cases, which I forwarded to the developers.
Please note that version 3.0.3054 has just been posted to Cisco.com which contains the fix for CSCtr64798.
The updated client can be found here:
Regards,
Steve.
07-11-2011 01:46 AM
The current version of Anyconnect is not supported on Lion, sorry. Personally, I have no idea when this can be expected - you may want to check with your CAM.
hth
Herbert
07-20-2011 06:08 PM
This is beyond ridiculous guys Are you telling me noone at Cisco bothered to get such an essential software to work with a 10.7 which you would expect EVERYONE would download and install first day after it came out, which is today?
Any(except Lion)Connect?
07-21-2011 06:29 AM
for lion I got via twitter:
Cisco AnyConnect (@AnyConnect)
20.07.11 17:52
@mrmouse79 I am not sure what your issue is based on the description, but official support is due out in 3.0.3 (targeted for this week).
07-25-2011 11:31 AM
3.0.3050 was released on Friday with release notes claiming it supports Lion 10.7
I've tested it several times. No, it doesn't work. Same behavior. Did anyone bother to test it before releasing it?
07-26-2011 12:04 PM
I too am now using 3.0.3050 but I'm still unsuccesful at connecting from OSX Lion.
"AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again."
..and I cannot use the built-in OSX client because we are not given access to our shared secret or group name.
Can someone from Cisco please help??
07-26-2011 05:46 PM
I've had a case opened since Monday 1PM. Had engineer ask some question around 6PM and nothing today. I'm requeueing it.
07-27-2011 07:03 AM
Same here - 3.0.3050 hasn't fixed the issue in Lion. I get the same error.
07-27-2011 07:27 AM
Got in touch with TAC engineer. He asked to send him "/var/log/system.log" which shows anyconnect connection process. I retested it with three customers. Two of them don't work, and one actually works. The new Windows Anyconnect works on all three. I sent TAC all three tests. One major difference is that the good one uses premium ssl vpn licenses, and the two bad ones use anyconnect essentials. I'll let you know what I hear.
07-27-2011 09:25 AM
Can you be more specific regarding the problem? And when the problem started?
I was having trouble with AnyConnect that began about a week before Lion was released. I was running with Snow Leopard and AnyConnect Mobile Security Client 3.0.2052. I started to get 'Certificate Validation Failure' messages. I ended up setting the ASA certificate to be ALWAYS TRUSTED, as it is a self-generated certificate from the ASA. The only 'problem/change' from previous operation is that every time I connect via VPN I need to enter my keychain credentials to allow the AnyConnect app to access the keychain. Even when I chose to ALWAYS TRUST the application, it continues to prompt for the keychain password.
The same ASA client (3.0.2052) is now working with Lion. I have the 3.0.3050 client downloaded but have not installed it yet.
By the way, there is an issue with 10.7 and Java, where 10.7 does not come with a Java runtime. See:
http://support.apple.com/kb/DL1421
-rb
07-27-2011 10:22 AM
We too have a self cooked certificate although it is part of a CA chain. The funny thing is authentication works fine but only afterwards are there SSL related errors - after successful authentication when profiles and updates are being attempted to download. We fixed it as follows as one can override the system certificate store.. it's just really obscurely documented.
1. mkdir -p ~/.cisco/certificates/ca
2. cd ~/.cisco/certificates/ca
3. put the public part of the root CA in that directory. The filename can be anything as long as it ends .pem. Obviously the format has to be PEM.
4. AnyConnect 3.0.3050 works now.
HTH
07-27-2011 12:03 PM
Thank you, Kajtzu, I'll check it out. Can you provide a pointer to where this is documented?
-rb
07-28-2011 01:44 AM
07-28-2011 08:15 PM
This solution worked. Thank you!
I presume this requirements will be removed in the next version.
07-28-2011 09:21 PM
I wouldn't presume anything .... I'd open a ticket with TAC and insist on at least an EE/DE looking at it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide