Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4076
Views
10
Helpful
5
Replies

Cisco AnyConnect with Symantec Endpoint Protection

mhazem
Level 1
Level 1

‎12-30-2018 06:47 AM - edited ‎02-21-2020 09:32 PM

Hello everyone,

I have had a problem with Cisco AnyConnect mobility client not connecting to a certain VPN, so here are the details of my issue:

I have recently had my laptop upgraded from a Windows machine to a MacBook Pro 13 running MacOS Mojave. I used to connect to the VPN of a client using Cisco AnyConnect Mobility Client, but changing my machine, it refuses to connect. At first, I was presented with an error message saying that no antivirus program was installed on my machine, so I installed Symantec Endpoint Protection (SEP) -the same antivirus that was installed on my windows machine. Since then, no matter what I do, when I try to connect, I'm presented with an error message saying "Dear *client's name* Vendor session is terminated because your Antivirus service is disabled" even though it's working just fine. I tried updating the antivirus definition, and uninstalling then reinstalling both AnyConnect and SEP, but nothing changed. I also tried connecting from a colleague's Mac (running MacOS High Sierra if that's relevant) and the connection was successful. I'm not sure if it's an OS thing or what.

This issue has been frustrating me for the past week or so, so any help is greatly appreciated.

 

Thanks in advance

Labels:
Preview file
397 KB
0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-31-2018 04:26 AM - edited ‎12-31-2018 04:32 AM

There are some specific caveats with AnyConnect and macOS High Sierra and above:

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect47/release/notes/b_Release_Notes_AnyConnect_4_7.html#reference_xjk_kgt_gbb

 

It could also be the headend has an older version of hostscan (the bit that checks for your endpoint AV - related to but separate from the AnyConnect version). Support for macOS with Symantec Endpoint Protection was only added in hostscan 4.3.05033

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect43/release/notes/b_Release_Notes_AnyConnect_4_3.html#reference_yfw_wnj_r1b

0 Helpful

mhazem
Level 1
Level 1
In response to Marvin Rhoads

‎01-01-2019 06:00 AM

@Marvin Rhoads Thanks for your reply. I'm not sure I understand your second point, but I have AnyConnect version 4.6-something so, newer than the version you were talking about. Do you mean that client I'm working with could have an older version?

 

Also, about the issue related to High Sierra and above, my colleague had High Sierra on his machine, and it connected just fine there.

 

Thanks again

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mhazem

‎01-01-2019 07:15 AM

Your colleague's Mac may have had the recommended High Sierra changes made already.

 

Regarding hostscan, that's something you'd have to ask the ASA administrator about. The hostscan software and version is separate from the Anyconnect software and version.

Peter Koltl
Level 7
Level 7

‎01-01-2019 02:50 PM

Is it a hostscan aka ASA posture?

Or is it a System scan aka ISE posture?

 

Is there a System Scan window in the client?

mhazem
Level 1
Level 1
In response to Peter Koltl

‎01-02-2019 12:24 AM

Yeah I think it’s a host scan, at least that’s what it says

0 Helpful
Customers Also Viewed These Support Documents