cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4074
Views
10
Helpful
5
Replies

Cisco AnyConnect with Symantec Endpoint Protection

mhazem
Level 1
Level 1

Hello everyone,

I have had a problem with Cisco AnyConnect mobility client not connecting to a certain VPN, so here are the details of my issue:

I have recently had my laptop upgraded from a Windows machine to a MacBook Pro 13 running MacOS Mojave. I used to connect to the VPN of a client using Cisco AnyConnect Mobility Client, but changing my machine, it refuses to connect. At first, I was presented with an error message saying that no antivirus program was installed on my machine, so I installed Symantec Endpoint Protection (SEP) -the same antivirus that was installed on my windows machine. Since then, no matter what I do, when I try to connect, I'm presented with an error message saying "Dear *client's name* Vendor session is terminated because your Antivirus service is disabled" even though it's working just fine. I tried updating the antivirus definition, and uninstalling then reinstalling both AnyConnect and SEP, but nothing changed. I also tried connecting from a colleague's Mac (running MacOS High Sierra if that's relevant) and the connection was successful. I'm not sure if it's an OS thing or what.

This issue has been frustrating me for the past week or so, so any help is greatly appreciated.

 

Thanks in advance

5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

There are some specific caveats with AnyConnect and macOS High Sierra and above:

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect47/release/notes/b_Release_Notes_AnyConnect_4_7.html#reference_xjk_kgt_gbb

 

It could also be the headend has an older version of hostscan (the bit that checks for your endpoint AV - related to but separate from the AnyConnect version). Support for macOS with Symantec Endpoint Protection was only added in hostscan 4.3.05033

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect43/release/notes/b_Release_Notes_AnyConnect_4_3.html#reference_yfw_wnj_r1b

@Marvin Rhoads Thanks for your reply. I'm not sure I understand your second point, but I have AnyConnect version 4.6-something so, newer than the version you were talking about. Do you mean that client I'm working with could have an older version?

 

Also, about the issue related to High Sierra and above, my colleague had High Sierra on his machine, and it connected just fine there.

 

Thanks again

Your colleague's Mac may have had the recommended High Sierra changes made already.

 

Regarding hostscan, that's something you'd have to ask the ASA administrator about. The hostscan software and version is separate from the Anyconnect software and version.

Peter Koltl
Level 7
Level 7

Is it a hostscan aka ASA posture?

Or is it a System scan aka ISE posture?

 

Is there a System Scan window in the client?

Yeah I think it’s a host scan, at least that’s what it says