cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1487
Views
0
Helpful
3
Replies

MacOS The server certificate received or its chain does not comply with FIPS. A VPN connection will not be established.

kbyrd
Level 2
Level 2

What file do I need to edit to set

<FipsMode>false</FipsMode>
in MacOS X v10.9.2 for AnyConnect

anyconnect-macosx-i386-2.5.2014-k9.pkg

Thanks

3 Replies 3

rahgovin
Level 4
Level 4

You would need to change it in the Anyconnect Local Policy xml file (AnyConnectLocalPolicy.xml). The locations for different OS's are given here:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac09localpolicy.html#wp1055371

Thanks

Rahul

Thanks for the link Rahul.

I am running v3.1.04066

It appears the filename is actuallyAnyConnectLocalPolicy.xsd

However, I'm not sure how to edit this file to disable the FIPS security check. This is what is in the file now related to FIPSMode:

 

   

     

       

         

           

             

             

           

         

       

How would you change this file to disable FIPSMode?

Hi,

This is the schema file for the local policy, not the local policy itself. Looks like the AnyconnectLocalPolicy.xml file is not created by default on installation on Mac and Linux. This should be fixed in the next major Anyconnect release. If you have a Windows machine, can you copy the AnyconnectLocalPolicy.xml from it and put the same in the /opt/cisco/anyconnect folder on the MAC?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: