07-29-2015 11:49 AM - edited 02-21-2020 08:22 PM
Hi, We have MAC and PC users. Both users could reach inside network through ASA and Anyconnect VPN. however, MAC users cannot have connection(Please see screenshot in attachment). The output of command show run webvpn is below:
act(config-webvpn)# sh run webvpn
webvpn
enable outside
enable inside
csd image disk0:/csd_3.5.841-k9.pkg
anyconnect image disk0:/anyconnect-win-3.1.04066-k9.pkg 1
anyconnect enable
tunnel-group-list enable
auto-signon allow ip 0.0.0.0 0.0.0.0 auth-type all
The configuration lacks "anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg" all the time. we do not think this is reason why MAC users cannot reach the inside network because we do not have this command for long time. Any one can give suggestion ? Thank you.
Solved! Go to Solution.
07-29-2015 01:03 PM
The best practice is that we have the anyconnect images on the ASA for all the OS.
Please add this command :
webvpn
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
Then share the output of show run webvpn and try connecting again.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
07-29-2015 02:02 PM
> The question is the command for MAC was not there for long time. Why could it work when the command was not there ?
I'm not sure, but I remember that in older releases it was not needed to have *all* images installed in flash. Perhaps that changed sometime. Did you upgrade your ASA recently before the problems started?
07-29-2015 12:59 PM
You have to install images for all needed desktop-os. Here, add the Mac-image with sequence "2" and the Mac users should be able to connect.
07-29-2015 01:55 PM
Hi Thank you two! It work out. The following is its output.
The question is the command for MAC was not there for long time. Why could it work when the command was not there ?
----------------
act(config-webvpn)# sh run webvpn
webvpn
enable outside
enable inside
no anyconnect-essentials
csd image disk0:/csd_3.5.841-k9.pkg
anyconnect image disk0:/anyconnect-win-3.1.04066-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-3.1.05170-k9.pkg 2
anyconnect enable
tunnel-group-list enable
auto-signon allow ip 0.0.0.0 0.0.0.0 auth-type all
07-29-2015 02:02 PM
> The question is the command for MAC was not there for long time. Why could it work when the command was not there ?
I'm not sure, but I remember that in older releases it was not needed to have *all* images installed in flash. Perhaps that changed sometime. Did you upgrade your ASA recently before the problems started?
07-29-2015 02:32 PM
I think you are right. I need to confirm if the ASA was upgraded recently. Thank you again.
07-29-2015 01:03 PM
The best practice is that we have the anyconnect images on the ASA for all the OS.
Please add this command :
webvpn
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
Then share the output of show run webvpn and try connecting again.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide