cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2092
Views
0
Helpful
3
Replies

Snow Leopard and AnyConnect reprise

itdeptarxx
Level 1
Level 1

Boy, I'm sure people are getting sick of this discussion.

I have ONE user with a Mac at home.  She's our Web Developer.  She wants to RDP to her main computer (Windows) at the office.

We have an ASA 5510 running our VPN right now, and we're using the AnyConnect client to get all of our other users to connect, however she cannot get the 2.4.0202 client to work on her MAC.  Keeps throwing kernel panics and dying.

I'm going to try the BETA 2.5 that is out there for the client, but if that doesn't work I'd like to fall back on Snow Leopard's built in IPSec VPN client.

My problem is that EVERY piece of documentation I have read about configuring that client talks about a group name and a shared secret key.  This information is supposed to be contained in a .PCF file, but I have searched through new installs of the AnyConnect client, old installs of the AnyConnect client, exploded MSIs of the AnyConnect client package, and I cannot find a .PCF file anywhere.

I can only assume they are not used with this version of the client.  But if that is the case, where do I find the information in our 5510 to fill in the blanks on her Mac?

3 Replies 3

Leo Laohoo
Hall of Fame
Hall of Fame

Cisco Network Admission Control:Interim Workaround forWindows 7 and Mac OS X 10.6 (Snow Leopard) Operating Systems
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/presentation_NAC_Solution_Workaround_for_Win.pdf

@ leolaohoo

Thanks for the information, but I'm not 100% sure it applies to our setup.
Here's a SS of what I see in our interface.  Unfortunately I don't see a "Clean Access" option.

Todd Pula
Level 7
Level 7

A .pcf file is specific to the Cisco IPSec software client.  This file is used to pre-populate or enable certain client-side features.  In a traditional IPSec remote access configuration, the client is configured with a group name and pre-shared key.  AnyConnect works a bit differently using either an alias or group URL to identifty a tunnel group. If no specific tunnel group is specified, the default WebVPN tunnel group will be matched and associated group policy attributes applied to the connection.  AnyConnect has a profile feature in which an XML file is used to tweak client features.  This can be likened to the legacy client .pcf file.  You can read more about AnyConnect profiles at the link below.

As for your Mac OSX user, I would recommend that you uninstall the 2.4.202 client and either install the latest 2.4.1012 or 2.5 Beta clients for testing.  Please document any errors that may occur with the latest client versions so that we can troubleshoot further.

http://www.cisco.com/en/US/partner/docs/security/vpn_client/anyconnect/anyconnect24/administration/guide/ac03features.html