The weblaunch for Cisco Secure Desktop is not working with MAC OS X 10.7.5 on Safari and Firefox (latest one).
On Windows ist it working properly.
Java is enabled on the browser. With the local installed hostscan it works, but how can the weblauch be enabled for MAC OS X?
Here the error:
I am having the same issue on Mac OSX 10.8.4. If i install the client (3.1.04059) I can connect fine. We are using aaa and certificate auth. my cert is installed and working since my client works fine. However the web vpn which is how most of our users will be installing the client does not work. I have the file installed on the ASA actually version 3.1.03103) but no known bugs for that version installing from webvpn.
I get the same error as above when trying to connect, I do recall java used to prompt me to accept or run when trying to connect to ASA, i don't see that icon anymore...and now getting this error, any one find a fix?
I worked with TAC and basically the work around for us was to update to the latest code 1st.
Next, disable the host scan requirement in order to allow the MAC to authenticate and install the proper client etc.
no csd enable
Then, make sure your secure desktop prelogin policy has Mac set to "default" vs "login denied". default is what mine is set to which gives it a green light to connect.
Once the MAC is connected, reenable the host scan.
I have to do this each time I add a MAC
I'm using FireFox now and still have Cisco Secure Desktop enabled.
I have a specific DAP for my configuration looking for Antivirus and Mac OS X no specific version.
I have a macbook pro on 10.8.4.
ASA is a 5525
9.0(2) asa version
I'm now able to get past the initial errors on not verifying my system, but i can't get it to match a DAP for my profile unless all CSD checks are disabled...so defeats the purpose.
Only happening on Mac OS X.
Will need a little more info than that to diagnose exactlt why it is not matching a DAP record. Are you also specifying a AAA attribute to match on? To my knowledge, you must have a "AAA" attribute set to match in order to specify a DAP record. "The security appliance selects DAP records based on the AAA authorization information for the user and posture assessment information for the session."
We are matching the group policy, I can connect from the Mac using the AnyConnect client so the DAP is working correctly now. I have the DAP connection meathod as both default webvpn or clientless.
Only things I'm checking for in DAP is group policy, then OS X and Antivirus for MAC. That's it, yet WebVPN does not launch, i'm stuck at the Access Denied, system failed to be validated by Cisco Secure Desktop. I enabled the Java Plugin when prompted...same issue.
This doesn't work in Safari or FireFox.
A couple of things here:
1- You dont have to disable CSD globally. Simply create a new tunnel-group, define a specific group-url and then check the option "Do not run CSD", then have your Mac users connect to it.
2- Have you tried with Host Scan instead of CSD?
Ok I got it to work, and tried to post my fix here but Cisco website keeps telling me I can't post it for some reason???
It was a java issue, using 7u51 you have to add the address of your sslvpn fw to the list in java for mac in the security tab.