cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
37409
Views
0
Helpful
14
Replies

weblaunch cisco secure Desktop mac os x is not working

alig.norbert
Level 4
Level 4

Hi there,

The weblaunch for Cisco Secure Desktop is not working with MAC OS X 10.7.5 on Safari and Firefox (latest one).

On Windows ist it working properly.

Java is enabled on the browser. With the local installed hostscan it works, but how can the weblauch be enabled for MAC OS X?

Here the error:

Access Denied

Your system failed to be validated by the Cisco Secure Desktop and will not be granted access.

Critical failure.

Cisco Secure Desktop must run and validate your system to proceed. Please verify your browser settings and configuration and retry.

Thank you,

Norbert

14 Replies 14

ihernandez81
Level 1
Level 1

I am having the same issue on Mac OSX 10.8.4. If i install the client (3.1.04059) I can connect fine. We are using aaa and certificate auth. my cert is installed and working since my client works fine. However the web vpn which is how most of our users will be installing the client does not work. I have the file installed on the ASA actually version 3.1.03103) but no known bugs for that version installing from webvpn.

I get the same error as above when trying to connect, I do recall java used to prompt me to accept or run when trying to connect to ASA, i don't see that icon anymore...and now getting this error, any one find a fix?

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115947-dap-adv-functions-00.html

Joshua Engels
Level 1
Level 1

Hey guys,

Any updates on how this was resolved?

Thanks!

Hi there,

I have a TAC case on this...

Will let you know if we got a solution.

Norbert

I checked the Java log and it seems a problem with the Verisign G2 cert.


Sent from Cisco Technical Support iPhone App

gcaudle66
Level 1
Level 1

Any update? I am having the same issue with MAC OS X 10.8.

Correction!!!

It works fine with Firefox, not Safari though. Appears to be a Safari issue.

I worked with TAC and basically the work around for us was to update to the latest code 1st.

Next, disable the host scan requirement in order to allow the MAC to authenticate and install the proper client etc.

conf t
webvpn    
no csd enable
exit

Then, make sure your secure desktop prelogin policy has Mac set to "default" vs "login denied".  default is what mine is set to which gives it a green light to connect.

Once the MAC is connected, reenable the host scan.

conf t
webvpn
csd enable
exit

I have to do this each time I add a MAC

ihernandez81
Level 1
Level 1

I'm using FireFox now and still have Cisco Secure Desktop enabled.

I have a specific DAP for my configuration looking for Antivirus and Mac OS X no specific version.

I have a macbook pro on 10.8.4.

ASA is a 5525

9.0(2) asa version

7.1(2) asdm

I'm now able to get past the initial errors on not verifying my system, but i can't get it to match a DAP for my profile unless all CSD checks are disabled...so defeats the purpose.

Only happening on Mac OS X.

Will need a little more info than that to diagnose exactlt why it is not matching a DAP record. Are you also specifying a AAA attribute to match on? To my knowledge, you must have a "AAA" attribute set to match in order to specify a DAP record. "The security appliance selects DAP records based on the AAA authorization information for the user and posture assessment information for the session."

We are matching the group policy, I can connect from the Mac using the AnyConnect client so the DAP is working correctly now. I have the DAP connection meathod as both default webvpn or clientless.

Only things I'm checking for in DAP is group policy, then OS X and Antivirus for MAC. That's it, yet WebVPN does not launch, i'm stuck at the Access Denied, system failed to be validated by Cisco Secure Desktop. I enabled the Java Plugin when prompted...same issue.

This doesn't work in Safari or FireFox.

Access Denied

Your system failed to be validated by the Cisco Secure Desktop and will not be granted access.

Critical failure.

Cisco  Secure Desktop must run and validate your system to proceed. Please  verify your browser settings and configuration and retry.

Hi,

A couple of things here:

1- You dont have to disable CSD globally. Simply create a new tunnel-group, define a specific group-url and then check the option "Do not run CSD", then have your Mac users connect to it.

2- Have you tried with Host Scan instead of CSD?

HTH.

Ok I got it to work, and tried to post my fix here but Cisco website keeps telling me I can't post it for some reason???

It was a java issue, using 7u51 you have to add the address of your sslvpn fw to the list in java for mac in the security tab.

wow that totally fixed my issue!  Thanks so much for sharing that solution!!!

How do you are checking for Antivirus on Mac OSX? I want to configure this also.

 

Best regards,

Alcides

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: