Loading

Friday, October 21, 2011

Cisco AnyConnect VPN Client for Mac

Recently some of our mobile users needed to connect to one of our networks that's protected by a pair of Cisco ASA firewalls.  It was no problem for the Windows users as I already had what I needed in place, however it was a different story for our Mac users.  Since it had been a while since I setup the ASA for AnyConnect for Windows I'd forgotten everything that was needed so I ran into a little trouble.

First, I downloaded the latest AnyConnect VPN client for Mac's from Cisco (anyconnect-macosx-i386-2.5.3055-k9.dmg at the time of this writing), and installed it on a MacBook Pro.

Notes:
  • Of course, you'll have to have a valid SmartNet agreement and account with Cisco to access these files.
  • And, since the Cisco VPN client only runs on 32 bit Mac's, AnyConnect is the only option for 64 bit Mac's.
With the AnyConnect VPN Client installed on the Mac I launched it and tried to connect to my ASA.  Here's when I ran into my first problem, receiving the message,"The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again."


After a little research I realized I needed to upload the accompanying package (.pkg) file to the ASA.  So I headed back to Cisco to download the package file (anyconnect-macosx-i386-2.5.3055-k9.pkg - must match the version of the AnyConnect VPN Client on the Mac).

With that in hand I copied it to the ASA via TFTP, after, of course, dusting off my (FREE!) SolarWinds TFTP Server I haven't used for quite some time.  Here's the (Cisco) IOS command to copy the file via the terminal:
copy tftp:anyconnect-macosx-i386-2.5.3055-k9.pkg disk0:
Of course you'll have to provide the name/IP address of your TFTP server, which will conveniently be asked.

With that in place I tried again to connect.  However, I had the same problem, again receiving the message,"The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again."  WTF?

Oh, yeah, I had to register the Mac AnyConnect package with the ASA's IOS.  Since I already have the Windows AnyConnect package registered as #1, and since most who connect to my ASA are Windows clients I left that in the first position and registered the Mac package second with the following commands:
config terminal
webvpn
svc image disk0:/anyconnect-macosx-i386-2.5.3055-k9.pkg 2
Then, by running show webvpn svc I can see that both the Windows and Mac AnyConnect packages are registered with my ASA.  


And I can successfully connect my Mac clients.  Booyah!!!

Need help adding SSL VPN licenses to your ASA 5500?

No comments:

Post a Comment