![Cisco anyconnect vpn for mac Cisco anyconnect vpn for mac](/uploads/1/2/6/0/126078781/346834357.jpg)
Try entering your username (if you haven’t tried that already). If you recently created your account or changed your email address, check your email for a validation link from us.
Active4 years, 1 month ago
Given that OS X now supports (natively) CISCO IPSec VPN connections I am wondering what the requirements for the VPN configuration are on the remote end?
I have evaluated a number of CISCO devices (in the smaller range, such as the ASA 5505 routers, as well as the RV120W and the WRVS4400N devices) and haven't had a lot of luck getting them to talk to the VPN via the built in Client, however when I use something such as IPSecuritas from Lobotomo I am able to establish a connection without any issues.
So what is the ideal configuration to get this working? I would honestly prefer to not have to install a VPN client on my systems and simply use the built in client.
Kenny Rasschaert7,88733 gold badges3535 silver badges5757 bronze badges
Matthew SavageMatthew Savage33311 gold badge66 silver badges1818 bronze badges
3 Answers
Since Apple claims that Cisco VPN is natively supported, and it is explained in detail here, my guess would be a VPN configuration issue or mismatch.
It may be a matter of matching the Remote Access VPN setup to the OSX client, instead of the other way around.
adaptradaptr
From my experience, you will have to create a group on the ASA and assign it a password. You then add the user to this group.
In OSX, the account name and password is of the user's. Then under 'Authentication Settings' type in the password (shared secret) for the group you configured on the ASA and type in the name of the group in the 'Group Name' field.
RowellRowell
I've copied and pasted what I hope is the relevant config out of my ASA (5525) where this is working for both AnyConnect and MacOS-native clients. I have expurgated it of localized information, so I may have typoed something along the way. I hope I haven't left anything out. (Look out for
! ***
comments.)The file
disk0:/examplevpn.xml
contains:Replace with the external FQDN and IP address of your ASA.
Then set up your MacOS 'Cisco IPSec' client to use the same shared secret as is found in the 'ikev1 pre-shared-key' line and the group name is the tunnel-group, in this case 'TG_VPN'. The username and password are locally defined in the ASA with lines like:
I'm guessing it's using the local accounts as a result of:
But if you can get this working with local users, you can probably work to get auth set up differently if you need.
I will say that I started with an already-working AnyConnect config and then just added these lines:
to get it to work with the MacOS client. (I also had to expand the split tunnel network access list, but I suspect that that was needed for the AnyConnect users, too.)
wfaulkwfaulkCisco Anyconnect Vpn Client For Mac
5,41877 gold badges3939 silver badges6868 bronze badges