On this page:
- I did the following to solve the issue: Cleaned all entries in the registry for both AnyConnect and Cisco. Ran DriverStoreExplorer.v0.8.4.2 that allows you to delete old drivers without touching the registry.
- I am a consultant and have several clients that use AnyConnect. Every time I connect to a new client I have to enter the URL and my username for that specific VPN.
Openconnect is a VPN client, that utilizes TLS and DTLS for secure session establishment, and is compatible with the CISCO AnyConnect SSL VPN protocol.
Primer
This guide will assist with the installation of the Cisco AnyConnect VPN client for Windows (Vista, 7, 8.1 and 10).
Installation
You need administrator level account access to install this software. When prompted with Windows UAC (User Access Control) you need to allow to install this software.
- Download the VPN installer from MIT's download page, Cisco AnyConnect VPN Client for Windows. Note:MIT certificates required.
- Find and double click the downloaded file named 'anyconnect-win-4.5.XXXXXX.exe', where XXXXXX is the sub-version number of the installer.
- On the following screen titled 'Welcome to the Cisco AnyConnect Secure Mobility Client Setup Wizard', click Next.
- When presented with the software license agreement, click I accept on the slide-down menu and click Next.
- Click Install when prompted (Note: the user must be an administrator of the machine to install).
Note: You may be warned the program comes from an unknown publisher and asked to confirm that you want to allow it to make changes to your computer. Click Yes to continue. - When installer begins installation you will see
- Click Finish when prompted to complete installation.
Connect
- Launch Cisco AnyConnect.
- Enter the address of the MIT Cisco VPN:
- Duo (two-factor authentication) required users must use: vpn.mit.edu/duo.
- Non-Duo (single-factor authentication): vpn.mit.edu
- Click Connect.
- When prompted, enter your MIT username and password.
- For Duo users, in the field labeled 'Second Password' you can enter one of the following options:
- push - Duo will send a push notification to your registered cell phone with the Duo Security mobile app installed
- push2 - Duo will send a push notification to your _second registered device with the Duo Security mobile app installed_
- sms - Duo will send an SMS to your registered cell phone
- phone - Duo will call your registered cell phone
- phone2 - Duo will call your second registered cell phone
- The one time code generated by your hardware token or the Duo Security mobile app (the code changes ever 60 seconds)
In this example, we've entered 'push' in the 'Second Password' field.
Sometimes methods with lag time, like Call, will time out before allowing you to complete Duo Authentication. SMS and one time codes generated by your hardware token (yubikey) or the Duo Security mobile app are the fastest methods and can help you avoid time-out issues.'How to call different devices'
If you have multiple devices that can use the same method, for instance two mobile phones or two phones that can receive phone calls, you can reference them by different numbers. For instance, to call the top device on your managed devices page (http://duo.mit.edu), you can use 'phone' (for the default) or 'phone1' to call the second phone, you can use 'phone2'.
- In this example, you will receive a push notification on your cell phone. Click Approve.
- Cisco AnyConnect should now present you with the MIT VPN banner and the VPN connection will complete.
A client requires that I connect via the 'Cisco AnyConnect Secure Mobility Client', through which I enter servername, username and password. It works. But I'd like to use the Build-in VPN settings provided by Mac OS-X (Sierra) instead. Here I have three options (L2TP, Cisco IPSec or IKEv2). I've tried the Cisco IPSec option and entered the server name and credentials that I have working with Cisco AnyConnect, but this is not working.
So my question; Is it only possible to use the Cisco Client? It's not very user friendly and doesn't allow to remember the password (I guess that's why I have to use it) ...
Hennes2 Answers
I'll bet your client's IT security group set the VPN standard and require the use of the Cisco client to connect to their network. Many companies do this. If you don't use it, likely you won't connect, or if you do you could find yourself disconnected, flagged as a security breach.... And if you have to use any shared files or resources on the client's network, it's likely that only through the Cisco client will this be allowed. With all that....
Here's the link to Cisco's support page for the AnyConnect client.
Now, you've installed the package on your Mac, you've got login credentials. Your client should have given you configuration settings to go with your credentials. The logs for the client are in /opt/cisco/vpn -- you should look in there and see what/any error messages you are getting.
Your connection options are Layer 2 tunneling (L2TP), IPSec and IKE42 (IKE is Internet Key Exchange). Per Cisco's support pages you need 4.3 MR3 for Sierra to work, do you have that installed? Once you've checked that out, then I'd set it for IPSec and try to connect.
If you continue to have problems, you should contact your client's IT group; I've seen odd parameters with VPN's and you want to make sure you have all the information you need.
Anyconnect can use IPSec or SSL VPN connections. This is determined by your infrastructure design. OSX does not natively support SSL VPN, so if that's your company uses then you cannot use the native OSX VPN options.
For any connect to remember the password, it also has to be set by your company on the server side. The any connect client checks with the server to enable or disable password saving.
Download Cisco Anyconnect Vpn Client For Mac
