Dec 17, 2018 Setup Cisco AnyConnect in Mac OS - get free openvpn www.vpnbone.com.
![Setup Anyconnect Vpn For Mac Setup Anyconnect Vpn For Mac](/uploads/1/2/5/3/125399767/936449949.png)
Given that OS X now supports (natively) CISCO IPSec VPN connections I am wondering what the requirements for the VPN configuration are on the remote end? I have evaluated a number of CISCO devices (in the smaller range, such as the ASA 5505 routers, as well as the RV120W and the WRVS4400N devices) and haven't had a lot of luck getting them to talk to the VPN via the built in Client, however when I use something such as IPSecuritas from Lobotomo I am able to establish a connection without any issues. So what is the ideal configuration to get this working? I would honestly prefer to not have to install a VPN client on my systems and simply use the built in client. I've copied and pasted what I hope is the relevant config out of my ASA (5525) where this is working for both AnyConnect and MacOS-native clients. I have expurgated it of localized information, so I may have typoed something along the way.
I hope I haven't left anything out. (Look out for!. comments.)!. This is a pool of IPs that will be allocated to VPN clients ip local pool PoolVPN 10.255.255.10-10.255.255.250 mask 255.255.255.0!.
These are the networks accessible via the VPN access-list SplitTunnel standard permit 10.0.0.0 255.0.0.0 access-list SplitTunnel standard permit 172.16.0.0 255.240.0.0 access-list SplitTunnel standard permit 192.168.0.0 255.255.0.0 webvpn!. See below for the content of this file anyconnect profiles ExampleVPN disk0:/examplevpn.xml group-policy GPVPN internal group-policy GPVPN attributes wins-server none!. Replace with your internal DNS server dns-server value 192.168.0.255 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless password-storage enable group-lock value TGVPN split-tunnel-policy tunnelspecified ipv6-split-tunnel-policy tunnelspecified split-tunnel-network-list value SplitTunnel!.
![Mac Mac](/uploads/1/2/5/3/125399767/502639882.gif)
Replace with your internal DNS zone default-domain value example.com split-dns none split-tunnel-all-dns disable secure-unit-authentication disable!. Replace with the FQDN of your ASA gateway-fqdn value asa.example.com address-pools value PoolVPN client-access-rule none webvpn anyconnect profiles value ExampleVPN type user anyconnect ask none default anyconnect tunnel-group TGVPN type remote-access tunnel-group TGVPN general-attributes address-pool PoolVPN default-group-policy GPVPN tunnel-group TGVPN webvpn-attributes group-alias TGVPN enable tunnel-group TGVPN ipsec-attributes!. Replace with your own shared secret ikev1 pre-shared-key ThisIsASharedSecret tunnel-group-map default-group IPSecProfile The file disk0:/examplevpn.xml contains: asa.example.com 198.51.100.1 IPsec Replace with the external FQDN and IP address of your ASA. Then set up your MacOS 'Cisco IPSec' client to use the same shared secret as is found in the 'ikev1 pre-shared-key' line and the group name is the tunnel-group, in this case 'TGVPN'. The username and password are locally defined in the ASA with lines like: username user password. encrypted privilege 15 I'm guessing it's using the local accounts as a result of: user-identity default-domain LOCAL But if you can get this working with local users, you can probably work to get auth set up differently if you need. I will say that I started with an already-working AnyConnect config and then just added these lines: tunnel-group TGVPN ipsec-attributes ikev1 pre-shared-key ThisIsASharedSecret to get it to work with the MacOS client.
(I also had to expand the split tunnel network access list, but I suspect that that was needed for the AnyConnect users, too.).