Install Mac OSX AnyConnect Package on Cisco Router and on Mac Machine - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Friday, February 15, 2019

Install Mac OSX AnyConnect Package on Cisco Router and on Mac Machine

Symptoms: 
One of my clients reported a Cisco AnyConnect issue. It only happened to his machine and later we found that is because he is using Mac machine. His credential works fine if he uses it at windows machine.

From following screenshot, obviously there is Mac AnyConnect package missing from vpn gateway.


Error Messages:
"VPN
The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again.

Solutions:
Windows package usually installed when WebVPN configured. But Linux package and Mac OSX package may missed at the beginning of installation. To resolve this issue, I followed following steps to get missing package installed:

1. Download missing package and saved to ftp server
It can be found from cisco support download site. Here is a screenshot of which package you should download.


2. Confirm System version and license
VPN-1#show version 
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M3, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 05-Jun-15 12:31 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

VPN-1 uptime is 1 year, 9 weeks, 4 days, 4 minutes
System returned to ROM by power-on
System restarted at 12:53:28 EDT Mon Aug 15 2016
System image file is "usbflash0:c1900-universalk9-mz.SPA.154-3.M3.bin"
Last reload type: Normal Reload
Last reload reason: power-on



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
[email protected].

Cisco CISCO1921/K9 (revision 1.0) with 491520K/32768K bytes of memory.
Processor board ID FJC2023L4AW
2 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
245744K bytes of USB Flash usbflash0 (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*1        CISCO1921/K9          FJC2023L4AW     



Technology Package License Information for Module:'c1900' 

------------------------------------------------------------------------
Technology    Technology-package                  Technology-package
              Current              Type           Next reboot  
------------------------------------------------------------------------
ipbase        ipbasek9             Permanent      ipbasek9
security      securityk9           Permanent      securityk9
data          None                 None           None
NtwkEss       None                 None           None

Configuration register is 0x2102





3. Copy AnyConnect Mac Package from FTP Server to local flash

VPN-1#cd webvpn
VPN-1#dir
Directory of usbflash0:/webvpn/

  389  drw-           0   Aug 1 2016 14:56:12 -04:00  Rogers-SSL-1
  392  -rw-    25162392   Aug 1 2016 15:16:32 -04:00  anyconnect-win-4.3.01095-k9.pkg

251371520 bytes total (89362432 bytes free)


VPN-1#copy ftp://temp:[email protected]/anyconnect-macosx-i386-4.3.02039-k9.pkg flash:

Destination filename [anyconnect-macosx-i386-4.3.02039-k9.pkg]?
Accessing ftp://19.24.11.29/anyconnect-macosx-i386-4.3.02039-k9.pkg...
Loading anyconnect-macosx-i386-4.3.02039-k9.pkg (via GigabitEthernet0): !!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 37997096 bytes]

37997096 bytes copied in 117.644 secs (322984 bytes/sec)
  



4. Install new package into webvpn
After you copy the AnyConnect image to the flash of the Router, it must be installed via command line. Multiple AnyConnect packages can be installed when you specify a sequence number at the end of the installation command; this will allow for the Router to act as headend for multiple client operating systems. When you install the AnyConnect package, it will also move it to the flash:/webvpn/ directory if it was not copied there initially.

VPN-1(config)#crypto vpn anyconnect flash:/anyconnect-macosx-i386-4.3.02039-k9.pkg sequence 2
SSLVPN Package SSL-VPN-Client (seq:2): installed successfully


VPN-1(config)#
VPN-1#wr
Building configuration...
[OK]



VPN-1#sh run | i cry  
service password-encryption
crypto pki trustpoint my-trustpoint
crypto pki certificate chain my-trustpoint
crypto vpn anyconnect usbflash0:/webvpn/anyconnect-win-4.3.01095-k9.pkg sequence 1
crypto vpn anyconnect usbflash0:/webvpn/anyconnect-macosx-i386-4.3.02039-k9.pkg sequence 2
crypto isakmp policy 1




Check package has been installed to flash:/webvpn/ floder. Then you can delete the package under the flash:/ folder
VPN-1#dir
Directory of usbflash0:/

    1  -rw-    75608148   Jun 3 2016 14:13:10 -04:00  c1900-universalk9-mz.SPA.154-3.M3.bin
    2  -rw-        3066   Jun 3 2016 14:24:04 -04:00  cpconfig-19xx.cfg
    3  -rw-        1160  Jul 24 2016 10:58:00 -04:00  1.lic.txt
    4  drw-           0   Jun 3 2016 14:24:34 -04:00  ccpexp
  374  -rw-       22737   Jun 3 2016 14:27:22 -04:00  home.html
  375  -rw-        6914   Aug 1 2016 14:17:20 -04:00  backup-Aug--1-14-17-21.345-EDT-9
  376  -rw-        7578  Jul 24 2016 10:17:38 -04:00  backup--Jul-24-10-17-37.931-EDT-1
  377  -rw-        5775  Jul 24 2016 10:19:10 -04:00  backup--Jul-24-10-19-09.891-EDT-2
  378  -rw-        5755  Jul 24 2016 10:20:34 -04:00  backup--Jul-24-10-20-34.183-EDT-3
  379  -rw-        5901  Jul 24 2016 10:23:12 -04:00  backup--Jul-24-10-23-11.734-EDT-4
  380  -rw-        5939  Jul 24 2016 10:29:20 -04:00  backup--Jul-24-10-29-20.606-EDT-5
  381  -rw-        5939  Jul 24 2016 10:29:42 -04:00  backup--Jul-24-10-29-42.814-EDT-6
  382  -rw-        5939  Jul 24 2016 10:33:52 -04:00  backup--Jul-24-10-33-53.270-EDT-7
  383  -rw-        1154   Aug 1 2016 10:34:22 -04:00  2.lic
  384  -rw-        6007   Aug 1 2016 10:37:02 -04:00  backup-Aug--1-10-37-02.447-EDT-8
  385  -rw-        6907   Aug 1 2016 14:30:08 -04:00  backup-Aug--1-14-30-08.355-EDT-10
  386  -rw-        7617   Aug 1 2016 14:52:22 -04:00  backup-Aug--1-14-52-23.416-EDT-11
  387  -rw-        7595   Aug 1 2016 14:55:26 -04:00  backup-Aug--1-14-55-26.582-EDT-12
  388  drw-           0   Aug 1 2016 14:56:12 -04:00  webvpn
  393  -rw-        7635  Aug 10 2016 22:31:32 -04:00  backup-Aug-10-22-31-32.095-EDT-14
  412  -rw-        9718   Oct 5 2017 16:56:46 -04:00  backup-Oct--5-16-56-46.377-EDT-27
  394  -rw-        6986   Aug 1 2016 14:15:18 -04:00  backup-Aug--1-14-15-18.974-EDT-7
  395  -rw-        6937   Aug 1 2016 14:16:32 -04:00  backup-Aug--1-14-16-32.933-EDT-8
  396  -rw-    25162392   Aug 1 2016 15:07:34 -04:00  anyconnect-win-4.3.01095-k9.pkg
  397  -rw-        7635  Aug 10 2016 22:19:28 -04:00  backup-Aug-10-22-19-29.400-EDT-13
  413  -rw-    24010751  Oct 21 2017 12:33:02 -04:00  anyconnect-macosx-i386-4.3.02039-k9.pkg
  401  -rw-        9487  Jan 19 2017 20:40:16 -05:00  backup-Jan-19-20-40-16.993-EST-21
  402  -rw-        9485   Feb 3 2017 21:37:08 -05:00  backup-Feb--3-21-37-09.347-EST-22
  403  -rw-        9531   Feb 8 2017 18:52:10 -05:00  backup-Feb--8-18-52-10.357-EST-23
  404  -rw-        9599  Mar 22 2017 20:39:00 -04:00  backup-Mar-22-20-39-01.158-EDT-24
  411  -rw-        9598   Apr 5 2017 09:21:20 -04:00  backup-Apr--5-09-21-20.755-EDT-25
  406  -rw-        9660  May 29 2017 10:54:04 -04:00  backup-May-29-10-54-04.085-EDT-26
  415  -rw-        9813  Oct 21 2017 12:43:20 -04:00  backup-Oct-21-12-43-20.905-EDT-28

251371520 bytes total (65351680 bytes free)
VPN-1#cd webvpn
VPN-1#dir
Directory of usbflash0:/webvpn/

  389  drw-           0   Aug 1 2016 14:56:12 -04:00  R-SSL-1
  392  -rw-    25162392   Aug 1 2016 15:16:32 -04:00  anyconnect-win-4.3.01095-k9.pkg
  414  -rw-    24010751  Oct 21 2017 12:42:58 -04:00  anyconnect-macosx-i386-4.3.02039-k9.pkg

251371520 bytes total (65351680 bytes free)
VPN-1#
VPN-1#delete flash:anyconnect-macosx-i386-4.3.02039-k9.pkg
Delete filename [anyconnect-macosx-i386-4.3.02039-k9.pkg]? 
Delete usbflash0:/anyconnect-macosx-i386-4.3.02039-k9.pkg? [confirm]



Appendix 1-  Install AnyConnect Secure Mobility Client on Mac Machines
Step 1. Download AnyConnect here.
  • http://ttcit.net/download/macos/anyconnect-macos-4.6.03049-predeploy-k9.dmg
  • http://ttcit.net/download/macos/anyconnect-macos-4.6.01103-predeploy-k9.dmg
For Linux:
  • http://ttcit.net/download/linux/anyconnect-linux64-4.6.01103-predeploy-k9.tar.gz
  • http://ttcit.net/download/linux/anyconnect-linux64-4.6.03049-predeploy-k9.tar.gz
For Windows:
  • http://ttcit.net/download/windows/anyconnect-win-4.6.01103-core-vpn-predeploy-k9.msi
  • http://ttcit.net/download/windows/anyconnect-win-4.6.03049-core-vpn-predeploy-k9.msi


Step 2. Double-click the downloaded installer dmg file. 
It will be auto-mounted as a disk and show you the contents inside. There were be two items, one is pkg file and another one is Profiles folder. Double-click pkg file. 
Step 3. Click Continue.
The installation wizard will start.
Step 4. Go over the Supplemental End User License Agreement and then click Continue.
Step 5. Click Agree.
Step 6. Choose the components to be installed by checking or unchecking the corresponding check boxes. 
All components are installed by default.
Step 7. Click Continue.
Step 8. (Optional) Click Change Install Location to manually specify the path to install AnyConnect.
Step 9. Click Install.
Step 10. (Optional) Enter your password in the Password field.
Step 11. Click Install Software.
Step 12. Click Close.
You should now have successfully installed the AnyConnect Secure Mobility Client Software on your Mac computer.


References:






No comments:

Post a Comment