Symptoms:
One of my clients reported a Cisco AnyConnect issue. It only happened to his machine and later we found that is because he is using Mac machine. His credential works fine if he uses it at windows machine.
From following screenshot, obviously there is Mac AnyConnect package missing from vpn gateway.
Error Messages:
“VPN
The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again.
Solutions:
Windows package usually installed when WebVPN configured. But Linux package and Mac OSX package may missed at the beginning of installation. To resolve this issue, I followed following steps to get missing package installed:
1. Download missing package and saved to ftp server
It can be found from cisco support download site. Here is a screenshot of which package you should download.
2. Confirm System version and license
VPN-1#show version
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M3, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 05-Jun-15 12:31 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
VPN-1 uptime is 1 year, 9 weeks, 4 days, 4 minutes
System returned to ROM by power-on
System restarted at 12:53:28 EDT Mon Aug 15 2016
System image file is "usbflash0:c1900-universalk9-mz.SPA.154-3.M3.bin"
Last reload type: Normal Reload
Last reload reason: power-on
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO1921/K9 (revision 1.0) with 491520K/32768K bytes of memory.
Processor board ID FJC2023L4AW
2 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
245744K bytes of USB Flash usbflash0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*1 CISCO1921/K9 FJC2023L4AW
Technology Package License Information for Module:'c1900'
------------------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
data None None None
NtwkEss None None None
Configuration register is 0x2102
3. Copy AnyConnect Mac Package from FTP Server to local flash
VPN-1#cd webvpn
VPN-1#dir
Directory of usbflash0:/webvpn/
389 drw- 0 Aug 1 2016 14:56:12 -04:00 Rogers-SSL-1
392 -rw- 25162392 Aug 1 2016 15:16:32 -04:00 anyconnect-win-4.3.01095-k9.pkg
251371520 bytes total (89362432 bytes free)
VPN-1#copy ftp://temp:[email protected]/anyconnect-macosx-i386-4.3.02039-k9.pkg flash: Destination filename [anyconnect-macosx-i386-4.3.02039-k9.pkg]? Accessing ftp://19.24.11.29/anyconnect-macosx-i386-4.3.02039-k9.pkg... Loading anyconnect-macosx-i386-4.3.02039-k9.pkg (via GigabitEthernet0): !!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 37997096 bytes] 37997096 bytes copied in 117.644 secs (322984 bytes/sec)
4. Install new package into webvpn
After you copy the AnyConnect image to the flash of the Router, it must be installed via command line. Multiple AnyConnect packages can be installed when you specify a sequence number at the end of the installation command; this will allow for the Router to act as headend for multiple client operating systems. When you install the AnyConnect package, it will also move it to the flash:/webvpn/ directory if it was not copied there initially.
VPN-1(config)#crypto vpn anyconnect flash:/anyconnect-macosx-i386-4.3.02039-k9.pkg sequence 2 SSLVPN Package SSL-VPN-Client (seq:2): installed successfully VPN-1(config)# VPN-1#wr Building configuration... [OK] VPN-1#sh run | i cry service password-encryption crypto pki trustpoint my-trustpoint crypto pki certificate chain my-trustpoint crypto vpn anyconnect usbflash0:/webvpn/anyconnect-win-4.3.01095-k9.pkg sequence 1 crypto vpn anyconnect usbflash0:/webvpn/anyconnect-macosx-i386-4.3.02039-k9.pkg sequence 2 crypto isakmp policy 1
Check package has been installed to flash:/webvpn/ floder. Then you can delete the package under the flash:/ folder
VPN-1#dir Directory of usbflash0:/ 1 -rw- 75608148 Jun 3 2016 14:13:10 -04:00 c1900-universalk9-mz.SPA.154-3.M3.bin 2 -rw- 3066 Jun 3 2016 14:24:04 -04:00 cpconfig-19xx.cfg 3 -rw- 1160 Jul 24 2016 10:58:00 -04:00 1.lic.txt 4 drw- 0 Jun 3 2016 14:24:34 -04:00 ccpexp 374 -rw- 22737 Jun 3 2016 14:27:22 -04:00 home.html 375 -rw- 6914 Aug 1 2016 14:17:20 -04:00 backup-Aug--1-14-17-21.345-EDT-9 376 -rw- 7578 Jul 24 2016 10:17:38 -04:00 backup--Jul-24-10-17-37.931-EDT-1 377 -rw- 5775 Jul 24 2016 10:19:10 -04:00 backup--Jul-24-10-19-09.891-EDT-2 378 -rw- 5755 Jul 24 2016 10:20:34 -04:00 backup--Jul-24-10-20-34.183-EDT-3 379 -rw- 5901 Jul 24 2016 10:23:12 -04:00 backup--Jul-24-10-23-11.734-EDT-4 380 -rw- 5939 Jul 24 2016 10:29:20 -04:00 backup--Jul-24-10-29-20.606-EDT-5 381 -rw- 5939 Jul 24 2016 10:29:42 -04:00 backup--Jul-24-10-29-42.814-EDT-6 382 -rw- 5939 Jul 24 2016 10:33:52 -04:00 backup--Jul-24-10-33-53.270-EDT-7 383 -rw- 1154 Aug 1 2016 10:34:22 -04:00 2.lic 384 -rw- 6007 Aug 1 2016 10:37:02 -04:00 backup-Aug--1-10-37-02.447-EDT-8 385 -rw- 6907 Aug 1 2016 14:30:08 -04:00 backup-Aug--1-14-30-08.355-EDT-10 386 -rw- 7617 Aug 1 2016 14:52:22 -04:00 backup-Aug--1-14-52-23.416-EDT-11 387 -rw- 7595 Aug 1 2016 14:55:26 -04:00 backup-Aug--1-14-55-26.582-EDT-12 388 drw- 0 Aug 1 2016 14:56:12 -04:00 webvpn 393 -rw- 7635 Aug 10 2016 22:31:32 -04:00 backup-Aug-10-22-31-32.095-EDT-14 412 -rw- 9718 Oct 5 2017 16:56:46 -04:00 backup-Oct--5-16-56-46.377-EDT-27 394 -rw- 6986 Aug 1 2016 14:15:18 -04:00 backup-Aug--1-14-15-18.974-EDT-7 395 -rw- 6937 Aug 1 2016 14:16:32 -04:00 backup-Aug--1-14-16-32.933-EDT-8 396 -rw- 25162392 Aug 1 2016 15:07:34 -04:00 anyconnect-win-4.3.01095-k9.pkg 397 -rw- 7635 Aug 10 2016 22:19:28 -04:00 backup-Aug-10-22-19-29.400-EDT-13 413 -rw- 24010751 Oct 21 2017 12:33:02 -04:00 anyconnect-macosx-i386-4.3.02039-k9.pkg 401 -rw- 9487 Jan 19 2017 20:40:16 -05:00 backup-Jan-19-20-40-16.993-EST-21 402 -rw- 9485 Feb 3 2017 21:37:08 -05:00 backup-Feb--3-21-37-09.347-EST-22 403 -rw- 9531 Feb 8 2017 18:52:10 -05:00 backup-Feb--8-18-52-10.357-EST-23 404 -rw- 9599 Mar 22 2017 20:39:00 -04:00 backup-Mar-22-20-39-01.158-EDT-24 411 -rw- 9598 Apr 5 2017 09:21:20 -04:00 backup-Apr--5-09-21-20.755-EDT-25 406 -rw- 9660 May 29 2017 10:54:04 -04:00 backup-May-29-10-54-04.085-EDT-26 415 -rw- 9813 Oct 21 2017 12:43:20 -04:00 backup-Oct-21-12-43-20.905-EDT-28 251371520 bytes total (65351680 bytes free) VPN-1#cd webvpn VPN-1#dir Directory of usbflash0:/webvpn/ 389 drw- 0 Aug 1 2016 14:56:12 -04:00 R-SSL-1 392 -rw- 25162392 Aug 1 2016 15:16:32 -04:00 anyconnect-win-4.3.01095-k9.pkg 414 -rw- 24010751 Oct 21 2017 12:42:58 -04:00 anyconnect-macosx-i386-4.3.02039-k9.pkg 251371520 bytes total (65351680 bytes free) VPN-1#
VPN-1#delete flash:anyconnect-macosx-i386-4.3.02039-k9.pkg Delete filename [anyconnect-macosx-i386-4.3.02039-k9.pkg]? Delete usbflash0:/anyconnect-macosx-i386-4.3.02039-k9.pkg? [confirm]
Appendix 1- Install AnyConnect Secure Mobility Client on Mac Machines
Step 1. Download AnyConnect here.
- http://ttcit.net/download/macos/anyconnect-macos-4.6.03049-predeploy-k9.dmg
- http://ttcit.net/download/macos/anyconnect-macos-4.6.01103-predeploy-k9.dmg
For Linux:
- http://ttcit.net/download/linux/anyconnect-linux64-4.6.01103-predeploy-k9.tar.gz
- http://ttcit.net/download/linux/anyconnect-linux64-4.6.03049-predeploy-k9.tar.gz
For Windows:
- http://ttcit.net/download/windows/anyconnect-win-4.6.01103-core-vpn-predeploy-k9.msi
- http://ttcit.net/download/windows/anyconnect-win-4.6.03049-core-vpn-predeploy-k9.msi
Step 2. Double-click the downloaded installer dmg file.
It will be auto-mounted as a disk and show you the contents inside. There were be two items, one is pkg file and another one is Profiles folder. Double-click pkg file.
Step 3. Click Continue.
The installation wizard will start.
Step 4. Go over the Supplemental End User License Agreement and then click Continue.
Step 5. Click Agree.
Step 6. Choose the components to be installed by checking or unchecking the corresponding check boxes.
All components are installed by default.
Step 7. Click Continue.
Step 8. (Optional) Click Change Install Location to manually specify the path to install AnyConnect.
Step 9. Click Install.
Step 10. (Optional) Enter your password in the Password field.
Step 11. Click Install Software.
Step 12. Click Close.
You should now have successfully installed the AnyConnect Secure Mobility Client Software on your Mac computer.
References:
- AnyConnect Error: ‘The AnyConnect package on the secure gateway could not be located’
- Using FTP to Manage System Images
- AnyConnect: Configure Basic SSLVPN for IOS Router Headend With the Use of CLI