Skip to main content

First a warm "hello" to the community :-)
I hope you're well and stable in this unstable times.



Now my theme, bounded to my hope, that someone can help me to find a solution:



We are using Cisco Anyconnect and our install procedure for macOS Catalina (and Mojave) was working very well. We had created a configuration profile with the needed kernel exceptions and with this configuration profile we installed Cisco Anyconnect "silent".



Big Sur has modifyed security options and these changes are the reason, that the former well working procedure is no more working.



Now the User has to accept some security questions (like "is Cisco Anyconnect allowed to filter the network traffic") and has to enable them in the system settings.



Has anyone found a way to install Cisco Anyconnect without this conditions ?



Thank you very much for answering and



kind regards,



Michael

Our company is changing from Cisco to Forti, not only because of these errors...



Ditto here as well.   I'm sad the org (merger of 5 companies from last year) that I'm part of is going away from Global Protect.

Anyone having issue with AnyConnect denying the system from pulling softwareupdate list?
Below are the error message I saw in the console

System Policy: com.cisco.anycon(306) deny(1) system-privilege 10006

Violation:       deny(1) system-privilege 10006

Process:         com.cisco.anycon [306]

Path:            /Library/SystemExtensions/4EBB3FEE-890F-4AA7-9628-1DDAF928C676/com.cisco.anyconnect.macos.acsockext.systemextension/Contents/MacOS/com.cisco.anyconnect.macos.acsockext

Load Address:    0x10eddd000

Identifier:      com.cisco.anyconnect.macos.acsockext

Version:         4.10.03104 (4.10.03104)

Code Type:       x86_64 (Native)

Don't know if people are still struggling to create a custom Anyconnect PKG but I found this from someone awhile ago and saved it to a text file and keep it a folder on our share .  Don't remember the source.  Obviously you can use any temp directory I just do it from my Downloads folder.

Use directory: cd /Library/Application\\ Support/tmp

  1. Download anyconnect-macos-4.10.03104-predeploy-k9.dmg from Cisco (or your vendor) and open it via installer (Double Click it in finder).
  2. Drag the AnyConnect.pkg file inside the .dmg to your tmp (for simplicity) and then do @MikeF's steps (4-9 below):
  3. Open Terminal and cd /Library/Application\\ Support/tmp
  4. Pkgutil --expand AnyConnect.pkg AnyConnectVPN
  5. Went to the tmp folder, opened the AnyConnectVPN folder
  6. opened the AnyConnectVPN/Distribution file
  7. Look for <choices-outline> <line choice="choice_vpn"/> lines starting around line. Delete the ones you don't need, and Save. (I Used Xcode to edit the file)
  8. pkgutil --flatten AnyConnectVPN AnyConnect_4.10.03104.pkg
  9. Upload that pkg file to JSS and go from there in however you want to deploy it.

We don't need to pack a custom package. We can download our Anyconnect package by entering the URL of our VPN in a web browser. After login the site, Anyconnect is provided for the operating system of the connected client (Mac or Windows). The package contains only the needed part of anyconnect (the VPN client, without the other peaces).
We face problems with the detection of the update server, too. After disconnecting the "Cisco AnyConnect Socket Filter" the update server is reachable and the macOS updates can be run.

We don't need to pack a custom package. We can download our Anyconnect package by entering the URL of our VPN in a web browser. After login the site, Anyconnect is provided for the operating system of the connected client (Mac or Windows). The package contains only the needed part of anyconnect (the VPN client, without the other peaces).
We face problems with the detection of the update server, too. After disconnecting the "Cisco AnyConnect Socket Filter" the update server is reachable and the macOS updates can be run.


That sounds more like a Cisco problem than a Mac problem.

Reply


Terms & ConditionsCookie settings