Question

Big Sur and Cisco Anyconnect

Forum|Forum|5 years ago
November 19, 2020
55 replies
240 views

Anonymous

First a warm "hello" to the community :-)
I hope you're well and stable in this unstable times.

Now my theme, bounded to my hope, that someone can help me to find a solution:

We are using Cisco Anyconnect and our install procedure for macOS Catalina (and Mojave) was working very well. We had created a configuration profile with the needed kernel exceptions and with this configuration profile we installed Cisco Anyconnect "silent".

Big Sur has modifyed security options and these changes are the reason, that the former well working procedure is no more working.

Now the User has to accept some security questions (like "is Cisco Anyconnect allowed to filter the network traffic") and has to enable them in the system settings.

Has anyone found a way to install Cisco Anyconnect without this conditions ?

Thank you very much for answering and

kind regards,

Michael

Show first post

Forum|pagination.label 3 / 3

+20

daniel_ross
Jamf Heroes
Forum|Forum|4 years ago
September 24, 2021

Our company is changing from Cisco to Forti, not only because of these errors...

Ditto here as well. I'm sad the org (merger of 5 companies from last year) that I'm part of is going away from Global Protect.

bmee
Contributor
Forum|Forum|4 years ago
October 26, 2021

Anyone having issue with AnyConnect denying the system from pulling softwareupdate list?
Below are the error message I saw in the console

System Policy: com.cisco.anycon(306) deny(1) system-privilege 10006

Violation: deny(1) system-privilege 10006

Process: com.cisco.anycon [306]

Path: /Library/SystemExtensions/4EBB3FEE-890F-4AA7-9628-1DDAF928C676/com.cisco.anyconnect.macos.acsockext.systemextension/Contents/MacOS/com.cisco.anyconnect.macos.acsockext

Load Address: 0x10eddd000

Identifier: com.cisco.anyconnect.macos.acsockext

Version: 4.10.03104 (4.10.03104)

Code Type: x86_64 (Native)

gloper1977
Contributor
Forum|Forum|3 years ago
March 7, 2022

Don't know if people are still struggling to create a custom Anyconnect PKG but I found this from someone awhile ago and saved it to a text file and keep it a folder on our share . Don't remember the source. Obviously you can use any temp directory I just do it from my Downloads folder.

Use directory: cd /Library/Application\\ Support/tmp

Download anyconnect-macos-4.10.03104-predeploy-k9.dmg from Cisco (or your vendor) and open it via installer (Double Click it in finder).
Drag the AnyConnect.pkg file inside the .dmg to your tmp (for simplicity) and then do @MikeF's steps (4-9 below):
Open Terminal and cd /Library/Application\\ Support/tmp
Pkgutil --expand AnyConnect.pkg AnyConnectVPN
Went to the tmp folder, opened the AnyConnectVPN folder
opened the AnyConnectVPN/Distribution file
Look for <choices-outline> <line choice="choice_vpn"/> lines starting around line. Delete the ones you don't need, and Save. (I Used Xcode to edit the file)
pkgutil --flatten AnyConnectVPN AnyConnect_4.10.03104.pkg
Upload that pkg file to JSS and go from there in however you want to deploy it.

Anonymous
Forum|Forum|3 years ago
March 8, 2022

We don't need to pack a custom package. We can download our Anyconnect package by entering the URL of our VPN in a web browser. After login the site, Anyconnect is provided for the operating system of the connected client (Mac or Windows). The package contains only the needed part of anyconnect (the VPN client, without the other peaces).
We face problems with the detection of the update server, too. After disconnecting the "Cisco AnyConnect Socket Filter" the update server is reachable and the macOS updates can be run.

gloper1977
Contributor
Forum|Forum|3 years ago
March 8, 2022

That sounds more like a Cisco problem than a Mac problem.

Forum|pagination.label 3 / 3

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded