I'm on 12.3 and connecting fine (Cisco AnyConnect with MFA). What version of Cisco AnyConnect are you on? (I'm on 4.10.04071)

We are using 4.10.05085

We are testing 12.3 with 4.10.04071 CiscoAny Connect with Smart Cards. No issues.

Hi mvu,

SmartCard / Certificate on Dongle is no issue as well, its only the MFA which is troubling us. Unfortunately all Mac Users are using the MFA Gateway

Can you downgrade/test an earlier version?

As I mentioned this behaviour is only seen after upgrading to 12.3, on 12.2.1. everything works normal with MFA.

But since there is no way to rollback the already upgraded Macs its not a solution.

I think what we are curious about is what happens if you try 4071 and 12.3. Are you able to try using 4071 version of AnyConnect?

Ah, sorry my mistake. I just uninstalled 5085 and tried with 4071 after a reboot. Same issue.

I will try to talk to our VPN guys, looking more into the network trace I found out that 12.3 is only offering 22 Ciphersuites to the Gateway compared to 27 in 12.2.1 maybe they need to enable sth. 

Just strange that Cisco says they don't see anything in the gateway logs.

Do you have Apple Enterprise support? Maybe worth a ticket that way so they're aware of a possible 12.3 issue.

Ok, it was a misconfiguration on the VPN Gateway, we now added one of the 22 Ciphers Apple is using and its working again.

We have downloaded the newest Version 4.10.05085 and is working fine. Have your network admin login and download it for you

Hello Kinnetik, plis can you share the solution?. I have been looking for a solution for days and have not found it yet. I am on OS 12.13.1 and AnyConnect client For mac 4.10.05095

We had to add AES256-GCM-SHA384 to the allowed cipehers on the Cisco VPN Gateway, now its working again.

Please Kinnetik, can you tell me how you added it?