I have to use Cisco Anyconnect to connect to my work. I do not have issues connecting to the Anyconnect. But as soon as the VPN is connected, my internet stops working. I open any apge including google.com it doesn't work. If I disconnect the VPN everything works again. Is there any firewall that is stopping? When I successfully connect to a specific company's VPN, I cannot access any internal or external websites. A website request in Safari just hangs. All traffic is setup to go through the VPN and the IT person in charge says that everything should just work for me and he is at a loss as to what the problem might be. As you can see by these screenshots, the VPN connection to the remote network works. I have an address from the VPN pool and everything. The default gateway is set correctly. Yet, I cannot reach the internet and I cannot ssh/ping anything in the same subnet except the VPN adapter which is 10.0.0.231(first IP address in VPN pool).
In the Internet Protocol (TCP/IP) window click on Advanced. Click the DNS tab and select 'Append primary and connection specific DNS suffixes' After you've set that you should be able to access the internet again. Cisco seems to change this when you connect then reverts it back once you've disconnected from the VPN. You can check if only certain remote networks or all networks (0.0.0.0 0.0.0.0) are to use the VPN via the AnyConnect details (call up AnyConnect while on VPN, click the gear icon and choose VPN, route details on the resultant display).
This document briefly describes the possible error messages that appear during the installation of AnyConnect VPN client on Apple MAC machines and their corresponding resolutions.
There are no specific requirements for this document.
The information in this document is based on these software and hardware versions:
Cisco ASA Security Appliance that runs software version 8.x
Cisco IOS® Router that runs Cisco IOS Software Release 12.4(20)T
Cisco AnyConnect Client software version 2.x
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
This section shows a list of error messages along with the solutions.
When AnyConnect 2.3 is launched from an Apple MAC machine, the Anyconnect Package corrupt or unavailable error message appears and eventually, the connection attempt fails.
This can be a problem with the absence of the MAC-related AnyConnect package on the flash of the router. Upload the suitable AnyConnect package for MAC in order to resolve this issue. Upload the corresponding AnyConnect package, which depends upon the MAC architecture. For MACs on the Intel processor, you need the i386 macos image and for MACs that run the Power PC processor (PPC) you need the powerpc macos image. These are example packages for your reference:
anyconnect-macosx-i386-2.5.3055-k9.pkg
anyconnect-macosx-powerpc-2.5.3055-k9.pkg
When split DNS is enabled on an AnyConnect setup, it is found that all the DNS queries are sent in clear but not tunneled. This is a problem with only the Apple MAC machines and works fine with Windows machines.
This behavior is observed and filed in Cisco bug ID CSCtf03894 (registered customers only) . In order to resolve this issue, you can upgrade to the AnyConnect release 3.0.4235, which has the Split DNS Functionality Enhancement. As a workaround, you can also use the built-in IPSec VPN client supported by Apple, which does not have this issue.
The launch of AnyConnect from a Macbook Pro running OSX Leopard is not successful. The VPN gateway is ASA running 8.0.4. The connection fails and the SVC Message: 16/ERROR: Initialization failure (mem allocfailed, etc.) error message appears.
This can be a problem with the way the MAC machine attempts to connect to the ASA. First verify if any IPv6 adaptors are enabled on the MAC machine and check if MAC tries to contact ASA over the IPv6 network. If so, it fails as the IPv6 is not supported with AnyConnect. In order to resolve this, disable the IPv6 related services on the MAC machine and try to connect with an IPv4 address.
There are intermittent issues with you launch the AnyConnect version 2.5 on the MAC with OSX 10.5.6. The web-based installation was unsuccessful error message appears. At that time, you are unable to download and install AnyConnect, and the browser used is Firefox. If you reboot the MAC machine, this fixes the issue temporarily, but intermittently, the issue happens again.
Verify if your VPN gateways are connected in Load-balancer mode. If it is connected, then there could be some DNS cache-related issues that cause improper DNS redirects. In order to resolve this issue, always try to map the DNS URL to connect to one specific VPN gateway only.
When you use the AnyConnect on a MAC machine, you can access the Internal Corporate network but you are unable to browse to the Internet. It neither works by FQDN nor by IP address. There is a proxy server in use for Internet traffic.
The issue can be due to the length of the PMTU. Verify the existing MTU size on the VPN gateway, for example, ASA and modify it to a lesser value. In this sample output, the mtu size is reduced to 1204 from existing 1400.
The attempt to launch AnyConnect in standalone mode to a Cisco IOS® Router running Cisco IOS Software Release 12.4(20)T is unsuccessful. The anyconnect internal error (state: not connected) error message appears.
Cisco IOS Software Release 12.4(20)T supports AnyConnect on MAC in standalone mode without any problem. In order to resolve this, try to use the complete URL when you connect to the Cisco IOS head-end device. This is a sample URL:
If this issue persists, contact Cisco TAC (registered customers only) for further troubleshooting.
Note: You need to have valid Cisco user credentials to contact Cisco TAC.
Currently, the NAM module on the AnyConnect 3.0 product replaces the Cisco Secure Services Client (CSSC). Refer to Network Access Manager (Replacement for CSSC) for more information. There is no current plan to enable NAM to support MAC OSX platform.
This error message appears when you upgrade Firefox on Apple machine version 10.6:
On machines that use softtokens, this error message appears:
It is observed that these MAC machines have AnyConnect version 2.5 installed. The current version of Firefox is 3.6.13.
This behavior has been tested and filed in Cisco bug ID CSCtn93915 (registered customers only) . As a workaround, you can try any of these described options.
Uninstall AnyConnect, upgrade Firefox and then install AnyConnect again.
Uninstall the current version of firefox then install the new version. All other upgrades after this should work fine.
The authentication phase works fine but the VPN system hangs at the Using Sun Java for installation phase.
The issue could be with the Java and Web applet settings on the machine. Sometimes, Java gets stuck when you use the web launch with MAC machine. Refer to Cisco bug ID CSCtq86368 (registered customers only) for more information. In order to resolve this issue, follow the below steps.
Uninstall AnyConnect.
Open Java preferences.
Change to run applets in their own process.
Drag the 32 bit Java on top.
If this does not help, upgrade the AnyConnect client to the latest available release.
You are unable to launch AnyConnect on the MAC machine due to certain incompatible software. What are other options to use this MAC machine as a remote access VPN client?
Refer to What options do I have for providing remote access to Mac users? for more information. Refer to IPSec VPN client for Apple MAC for more information and complete details.
There are issues when you download the AnyConnect for MAC software from Cisco.com.
Open the Cisco AnyConnect VPN Client home page and click on Download Software (registered customers only) on the right hand side of the web page. Choose the required software package and download with valid Cisco user credentials.
After connecting to the VPN client, Internet connectivity stops working (including network shared drives). The network connection may show up as 'Local Connection Only.'
These steps are adapted from: http://msdynamicstips.com/2011/06/27/vpn-connection-disconnects-internet-connection/.
On Windows 7:
1. Click on the Start button.
2. In the search box, type ncpa.cpl. Press Enter.
3. The Network Connections window should open. Right click on the Cisco AnyConnect Secure Mobility Client Connection. Click on Properties
4. Select the Networking tab.
5. Select Internet Protocol Version 4 (TCP/IPv4) from 'This connection uses the following items.'
6. Click on Properties. Click on Advanced. Make sure there is nothing listed under Default gateway using the Remove button to remove any that are there.
7. Close the Network Connections window. Attempt to connect to the VPN and then the Internet.
Windows 8, 8.1, 10:
Instead of using the Start button, begin with the Search tool. The rest of the Windows 7 steps will work for Windows 8.
A customer did submit this tidbit:
My computer had a software named Connectify which is used for creating ad-hoc. And in the adapter settings there was an option regarding connectify. I disabled it and everything worked fine.
Technology Services note: Any software that allows you to share your computer's network connection with others will interfere with the VPN. Uninstall or disable the software, reboot your computer, and try the VPN again.