UC San Diego SearchMenu

Configuring the UCSD VPN Client for Mac OS X 10.10.x and Above via Conventional Installation

Follow these steps to connect your Mac OS X 10.10.x and above to the UCSD virtual private network (VPN).

In the right place? If you only need to access common campus Web sites or remote desktop computing, use the VPN EasyConnect option. See instructions in Virtual Private Networks at UCSD.

Notes:

  • You must log into your computer with administrator rights.
  • You need your Active Directory (AD) username and password. If you don't remember your AD username or password, you can either reset it at https://adweb.ucsd.edu/adpass/ or contact your department's systems administrator.
  • Computer must be running 10.10.x and above to use the Cisco AnyConnect Client. Older operating systems are no longer supported.

Expand all

1. Uninstalling the old client

  • To uninstall older versions follow these steps (This will require a computer restart)
    • Go to your Applications folder
    • Locate and double-click on the Cisco folder
    • Double-click on Uninstall AnyConnect
    • Click Uninstall
    • Enter your computer's administrator password
    • You will then see a message saying that, "AnyConnect has been uninstalled".
      • Click Close
    • Restart your computer
    • Continue with step 2

2. Download the UCSD VPN AnyConnect client for Intel

  • Download the VPN AnyConnect client for Intel.  ** macOS 10.15 Catalina users READ BELOW
  • Save the client to your desktop.
  • After the download completes, double-click the anyconnect-macos-4.4.03034 -core-vpn-webdeploy-k9.pkg installation file. The AnyConnect icon shown below will appear on your desktop.
  • Double-click the AnyConnect drive image.
Task screenshot

** macOS 10.15 Catalina users

AnyConnect 4.8.00175 New Features

This AnyConnect 4.8.00175 release is for only macOS. It includes the following features and enhancements and resolves the defects described in AnyConnect 4.8.00175.

Support for macOS 10.15—Cisco AnyConnect 4.8.x and HostScan package 4.8.x are the first versions that officially support operation on macOS Catalina. Some AnyConnect HostScan package versions will not function properly with the upcoming macOS Catalina 10.15 release (CSCvq11813), and additionally, users may see popups while posture assessment evaluation is in progress (CSCvq64942). To address these issues, refer to HostScan Will Not Function With macOS 10.15 Without Upgrade (CSCvq11813) and Permission Popups During Initial AnyConnect HostScan or System Scan Launch (CSCvq64942) in the Guidelines and Limitations portion of these release notes.

Problem Symptom

If a device that runs the macOS Catalina release attempts to connect with ASA or Next-Generation Firewall head-ends that run HostScan package 4.3.x and earlier, this “Posture Assessment Failed: Hostscan CSD prelogin verification failed” pop-up warning message appears:

Additionally, during the first launch of AnyConnect HostScan, SystemScan, and DART modules on macOS Catalina 10.15.x, one-time-only file access request pop-up messages might appear. For further information, refer to the AnyConnect Client 4.8 Release Notes.

Workaround/Solution

Solution

For macOS Catalina 10.15.x users to successfully establish VPN connections using AnyConnect Client with HostScan, these three steps must be performed:

  1. HostScan 4.3.x packages and earlier must be migrated to HostScan 4.7.04058 (4.7MR4) or later.
  2. If you migrate from HostScan 4.3.x to 4.7.04058 (4.7MR4) or later, the Dynamic Access Policy (DAP) policies must be updated to the new DAP policy definitions introduced in 4.6.x. For additional information, refer to the AnyConnect HostScan Migration 4.3.x to 4.6.x and Later
  3. AnyConnect Client must be upgraded to 4.8.x or later.

 

3. Run the installation package

  • Double-click the AnyConnect file inside of the window

install package

4. Begin the installation

  • Click Continue to begin the installation.
  • When prompted, click Continue.

    Task screenshot

5. Accept the license agreement

  • Click Continue.
  • When the Software License Agreement window appears, click Agree to accept.

    Task screenshot

6. Continue the installation

  • Click Continue.
  • Click Install.
  • If prompted, enter your Administrative (system) username and password.

    Task screenshot
  •  

7. Finish the installation

  • When you see the Install Succeeded pop-up window, click Close to continue.

    Task screenshot

8. Run the AnyConnect client

  • Go to the Cisco folder in Applications and double-click the Cisco AnyConnect Secure Mobility Client.

    Task screenshot

9. Authenticate with UCSD VPN using DUO 2-Step Authentication

  • In the first window, enter vpn.ucsd.edu in the box and click on the “Connect” button to the right
  • A second window will appear. Select your desired connection profile from the Group drop-down menu:
    • 2-Step Secured - allthruucsd – Route all traffic through the UCSD VPN.
      • Use this when accessing Library resources and the CMS.
    • 2-Step Secured - split – Route only campus traffic through the UCSD VPN. All other traffic goes through your normal Internet provider.
  • In the Username field, enter your Active Directory (AD) username
  • In the Passcode field, use the following to authenticate through DUO (See Two-Step Login: VPN for further details):
    • If you receive DUO push notifications on your mobile phone enter:
      • yourADpassword,push
    • If you receive a DUO phone call to authenticate, enter:
      • yourADpassword,phone
    • If you use a DUO token to generate a passcode enter:
      • yourADpassword,6digitpasscodefromtoken
  • Click OK.

    DUO-VPN-OS-X-Connect.png

 

DUO-VPN-OS-X-.png

10. Disconnect

  • Click the AnyConnect client icon located near the top right corner of your screen.
  • Select Disconnect.

    Task screenshot

Expand all