AnyConnect Plus/Apex licensing and Cisco head-end hardware is required. The application is not permitted for use with legacy licensing (Essentials or Premium PLUS Mobile). AnyConnect may not be used with non-Cisco hardware under any circumstances. I am on 2.4.5p1 and using cisco anyconnect (4.7.02036) as well - zero issues. You do not have to sniff on your macbook - you can sniff right on pfsense, diag packet capture. Looking in the message history on the anyconnect client on my work laptop. Looks like I was connected from 11/13 through the 18th without any disconnects.
I use Cisco AnyConnect on my Windows 7 computer to make VPN connections. It also has capability to connect to WiFi. But I always had problems in connecting toWiFi with AnyConnect. Connection drops frequently and it keeps saying ‘Acquiring IP address‘.
AnyConnect installs a service called ‘Network Access Manager‘ which seems like takes over the native Windows WiFi connecting client. So when I click on the network icon in the System tray it says ‘No connections are available'(See below snapshot). Without AnyConnect, it always displays the WiFi connections available.
If you are facing the problem then you can try the following solution that worked for me.
- Open Services management console by running Services.msc from Run
- Find the service ‘Cisco AnyConnect Network Access Manager‘.
- Right click and stop the service.
- Now Cisco AnyConnect will say ‘NAM service unavailable‘
- Now Windows will use the native WiFi client to connect to the WiFi
- When you reboot your system, the NAM service will start and may cause problem again. You can disable this service in Services management console to prevent that.
AnyConnect has settings to disable the NAM feature. But that did not work for me. Even after disabling NAM service, I could not connect to WiFi. Windows network icon shows the WiFi connection but gives the error ‘Windows was not able to connect to…‘. I followed the below steps to do this.
- Opened Anyconnect window and click on Advanced.
- Clicked on ‘Networks’ tab in the left side pane.
- Clicked on Configuration tab. Changed the NAM to disabled as shown below.
Depending on how your company configured Duo authentication, you may or may not see a “Passcode” field when using the Cisco AnyConnect client.
Single Password with Automatic Push
If AnyConnect only prompts for a password, like so:
After you submit your login information, an authentication request is automatically sent to you via push to the Duo Mobile app or as a phone call.
Alternatively, you can add a comma (“,”) to the end of your password, followed by a Duo passcode or the name of a Duo factor. Here's how:
| Type... | To... |
|---|---|
| password,passcode | Log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator. Examples: 'mypass123,123456' or 'mypass123,1456789' |
| password,push | Push a login request to your phone (if you have Duo Mobile installed and activated on your iOS, Android, or Windows Phone device). Just review the request and tap 'Approve' to log in. |
| password,phone | Authenticate via phone callback. |
| password,sms | Get a new batch of SMS passcodes. Your login attempt will fail — log in again with one of your new passcodes. |
You can also add a number to the end of these factor names if you have more than one device registered. For example, push2 will send a login request to your second phone, phone3 will call your third phone, etc.
Examples
To use Duo Push if your password is 'hunter2', type:
Install Cisco Anyconnect
To use the passcode '123456' if your password is 'hunter2', type:
To send new SMS passcodes to your second phone if your password is 'hunter2', type:
The comma is Duo's default separator character between your password and the Duo factor. Your administrator may have changed this to a different character. Be sure to follow the instructions sent to you by your organization if they differ from what's shown here.
Second Password for Factor Selection
If AnyConnect shows a 'Second Password' input field (note that your AnyConnect administrator may have changed the 'Second Password' label to something else):
Use the 'Second Password' field to tell Duo how you want to authenticate. Here's how:
| Type... | To... |
|---|---|
| A passcode | Log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator. Examples: '123456' or '1456789' |
| push | Push a login request to your phone (if you have Duo Mobile installed and activated on your iOS, Android, or Windows Phone device). Just review the request and tap 'Approve' to log in. |
| phone | Authenticate via phone callback. |
| sms | Get a new batch of SMS passcodes. Your login attempt will fail — log in again with one of your new passcodes. |
You can also add a number to the end of these factor names if you have more than one device registered. For example, push2 will send a login request to your second phone, phone3 will call your third phone, etc.
Cisco Anyconnect Will Not Connect
Examples
To send a Duo Push request to your primary phone, type:
To send a Duo Push request to your secondary phone, type:
To use the passcode '123456', type:
To send new SMS passcodes to your second phone, type: