AnyConnect is a VPN client that we use to connect to GSA’s intranet.
- Download AnyConnect via ServiceNow. Someone from GSA IT will reach out to you within the day.
- Follow their directions to install Anyconnect.
- Install only the following components:
- Diagnostics and Reporting Tools
Your install screen should look like this:
- Make sure you are not connected to a GSA network, otherwise the connection will fail.
- Launch the Cisco AnyConnect Secure Mobility Client.
- Enter either
vpn.gsa.gov/gfeotp(this is an old url that may not work) or select
GSA Access OTPin the Site Name field.
- Click Connect.
- Sign in with your ENT username and password. Your username is your full name, including your middle initial.
- You’ll be prompted for an answer or token. Enter the OTP code.
- Accept the Government Warning Banner.
Sometimes AnyConnect will hang while trying to authorize your credentials. If your starting screen looks like this:
instead of like this:
you’ll probably hang.
If you do, uncheck the
Enable automatic VPN server selection option in the preferences:
Then connect to
vpn.gsa.gov and choose the
GSA 2 factor Authentication group on the Certificate Validation Failure dialog.
If that doesn’t work, delete the
/opt/cisco/anyconnect/profile/gsa_cp-gfe.xml file on your system. you’ll need to enter your admin credentials to delete it, but that’s ok. In the future, you can prevent this error simply by never quitting AnyConnect (the bad XML file seems to be created upon quit). Disconnect AnyConnect when you don’t need it, but leave the application running in the background.
If you’re still having trouble, try these recommendations from @moncef:
- Open the Terminal.
cd /optand press Return.
sudo rm -rf ciscoand press Return.
- Search the Finder for
cisco(including system files) and delete the files.
- Restart your computer.
- Reinstall AnyConnect without any add-ons.
If your Cisco AnyConnect client hangs up (and loops “waiting for host scans”) after entering credential on OSX, you might have large number of certs in your mac’s cert manager. Try deleting unused certs.
If you get the “a newer version of Cisco AnyConnect was already installed” error when trying to reinstall, tell macOS to forget the package:
sudo pkgutil --forget com.cisco.pkg.anyconnect.vpn