Hello All,
With the world of remote work continuing to evolve into more of a standard workflow, it is becoming more and more important to secure your company’s data, while still providing access to employees to allow for work. Cisco continues to lead the way with VPN technology and providing solutions to meet the needs of business. Like many blogs out there already, AnyConnect is no new thing and there are plenty of blogs/videos/tutorials on setting up remote access. There are also plenty of blogs for how to deploy AMP (Advanced Malware Protect) through VPN. You can check out my friend Trevor’s blog on this subject (https://www.lookingpoint.com/blog/amp-deployment) .
This blog, I wanted to dive into the Mac side deployment for Amp. I recently had to set up deployment for a client with mainly Windows clients. But like most environments, some users use Mac and allow users to VPN from home devices, we had seen more and more Macs connecting. We decided to enable the AMPEnabler module for AnyConnect to make sure that users are on protected machines no matter what OS they used.
Windows side deployment went without a hitch and we hosted the connector file for AMP on a Windows IIS server that was still in use and had valid certs on it. The issue began when I was trying to host the Mac connector on the same server. Web servers are not in my skillset as a Network Engineer, but I did not think it would be an issue to just throw a couple files on it and point the ASA to that location. So, I uploaded the .dmg file to the server and then closed my connection thinking it was all done. Happy times by all, job was done and now to point the ASA to the file.
Well, that did not last long… as I enter the file location in the ASA for the connector, I kept getting invalid when trying to test. Now like any other engineer out there, I turned to the universal troubleshooting guide… I Google it. I was unable to find any information as to why it was not validating. I start to hunt for what I am missing. I begin with making sure that the file is truly reachable and not just the ASA giving me an error. I use my browser to navigate to the file, and that results in an error on the web server. Bingo! It must be something with the file or server.
Again, I am not a server admin, nor do I have much experience in IIS. I go back to the web server and see if anything stands out. I see that the file is still there in the right folder, but it is not reachable like the other file for windows. Looking at the detailed view I see that it does not recognize that file type. I decided to research this more and learn that this could be the issue.
To fix this,
- Open the Internet Information Services (IIS ) Manager
- Right click on the server and select properties
A. Click the MIME Types button
C. Enter dmg in the Extension field
D. Enter application/octet-stream in the MIME type field
As always if you have any questions on the AMP for Endpoints and would like to schedule a free consultation with us, please reach out to us at sales@lookingpoint.com and we’ll be happy to help!
Armando Muscaritolo, Network Engineer