Skip navigation
This discussion is archived

Snow Leopard and built-in CISCO VPN access

53856 Views 54 Replies Latest reply: Feb 17, 2010 9:10 PM by Ashley Aitken RSS
  • Forrest Calculating status...
    Currently Being Moderated
    Aug 31, 2009 5:22 PM (in response to tsarna)
    We have a support contract with Cisco. I spoke with them last night, and they made it clear that they DO NOT SUPPORT Snow Leopard for the (soon to be deprecated) Cisco VPN IPSec client.

    That means don't expect fixes, etc.
    Mac OS X (10.6)
  • LittleSaint Level 4 Level 4 (2,900 points)
    Currently Being Moderated
    Aug 31, 2009 7:28 PM (in response to ajmorris)
    No Cisco development being done for a 64bit IPSec client - Mac, Windows, or otherwise. AnyConnect (SSL) is the direction Cisco is going. Better licensing model.
    MacBook, Mac OS X (10.5.5)
  • LittleSaint Level 4 Level 4 (2,900 points)
    Currently Being Moderated
    Aug 31, 2009 8:22 PM (in response to Forrest)
    This is true, but the most recent client (4.9.01.0180) works fine with the 32bit kernel. You just have to re-install after upgrading to 10.6. Anyone with Cisco hardware providing IPSec VPNs has access to CCO and can download the client, so there should be no need to download it from any other sources.
    MacBook, Mac OS X (10.5.5)
  • William Kucharski Level 6 Level 6 (14,440 points)
    Currently Being Moderated
    Aug 31, 2009 8:43 PM (in response to tsarna)
    tsarna wrote:
    Thanks so much, Cisco. By making it difficult to obtain the software legitimately, you force people into obtaining copies from unknown sources that might contain malware.


    It's not difficult at all; ask your IT department for a copy. They have the support contracts with Cisco and can login and download the client directly from Cisco.

    Encryption regulations are why Cisco can't make the client available for random download.
    Quad 2.5 GHz G5, 5 GB | 15" 2.6 GHz MBP Penryn, 4 GB | 1 TB Dual-Band TC, Mac OS X (10.6)
  • Sven Koesling Level 1 Level 1 (90 points)
    Currently Being Moderated
    Sep 1, 2009 12:50 PM (in response to William Kucharski)
    Built in Client not working here too
    I can connect to the network, get an IP Adress and DNS-Server, but i cannot reach any machine in that network. No ssh, no nslookup…
    In my .pcf it says:

    EnableNat=1
    TunnelingMode=1
    TcpTunnelingPort=10000

    Is that the problem?

    Greetings
    Sven
    MBP 2.16 GHz Core 2 Duo, Mac OS X (10.5.1)
  • cipherwar Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 1, 2009 1:12 PM (in response to Sven Koesling)
    The SL Cisco IPsec client only support straight IPsec not tunneled in UDP or TCP. Tunneling in UDP or TCP is required to support IPsec over any NAT device. Since you are asking for tunneling and NAT it won't work.

    Just use the Cisco client. It works fine with SL.
    Mac Pro/Macbook/Macbook Pro/iMac, Mac OS X (10.6)
  • djdawson Calculating status...
    Currently Being Moderated
    Sep 1, 2009 3:19 PM (in response to cipherwar)
    I just tested the SL Cisco VPN client and connected to the VPN 3000 series concentrator at work and verified that it DOES support the standards-track "NAT Traversal" feature that uses UDP to encapsulate the ESP (IP protocol 50) traffic if either or both endpoints of the VPN connection are behind a NAT device. This is the newer flavor of encapsulation that has replaced the older versions of TCP and UDP encapsulations and is the preferred encapsulation technique.

    In case anyone's interested, I used the same VPN group that I use with the Cisco VPN client, so the SL client appears to be reasonably compatible (assuming you don't use Cisco's older versions of TCP and UDP encapsulation). Anyone trying to configure a Cisco device at the head end to support the SL client should just pretend they're setting it up for a Cisco IPSec client, but make sure you specify "NAT-T" instead of the older TCP or UDP versions that default to port 10000 (NAT-T defaults to UDP port 4500).

    HTH

    Dana
    CCIE #1937
    MacPro x 2 & MacBook Pro 17", Mac OS X (10.6)
  • andyGoodwin Calculating status...
    Currently Being Moderated
    Sep 1, 2009 5:01 PM (in response to gilcelli)
    I too ran into problems -- I found a beta release of Cisco AnyConnect which supports Snow Leopard.

    http://unf.net/snowleopard/anyconnect-macosx-i386-2.4.0154-k9-BETA.zip

    and the release notes:

    http://unf.net/snowleopard/anyconnect2.4.0154rnBeta.pdf

    Hope this helps!

    Andy
    Macbook, Mac OS X (10.6)
  • bughuntr Calculating status...
    Currently Being Moderated
    Sep 4, 2009 2:34 PM (in response to gilcelli)
    I too have lost my Cisco VPN connection ability.

    Even after trying to re-install Cisco AnyConnect (4.9.01.0180) I just keep getting the "Failed to initialize VPN API, aborting." message.

    Just when I got my company to think they could look at moving more people to Macs. Doh!

    I was really hoping that the built in Snow Leopard Cisco VPN support would take care of all this.
    MacBook Pro (2.33 Core 2, 2GB RAM), Mac OS X (10.6)
  • Forrest Level 1 Level 1 (5 points)
    Currently Being Moderated
    Sep 4, 2009 2:50 PM (in response to bughuntr)
    Bughuntr,

    In speaking with Cisco, they mentioned that Snow Leopard support is in a new beta of AnyConnect:

    anyconnect-macosx-i386-2.4.0154-k9-BETA

    If you have access to their downloads, grab it and it should work for you.


    Best,

    Forrest
    Mac OS X (10.6)
  • J-a-x Level 3 Level 3 (730 points)
    Currently Being Moderated
    Sep 4, 2009 8:34 PM (in response to Sven Koesling)
    Hey Sven,

    My .pcf configuration file has the same settings are yours:
    EnableNat=1
    TunnelingMode=1
    TcpTunnelingPort=10000

    Mine is from Rice University. Are you from Rice? I'm trying to avoid the Cisco VPN client due to two kernel panics this week that I traced to the Cisco IPsec.kext. I have gotten the default SL VPN client to connect and authenticate but half the time it works and half the time I have the same problem as you (nothing is accessible or pingable). I'm having trouble figuring out what might have gone wrong because everything looks okay aside from my network not responding. Did you get anywhere with this?
    Macbook 2.4 Ghz, Mac OS X (10.5.6), 4 GB RAM
  • Tom Glover Calculating status...
    Currently Being Moderated
    Sep 6, 2009 6:10 PM (in response to agrobbin)
    This is the sort of gaff that ruins our attempts to convince our companies that mac is a viable platform, and the sort of "hey user ... it's your problem" behavior I'd expect from Microsoft ... not from Apple.
    MacBook Pro, Mac OS X (10.5.4)
  • Tom Glover Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 7, 2009 6:52 PM (in response to Tom Glover)
    A re-install of Cisco VPN Client MAC 4.9 reproduced the 051 issue. However installing vpnclient-darwin-4.9.01.0100-universal-k9 yielded a Cisco vpn that works on SL.
    MacBook Pro, Mac OS X (10.5.4)
  • Sven Koesling Level 1 Level 1 (90 points)
    Currently Being Moderated
    Sep 15, 2009 7:36 AM (in response to J-a-x)
    Hi J-a-x,

    sorry for answering so late - I didn't find the time. Till now I have no solution. I'm still using the cisco client.

    Greetings
    Sven

    P.S.: No, I'm not from Rice. Actually I'm living in Switzerland.
    MBP 2.16 GHz Core 2 Duo, Mac OS X (10.6.1)
  • direwolf8 Level 4 Level 4 (1,280 points)
    Currently Being Moderated
    Sep 16, 2009 7:41 AM (in response to tsarna)
    Cisco's web pages are confusing but it shouldn't take you long to find where to download the VPN client. If you're purchased a license, you can download it with your Cisco CCO account. Nobody should have to get a (legitimate) copy from anywhere else.
    G5, Mac OS X (10.5)

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.