This discussion is archived
31700 Views 16 Replies Latest reply: Dec 14, 2010 7:10 PM by ktalent1
Currently Being ModeratedJan 5, 2010 2:03 PM (in response to gsimp)Did you find an answer to your question yet? I'm facing the same issue.15.4" MacBook Pro unibody 4 GB RAM, Mac OS X (10.6)
Currently Being ModeratedJan 8, 2010 9:20 PM (in response to F430)Me, too. There needs to be documentation for this but I can't find any.Mac OS X (10.6.2)
Currently Being ModeratedJan 8, 2010 9:31 PM (in response to Adam Aulick)I fixed it for myself -- the certificate needed to be in the System keychain for the VPN setup to find it.
I am using a PKCS#12 cert, I'm not sure if the certification type matters.
Unfortunately I still can't connect due to "A configuration error occurred"Mac OS X (10.6.2)
Currently Being ModeratedJan 22, 2010 2:14 PM (in response to Adam Aulick)I too was able to import a PK12 certificate into the System part of the keychain so that VPN could see the certificate. However, I am getting negotiating errors with the VPN server. When I tried to do the same with the Cisco VPN client, it used a root certificate and everything was okay.
However, I don't know how to convert my .cer root certificate to the PK12 standard to use as a machine certificate. I have read about some command line ability to do this in Terminal but they are quite not easily understood by the lay person.
So now I'm forced to go back to the Cisco client until I figure this all out.15.4" MacBook Pro unibody 4 GB RAM, Mac OS X (10.6)
Currently Being ModeratedFeb 21, 2010 7:26 AM (in response to F430)1) Has anybody figured this out?
2) If you haven't been able to get it to work with a certificate how about shared secret mode?
3) If that hasn't worked, where did you find the Cisco VPN client?
cwiMac, Mac OS X (10.6.2)
Currently Being ModeratedMar 15, 2010 11:36 PM (in response to gsimp)VPN trouble in my environment
- OpenSSL CA server : fail
- Windows Server 2003 CA Server : success...and no problem
Cisco ASA VPN Group Setting
- Custom Group : fail
- DefaultGroup : success
Snow Leopard Certificate : DN OU=none
Though Certificate OU will be VPN Group Name(, and CN will be VPN User Name).
But Snow Leopard Keychain cannot create CSR with OU setting.iMac, Mac OS X (10.6.2)
Currently Being ModeratedMar 16, 2010 11:40 AM (in response to carlinw)
If that hasn't worked, where did you find the Cisco VPN client?
The Cisco VPN client can be downloaded from Cisco, but you need CCO access to get it (and theoretically need to be licensed to use it).G5, Mac OS X (10.5)
Currently Being ModeratedApr 16, 2010 1:26 PM (in response to gsimp)I am also having issues with this...The VPN system is actually causing a Kernel Panic on my computer, with increasing regularity. I have talked to both Genius's and IT people, the later of which was useless. The Genius told me that this has become an increasing problem between the Cisco VPN and Snow Leopard but that Cisco won't update for Snow Leopard.
Sorry if this is irrelevant to your question/post, but I can't find anywhere else to post my problems with the VPN System...Macbook, Mac OS X (10.6.3)
Currently Being ModeratedApr 28, 2010 7:17 PM (in response to direwolf8)Not true, I found out tonight
You must download the version 4.x version for MacOSX. It is, however, buggy...but it works. (Ugly as sin)
Message was edited by: wilsonics
Message was edited by: wilsonics
Message was edited by: wilsonicsMacBookPro 15", Mac OS X (10.6.3)
Currently Being ModeratedMay 26, 2010 5:25 AM (in response to gsimp)To get Snow Leopard's built in VPN client to import your personal certificate, I had to import the certificate into Keychain.app as a .pkcs12 file into the "System" keychain. If you already imported it into the "User" keychain, delete it and try again. It never worked for me when it was in the User keychain.
Although the built in VPN client now acknowledges my personal certificate and I am able to finish configuring the client, I am still unable to connect to the VPN server. The server address and my certificate are properly configured, but when I click connect, I'm greeted with the following error message:
The negotiation with the VPN server failed. Verify the server address and try reconnecting."
To be sure I had the correct server address, I resolved the name server address and typed in the numerical IP address. Same message… Help! When I use the same settings in the Cisco VPN Client, I connect without a hitch.MacBook Pro / 2.16 Ghz Core 2 Duo / 3 GB RAM, Mac OS X (10.6.2)
Currently Being ModeratedJul 7, 2010 3:40 PM (in response to Bradford Schwie)I have the same problem with authentication using a certificate. "The negotiation with the VPN server failed. Verify the server address and try reconnecting."
The VPN on my iPhone works perfectly, though, so I think it is just a Snow Leopard issue.MacBook, Mac OS X (10.6.4)
Currently Being ModeratedJul 22, 2010 5:50 AM (in response to gsimp)I also have the same problem. The linux and windows machines in our group have no problem connecting, but I don't get my Mac into our VPN. The network setup always complains "No machine certificates found", even though it is in the keychain. -- I'd really like to see this problem solved!NetBook Pro 2.8 GHz Intel Core 2 Duo, Mac OS X (10.6.4)
Currently Being ModeratedJul 22, 2010 7:37 AM (in response to aschafu)I think this has something to do with the root certificate not validating. Try going to Keychain.app, right click on your personal certificate, and choose "Evaluate +name of certificate+"….
When you do this, Certificate Assistant will fire up. Choose "Generic (certificate chain validation only)". If your issue is like mine, you'll see under "Evaluation Status:" that "No root cert found".
I've filed a bug report with Apple and they are saying the same thing, that the root certificate needs to be found. The root certificate is in my Keychain, so I'm not sure why I'm getting this message.
Since the root certificate is not found, my (and possibly your) certificate are not valid for the Cisco VPN client to authenticate.MacBook Pro / 2.16 Ghz Core 2 Duo / 3 GB RAM, Mac OS X (10.6.2)
Currently Being ModeratedOct 10, 2010 4:05 AM (in response to gsimp)Same problem here. The Cisco certificate imports fine, but the VPN configuration dialogue cannot find it, regardless of where you locate it - System or Login.
The routers log has a rather discouraging message:
"Dynamic VPN Client in Main Mode is only supported for Microsoft VPN Client, please use Aggressive mode instead."
"[Tunnel Negotiation Info]<<<Responder Received Aggressive Mode 1st packet."
"Initial Aggressive Mode message from xxx.xxx.xxx.xxx but no (wildcard) connection has been configured."
Thanks in advance for an update.MBP, Mac OS X (10.6.4)