This discussion is locked
-
All replies
-
Helpful answers
Page
1
Next
-
Jan 5, 2010 2:03 PM in response to gsimpby F430,Did you find an answer to your question yet? I'm facing the same issue. -
Jan 8, 2010 9:20 PM in response to F430by Adam Aulick,Me, too. There needs to be documentation for this but I can't find any. -
Jan 8, 2010 9:31 PM in response to Adam Aulickby Adam Aulick,I fixed it for myself -- the certificate needed to be in the System keychain for the VPN setup to find it.
I am using a PKCS#12 cert, I'm not sure if the certification type matters.
Unfortunately I still can't connect due to "A configuration error occurred" -
Jan 22, 2010 2:14 PM in response to Adam Aulickby F430,I too was able to import a PK12 certificate into the System part of the keychain so that VPN could see the certificate. However, I am getting negotiating errors with the VPN server. When I tried to do the same with the Cisco VPN client, it used a root certificate and everything was okay.
However, I don't know how to convert my .cer root certificate to the PK12 standard to use as a machine certificate. I have read about some command line ability to do this in Terminal but they are quite not easily understood by the lay person.
So now I'm forced to go back to the Cisco client until I figure this all out. -
Feb 21, 2010 7:26 AM in response to F430by carlinw,1) Has anybody figured this out?
2) If you haven't been able to get it to work with a certificate how about shared secret mode?
3) If that hasn't worked, where did you find the Cisco VPN client?
Thanks,
cw -
Mar 15, 2010 11:36 PM in response to gsimpby kohj,VPN trouble in my environment
CA Server
- OpenSSL CA server : fail
- Windows Server 2003 CA Server : success...and no problem
Cisco ASA VPN Group Setting
- Custom Group : fail
- DefaultGroup : success
Snow Leopard Certificate : DN OU=none
Though Certificate OU will be VPN Group Name(, and CN will be VPN User Name).
But Snow Leopard Keychain cannot create CSR with OU setting. -
Mar 16, 2010 11:40 AM in response to carlinwby direwolf8,If that hasn't worked, where did you find the Cisco VPN client?
The Cisco VPN client can be downloaded from Cisco, but you need CCO access to get it (and theoretically need to be licensed to use it). -
Apr 16, 2010 1:26 PM in response to gsimpby bturton,I am also having issues with this...The VPN system is actually causing a Kernel Panic on my computer, with increasing regularity. I have talked to both Genius's and IT people, the later of which was useless. The Genius told me that this has become an increasing problem between the Cisco VPN and Snow Leopard but that Cisco won't update for Snow Leopard.
Sorry if this is irrelevant to your question/post, but I can't find anywhere else to post my problems with the VPN System... -
Apr 28, 2010 7:17 PM in response to direwolf8by wilsonics,Not true, I found out tonight
http://tools.cisco.com/support/downloads/pub/Redirect.x?mdfid=270636499
You must download the version 4.x version for MacOSX. It is, however, buggy...but it works. (Ugly as sin)
Message was edited by: wilsonics
Message was edited by: wilsonics
Message was edited by: wilsonics -
May 26, 2010 5:25 AM in response to gsimpby Bradford Schwie,To get Snow Leopard's built in VPN client to import your personal certificate, I had to import the certificate into Keychain.app as a .pkcs12 file into the "System" keychain. If you already imported it into the "User" keychain, delete it and try again. It never worked for me when it was in the User keychain.
Although the built in VPN client now acknowledges my personal certificate and I am able to finish configuring the client, I am still unable to connect to the VPN server. The server address and my certificate are properly configured, but when I click connect, I'm greeted with the following error message:
"VPN Connection
The negotiation with the VPN server failed. Verify the server address and try reconnecting."
To be sure I had the correct server address, I resolved the name server address and typed in the numerical IP address. Same message… Help! When I use the same settings in the Cisco VPN Client, I connect without a hitch. -
Jul 7, 2010 3:40 PM in response to Bradford Schwieby tofergregg,I have the same problem with authentication using a certificate. "The negotiation with the VPN server failed. Verify the server address and try reconnecting."
The VPN on my iPhone works perfectly, though, so I think it is just a Snow Leopard issue. -
Jul 22, 2010 5:50 AM in response to gsimpby aschafu,I also have the same problem. The linux and windows machines in our group have no problem connecting, but I don't get my Mac into our VPN. The network setup always complains "No machine certificates found", even though it is in the keychain. -- I'd really like to see this problem solved! -
Jul 22, 2010 7:37 AM in response to aschafuby Bradford Schwie,I think this has something to do with the root certificate not validating. Try going to Keychain.app, right click on your personal certificate, and choose "Evaluate +name of certificate+"….
When you do this, Certificate Assistant will fire up. Choose "Generic (certificate chain validation only)". If your issue is like mine, you'll see under "Evaluation Status:" that "No root cert found".
I've filed a bug report with Apple and they are saying the same thing, that the root certificate needs to be found. The root certificate is in my Keychain, so I'm not sure why I'm getting this message.
Since the root certificate is not found, my (and possibly your) certificate are not valid for the Cisco VPN client to authenticate. -
Oct 10, 2010 4:05 AM in response to gsimpby hblnk,Same problem here. The Cisco certificate imports fine, but the VPN configuration dialogue cannot find it, regardless of where you locate it - System or Login.
The routers log has a rather discouraging message:
"Dynamic VPN Client in Main Mode is only supported for Microsoft VPN Client, please use Aggressive mode instead."
"[Tunnel Negotiation Info]<<<Responder Received Aggressive Mode 1st packet."
"Initial Aggressive Mode message from xxx.xxx.xxx.xxx but no (wildcard) connection has been configured."
Thanks in advance for an update.