I have found a solution that works for me. I just retrieved the executables racoon and racoonctl for lion (they are in /usr/sbin/), and replaced the mountain lion ones with those. For this version is clear that Apple has created a custom racoon that makes it mandatory for certificates to be installed in Keychain Access (it was not my case) and to have them given permission to use racoon.
I didn't test what would happen if I installed the certificates in the Keychain Access because I don't have their password (don't ask, company policy), but I guess it would work.
Note: This "solution" might make other VPN connections you might have with Keychain Access certificates not work.
I have tried doing this, but in Keychain Access I only see the two different types of passwords and not a certificate. One is a XAuth Password and the other is a Shared Secret. I try to go to 'my certificates' and it's empty after I have gone through the installer for my school's VPN. The other certificates I have are: Software signing, com.apple.systemdefault, come.apple.kerberos.kdc, and Apple Code Signing Certification Authority. I have tried setting both those password Access Controls to allow by any application, but that didn't work. It starts out with allowing racoon anyway.
having the same problem. When I try to connect via VPN (Cisco IPSEC), I get "the negotiation with the VPN server failed. Verify the server address and try reconnecting." When I follow your steps going into Keychain Access and change the access control to the private key, I get "The server certificate's identity is incorrect, contact your local network administrator."
I used to use a Cisco VPN on Mountain Lion with no issues, and had never used the internal IPSEC vpn...
I've been bashing my head and reading all available forums and am still bashing my head against a brick wall.
We had people using Lion 10.7 with Cisco IPsec VPN and all of our server settings and shared secret worked without a hitch. One person has taken the leap and gone to Mountain Lion and it all went to shreds. I've had a look at the system log and this is what I get from when it tries to connect:9/17/12 1:35:09.064 PM configd: IPSec connecting to server 184.108.40.206
9/17/12 1:35:09.067 PM configd: IPSec Phase1 starting.
9/17/12 1:35:09.067 PM configd: SCNC: start, triggered by System Preferen, type IPSec, status 0
9/17/12 1:35:09.077 PM mDNSResponder: Double NAT (external NAT gateway address 192.168.1.70 is also a private RFC 1918 address)
9/17/12 1:35:09.078 PM racoon: IPSec connecting to server 220.127.116.11
9/17/12 1:35:09.078 PM racoon: Connecting.
9/17/12 1:35:09.079 PM racoon: IPSec Phase1 started (Initiated by me).
9/17/12 1:35:09.082 PM racoon: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
9/17/12 1:35:09.121 PM racoon: IKEv1 Phase1 AUTH: failed. (Initiator, Aggressive-Mode Message 2).
9/17/12 1:35:09.122 PM configd: IPSec Controller: IKE FAILED. phase 2, assert 0
9/17/12 1:35:09.122 PM racoon: IKE Packet: transmit success. (Information message).
9/17/12 1:35:09.122 PM racoon: IKEv1 Information-Notice: transmit success. (ISAKMP-SA).
9/17/12 1:35:09.122 PM racoon: IKE Packet: receive failed. (Initiator, Aggressive-Mode Message 2).
9/17/12 1:35:09.122 PM configd: IPSec disconnecting from server 18.104.22.168
9/17/12 1:35:09.122 PM racoon: IPSec disconnecting from server 22.214.171.124
9/17/12 1:35:09.125 PM racoon: IPSec disconnecting from server 126.96.36.199
From this I gather that there is something up with IKE? Or perhaps that it is trying to go with aggressive mode (whereas we have static IPs) could be a problem?
Can anyone help out with this at all?
And also, is there a way to find out what version of the Cisco VPN client comes installed by default in Mac Lion 10.7 and which one comes in Mountain Lion? (Could the default settings have changed somewhere?)
I have totally the same problem as greg.shaw after migration to Mountain Lion:
VPN is working fine, but i still cannot access any internal portals or servers, except two (mail server, and MS communicator server).
DNS are ok, all configs too.
Do not know what else i can try. Spent all day to find the problem, but still no result
I finally fixedit!
So, what I did is:
1. I went to http://support.apple.com/downloads#osxmountainlion and manually downloaded Lion update 10.8.2 (combo)
2. Installed it
3. Opened Keychain access, choosed category "all items" and entered in search my VPN name. Found my vpn configuration, opened it. Choosed "allow all applications to acces the item" in "Access control" menu from pop up, which appeared after double click on the VPN configuration.
4. VPN works and all internal sites works fine as well.
Now I will try to grant access to racoon only to avoid the security breach, when granting access to all apps.
But infact it is a bit frustrating, I really spent 4 days to get it work. Apple should do more testing before launching new updates or at least provide better support for bug-fixing.
Well, I just did it. I granted access only to racoon and racoonconf to my vpn configuration in keychain access and after VPN restart everything worked fine.
Tip: to find the racoon and racoonconf files in keychain browser window, when adding new apps, just type cmd-shift-g, and in the "go to folder" menu, which pop ups, enter the pass "/usr/sbin". There you will be able to find both racoon and racoonconf.