Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Native VPN Cisco IPsec at all apple devices fails when more than 170 destination vlans

Hello,

I found an issue/bug at all Apple devices in the implementation of the Native Cisco IPsec Client VPN.

The fails to bring up the connection when you have more than 170 destination vlan configured on the VPN server (on my case Cisco ASA)


Its happens at Yosemite 10.10.5 and at iOS 9.1, and it's easily repeatable.

I only able to see this error on the logs:

Dec 1 09:13:17 mbp.local racoon[1259]: failed to get sainfo.

Dec 1 09:13:17 --- last message repeated 1 time ---

Dec 1 09:13:17 mbp kernel[0]: ip_output_list: can't update route after IPsec processing

Dec 1 09:13:18 mbp.local racoon[1259]: failed to get sainfo.

Dec 1 09:13:21 --- last message repeated 7 times ---

Dec 1 09:13:22 mbp.local racoon[1259]: failed to get sainfo.

Dec 1 09:13:32 --- last message repeated 19 times ---

Dec 1 09:13:33 mbp.local racoon[1259]: failed to get sainfo.

Dec 1 09:13:34 --- last message repeated 1 time ---

Dec 1 09:13:34 mbp.local nesessionmanager[685]: NESMLegacySession[VPN (Cisco IPSec):--------------------: status changed to disconnecting

We have troubleshooting the error, and everything works on Windows/Andorid/Thirdparty VPN clients on OSX, under and over 170 networks on the VPn connections.

It only fails when the combination is OSX/iOS 10.10.5 or above/ 9.1 Native Cisco IPsec and more than 170 destination networks. If you put back to lower number it works without issues

MacBook Pro (Retina, 13-inch, Mid 2014), OS X Yosemite (10.10.5)

Posted on Dec 1, 2015 5:02 AM

Reply

There are no replies.

Native VPN Cisco IPsec at all apple devices fails when more than 170 destination vlans

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.