Cisco VPN Client in Lion (64-bit Kernel)

[cavemonkey50]

I'm wondering if anyone knows if the Cisco VPN client will work under Lion.

I have a 2011 MacBook Pro that boots into the 64-bit kernel by default. Since Cisco still does not have a 64-bit compatible version of the VPN client, whenever I need to use the client I have to restart by holding the 32 keys to boot into the 32-bit kernel. My work's VPN only uses Cisco IPSec over UDP, which the built-in OS X VPN client does not support (OS X's VPN only does IPSec over TCP).

So, if I upgrade to Lion next week, am I going to run into trouble? My understanding of Lion is it's 64-bit only, which I'm assuming means no more 32-bit kernel and therefore no working Cisco VPN client. Unless Cisco puts out a 64-bit update soon or Lion supports IPSec over UDP, I think I may be forced to wait on the Lion upgrade.

 

[S.B.G]

I have a friend who works for Cisco and I sent him an email about this. We'll see if he can get an answer as I am curious to know as well.

 

[cavemonkey50]

I have a friend who works for Cisco and I sent him an email about this. We'll see if he can get an answer as I am curious to know as well.

Thanks. Hopefully Cisco is aware of this change and has some update in the pipeline. I know they recently released a 64-bit compatible version on Windows.

 

[unobtainium]

Wow, that's bad news. A lot of colleges also use Cisco's VPN client and a huge percentage of the faculty and students are Mac users. So hopefully Cisco will notice quickly.

 

[leman]

Wow, that's bad news. A lot of colleges also use Cisco's VPN client and a huge percentage of the faculty and students are Mac users. So hopefully Cisco will notice quickly.

These are usually compatible with OS X integrated Cisco VPN client. I have been using mine since SL released and its much nicer then the client provided by Cisco itself.

 

[S.B.G]

These are usually compatible with OS X integrated Cisco VPN client. I have been using mine since SL released and its much nicer then the client provided by Cisco itself.

I use the built-in client as well and agree that it is better than the Cisco provided client.

 

[Sky Blue]

VPN Client doesn't work in my testing.

 

[S.B.G]

My friend emailed me back just now.

According to the information I found on the VPN Client software:

1. The IPSEC VPN client software has been available from Cisco since the inception of the Firewall product line. It has always been a free product to download and use, with no licensing fee’s attached to it.
2. The IPSEC client is also called the Cisco VPN Client.
3. Our latest Client product is called the Anyconnect Client, and it has been around for approximately 5 -6 years. The AnyConnect client is a fee based client and requires the purchase of licenses to use.
4. All future development efforts on VPN Client software will be done on the AnyConnect client product. It is a very feature rich product already.
5. The AnyConnect client is compatible with all 64bit systems including the MAC 10. Series and the platforms that are 64bit only.
6. The IPSEC client/VPN Client was only recently enabled to handle Microsoft 64bit OS’s and is not able to run MAC 64bit OS’s at all.
7. I saw nothing on any plans to add MAC 64bit kernel compatibility. Since this is a free client anyway, development lags behind in a lot of cases.
8. To get the AnyConnect client, you must purchase licenses for the ASA that is being used as the VPN aggregator. Then the users can download it from the ASA.

Basically if he wants to use a 64bit MAC OS he will have to upgrade the license on his Cisco Concentrator to offer AnyConnect clients to the users.

Following is a URL to the datasheet on AnyConnect.

http://www.cisco.com/en/US/partner/...6032/ps6094/ps6120/data_sheet_c78-527494.html

Hope this info answers your question, let me know if you need more info!

Basically, I would just use the built-in IPSec VPN from OS X; that's what I do to connect to my ASA 5510.

EDIT: That URL requires a partner access account. He sent me a pdf data sheet. If you want it, PM me your email address and I can send it to you.

 

[nutmac]

I've been using AnyConnect just fine. Legacy client, however, no such luck.

 

[cavemonkey50]

My friend emailed me back just now.



Basically, I would just use the built-in IPSec VPN from OS X; that's what I do to connect to my ASA 5510.

EDIT: That URL requires a partner access account. He sent me a pdf data sheet. If you want it, PM me your email address and I can send it to you.

Thanks for the info. I'd love to use the built-in IPSec VPN in OS X, but unfortunately it only supports IPSec over TCP, while my work uses IPSec over UDP. Maybe Lion supports IPSec over UDP, but I haven't seen anything on Apple's feature page about it.

The suggestion on the AnyConnect client may be my best bet. I think my work has a license for it. They have a Windows version on our internal download website, so it may just be a matter of requesting the OS X version from the network support team. I'll talk to them on Monday and see if they have any solutions.

 

[throttlemeister]

If the internal Cisco client from SL/L doesn't work, I am afraid there is a good chance AnyConnect does not work either. I have a similar issue at work, where the Windows Cisco VPN client does work, as it uses port 443 but neither the internal Windows VPN client, nor AnyConnect, nor Mac internal Cisco client work because the firewall block the UDP ports they try to connect to.

 

[ForthRightAfter]

I have Cisco anyconnect and it works on Lion.

 

[///M5]

Off topic, but this is the reason we use Juniper SSL VPN solution - it doesn't require any client to be installed on the computer. It's amazingly simple to use.

 

[Takuro]

I work for Cisco. I don't work in software development, but I can tell you that AnyConnect is eventually going to replace the old VPN client all-together and will be the primary client for Lion.

I know this because myself and other co-workers have Macs and need to access our work VPN all the time. Mac support in general isn't that great, but Cisco is slowly becoming more and more Apple-friendly and will support Lion, but only once it's been released.

 

[S.B.G]

Wirelessly posted (iPhone 3GS: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

I work for Cisco. I don't work in software development, but I can tell you that AnyConnect is eventually going to replace the old VPN client all-together and will be the primary client for Lion.

I know this because myself and other co-workers have Macs and need to access our work VPN all the time. Mac support in general isn't that great, but Cisco is slowly becoming more and more Apple-friendly and will support Lion, but only once it's been released.

This is true. My friend at Cisco has told me the same thing a couple of years ago about Anyconnect.

He's a:
Sr. Systems Engineer
Security Specialist
Optical Networking Specialist
DataCenter Network Infrastructure Specialist – II certified

 

[cavemonkey50]

Network admin got back to me this morning. He tested the Cisco VPN client on the latest developer seed of Lion and it works. The 32-bit kernel is apparently still present in Lion and booting into the kernel by holding the 3 and 2 keys will still allow the VPN client to work. Lion here I come!

 

[S.B.G]

Network admin got back to me this morning. He tested the Cisco VPN client on the latest developer seed of Lion and it works. The 32-bit kernel is apparently still present in Lion and booting into the kernel by holding the 3 and 2 keys will still allow the VPN client to work. Lion here I come!

Hey, that's good news to hear! Party on!

 

[kaz219]

I stumbled upon this thread here and I am very surprised by your problem cavemonkey50. I have the exact opposite problem.

My native Cisco IPSec VPN client under 10.6.8 is only doing UDP, and all of my VPN access that require TCP are not working because of that.

I did a packet capture to make sure of this UDP vs TCP thing. Is there a setting somewhere to switch between TCP and UDP?

I'm wondering if anyone knows if the Cisco VPN client will work under Lion.

I have a 2011 MacBook Pro that boots into the 64-bit kernel by default. Since Cisco still does not have a 64-bit compatible version of the VPN client, whenever I need to use the client I have to restart by holding the 32 keys to boot into the 32-bit kernel. My work's VPN only uses Cisco IPSec over UDP, which the built-in OS X VPN client does not support (OS X's VPN only does IPSec over TCP).

So, if I upgrade to Lion next week, am I going to run into trouble? My understanding of Lion is it's 64-bit only, which I'm assuming means no more 32-bit kernel and therefore no working Cisco VPN client. Unless Cisco puts out a 64-bit update soon or Lion supports IPSec over UDP, I think I may be forced to wait on the Lion upgrade.

 

[cyberfed]

I can confirm that the Cisco VPN client will indeed work on OS X Lion if you boot OS X into 32 bit kernel mode.

As stated before just hold the 3 and 2 key down during your restart to boot the 32bit mode. After that I was able to fire up my Cisco VPN client and connect with no issues.

Not ideal but at least this means I can connect to my work from my Mac if need be without having to fire up a VM (ugh).
Just gotta wait for an updated client now, but at least we aren't dead in the water.

 

[Brotzeithasser]

maybe this helps http://www.ithora.se/846