Cisco VPN Client in Lion (64-bit Kernel)

Discussion in 'Mac OS X Lion (10.7)' started by cavemonkey50, Jul 8, 2011.

  1. cavemonkey50, Jul 8, 2011
    Last edited: Jul 8, 2011

    cavemonkey50 macrumors 6502

    Joined:
    Aug 9, 2007
    Location:
    Allentown, PA
    #1
    I'm wondering if anyone knows if the Cisco VPN client will work under Lion.

    I have a 2011 MacBook Pro that boots into the 64-bit kernel by default. Since Cisco still does not have a 64-bit compatible version of the VPN client, whenever I need to use the client I have to restart by holding the 32 keys to boot into the 32-bit kernel. My work's VPN only uses Cisco IPSec over UDP, which the built-in OS X VPN client does not support (OS X's VPN only does IPSec over TCP).

    So, if I upgrade to Lion next week, am I going to run into trouble? My understanding of Lion is it's 64-bit only, which I'm assuming means no more 32-bit kernel and therefore no working Cisco VPN client. Unless Cisco puts out a 64-bit update soon or Lion supports IPSec over UDP, I think I may be forced to wait on the Lion upgrade.
     
  2. SandboxGeneral Moderator emeritus

    SandboxGeneral

    Joined:
    Sep 8, 2010
    Location:
    Detroit
    #2
    I have a friend who works for Cisco and I sent him an email about this. We'll see if he can get an answer as I am curious to know as well.
     
  3. cavemonkey50 thread starter macrumors 6502

    Joined:
    Aug 9, 2007
    Location:
    Allentown, PA
    #3
    Thanks. Hopefully Cisco is aware of this change and has some update in the pipeline. I know they recently released a 64-bit compatible version on Windows.
     
  4. unobtainium macrumors 68020

    Joined:
    Mar 27, 2011
    #4
    Wow, that's bad news. A lot of colleges also use Cisco's VPN client and a huge percentage of the faculty and students are Mac users. So hopefully Cisco will notice quickly.
     
  5. leman macrumors G3

    Joined:
    Oct 14, 2008
    #5
    These are usually compatible with OS X integrated Cisco VPN client. I have been using mine since SL released and its much nicer then the client provided by Cisco itself.
     
  6. SandboxGeneral Moderator emeritus

    SandboxGeneral

    Joined:
    Sep 8, 2010
    Location:
    Detroit
    #6
    I use the built-in client as well and agree that it is better than the Cisco provided client.
     
  7. Sky Blue Guest

    Sky Blue

    Joined:
    Jan 8, 2005
  8. SandboxGeneral, Jul 8, 2011
    Last edited: Jul 8, 2011

    SandboxGeneral Moderator emeritus

    SandboxGeneral

    Joined:
    Sep 8, 2010
    Location:
    Detroit
    #8
    My friend emailed me back just now.

    Basically, I would just use the built-in IPSec VPN from OS X; that's what I do to connect to my ASA 5510.

    EDIT: That URL requires a partner access account. He sent me a pdf data sheet. If you want it, PM me your email address and I can send it to you.
     
  9. nutmac macrumors 68040

    Joined:
    Mar 30, 2004
    #9
    I've been using AnyConnect just fine. Legacy client, however, no such luck.
     
  10. cavemonkey50 thread starter macrumors 6502

    Joined:
    Aug 9, 2007
    Location:
    Allentown, PA
    #10
    Thanks for the info. I'd love to use the built-in IPSec VPN in OS X, but unfortunately it only supports IPSec over TCP, while my work uses IPSec over UDP. Maybe Lion supports IPSec over UDP, but I haven't seen anything on Apple's feature page about it.

    The suggestion on the AnyConnect client may be my best bet. I think my work has a license for it. They have a Windows version on our internal download website, so it may just be a matter of requesting the OS X version from the network support team. I'll talk to them on Monday and see if they have any solutions.
     
  11. throttlemeister macrumors 6502a

    Joined:
    Mar 31, 2009
    Location:
    Netherlands
    #11
    If the internal Cisco client from SL/L doesn't work, I am afraid there is a good chance AnyConnect does not work either. I have a similar issue at work, where the Windows Cisco VPN client does work, as it uses port 443 but neither the internal Windows VPN client, nor AnyConnect, nor Mac internal Cisco client work because the firewall block the UDP ports they try to connect to.
     
  12. ForthRightAfter macrumors member

    ForthRightAfter

    Joined:
    Oct 8, 2008
    #12
    I have Cisco anyconnect and it works on Lion.
     
  13. ///M5 macrumors 6502

    Joined:
    May 14, 2009
    #13
    Off topic, but this is the reason we use Juniper SSL VPN solution - it doesn't require any client to be installed on the computer. It's amazingly simple to use.
     
  14. Takuro macrumors 6502

    Takuro

    Joined:
    Jun 15, 2009
    #14
    I work for Cisco. I don't work in software development, but I can tell you that AnyConnect is eventually going to replace the old VPN client all-together and will be the primary client for Lion.

    I know this because myself and other co-workers have Macs and need to access our work VPN all the time. Mac support in general isn't that great, but Cisco is slowly becoming more and more Apple-friendly and will support Lion, but only once it's been released.
     
  15. SandboxGeneral Moderator emeritus

    SandboxGeneral

    Joined:
    Sep 8, 2010
    Location:
    Detroit
    #15
    Wirelessly posted (iPhone 3GS: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

    This is true. My friend at Cisco has told me the same thing a couple of years ago about Anyconnect.

    He's a:
    Sr. Systems Engineer
    Security Specialist
    Optical Networking Specialist
    DataCenter Network Infrastructure Specialist – II certified
     
  16. cavemonkey50 thread starter macrumors 6502

    Joined:
    Aug 9, 2007
    Location:
    Allentown, PA
    #16
    Network admin got back to me this morning. He tested the Cisco VPN client on the latest developer seed of Lion and it works. The 32-bit kernel is apparently still present in Lion and booting into the kernel by holding the 3 and 2 keys will still allow the VPN client to work. Lion here I come!
     
  17. SandboxGeneral Moderator emeritus

    SandboxGeneral

    Joined:
    Sep 8, 2010
    Location:
    Detroit
    #17
    Hey, that's good news to hear! Party on!
     
  18. kaz219 macrumors member

    Joined:
    May 8, 2006
    #18
    I stumbled upon this thread here and I am very surprised by your problem cavemonkey50. I have the exact opposite problem.

    My native Cisco IPSec VPN client under 10.6.8 is only doing UDP, and all of my VPN access that require TCP are not working because of that.

    I did a packet capture to make sure of this UDP vs TCP thing. Is there a setting somewhere to switch between TCP and UDP?

     
  19. cyberfed macrumors newbie

    Joined:
    Apr 27, 2011
    #19
    I can confirm that the Cisco VPN client will indeed work on OS X Lion if you boot OS X into 32 bit kernel mode.

    As stated before just hold the 3 and 2 key down during your restart to boot the 32bit mode. After that I was able to fire up my Cisco VPN client and connect with no issues.

    Not ideal but at least this means I can connect to my work from my Mac if need be without having to fire up a VM (ugh).
    Just gotta wait for an updated client now, but at least we aren't dead in the water.
     

Share This Page