Snow Leopard: Cisco VPN - IPSec Over UDP

Discussion in 'macOS' started by rwilliams, Aug 28, 2009.

  1. rwilliams macrumors 68040

    rwilliams

    Joined:
    Apr 8, 2009
    Location:
    Durham, NC
    #1
    After some testing on Snow Leopard, it appears that it's built-in Cisco VPN client only connects using IPSec over TCP, which is very problematic for those of us using IPSec over UDP connections. Has anyone tried this out, and does anyone have any idea of how UDP support might be enabled? If not, perhaps Apple will release an update at some point that addresses this issue. Thanks.
     
  2. husker159 macrumors newbie

    Joined:
    Sep 2, 2009
    #2
    Snow Leopard VPN (Cisco IPsec) - Ericom

    I'm certainly not qualified to answer the specific question about UDP, but I am also having problems with VPN (Cisco IPsec). After installing Snow Leopard (SL), I was not able to use my old Cisco connection. So, I went to my Network and created a new VPN (Cisco IPsec). Note, the settings are not the same as used for my previous Cisco VPN. I had to use the same settings our Network Administrator created for my iPhone to connect to our AS/400. The connection seems ok, but I will lose the link to the AS/400 after some period of time. On Leopard 10.5 with Cisco installed as an app, I could stay connected all day. The VPN connection remains and all I have to do is re-open my emulator software and re-connect to the AS/400. On Saturday, I connected with Boot Camp using the Cisco app and I stayed connected to the AS/400 all day even though afk for long periods. I called Ericom (one of the emulators I use -- Mocha is another) and they gave me a link to their AS/400 that was thru the internet -- no VPN required. It lasted only about 30 minutes before disconnecting and my VPN to work was fine. That implies the VPN may not be the cause, but some hiccup in the "top level" SL software? Maybe something with my internet service provider -- but, what a coincidence it happened just after SL was installed. I'm doing some more experiments to see if I notice a difference between Ericom's PowerTerm or MochaSoft. Any suggestions would be appreciated.
     
  3. midnightgolfer macrumors newbie

    Joined:
    Sep 5, 2009
    #3
    The latest vpn client from Cisco works fine with IPsec over UDP

    The latest vpn client from Cisco works fine with IPsec over UDP

    I just installed Snow Leopard and I couldn't get the built-in VPN to connect, but after installing the latest client from Cisco, I am able to connect using the Cisco client.
     
  4. husker159 macrumors newbie

    Joined:
    Sep 2, 2009
    #4
    Was the Cisco Client you installed the free one? Or the one they require customers to buy, like they require for Vista-64? Also, if the free client -- where did you find? I had to use an old download that I had saved. Currently using the built-in version. Thanks
     
  5. throttlemeister macrumors 6502a

    Joined:
    Mar 31, 2009
    Location:
    Netherlands
    #5
    I can't even get it to work, which is very annoying. I know I have the settings correct, but when it put in my password, it just disconnects.

    This is what I get in my logs:
    Code:
    Sep 11 22:49:44 nebuchadnezzar racoon[9644]: Connecting.
    Sep 11 22:49:44 nebuchadnezzar racoon[9644]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
    Sep 11 22:49:44 nebuchadnezzar racoon[9644]: IKE Packet: receive success. (Initiator, Main-Mode message 2).
    Sep 11 22:49:44 nebuchadnezzar racoon[9644]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
    Sep 11 22:49:45 nebuchadnezzar racoon[9644]: IKE Packet: receive success. (Initiator, Main-Mode message 4).
    Sep 11 22:49:45 nebuchadnezzar racoon[9644]: IKE Packet: transmit success. (Initiator, Main-Mode message 5).
    Sep 11 22:49:45 nebuchadnezzar racoon[9644]: IKEv1 Phase1 AUTH: success. (Initiator, Main-Mode Message 6).
    Sep 11 22:49:45 nebuchadnezzar racoon[9644]: IKE Packet: receive success. (Initiator, Main-Mode message 6).
    Sep 11 22:49:45 nebuchadnezzar racoon[9644]: IKEv1 Phase1 Initiator: success. (Initiator, Main-Mode).
    Sep 11 22:49:45 nebuchadnezzar racoon[9644]: IKE Packet: transmit success. (Information message).
    Sep 11 22:49:45 nebuchadnezzar racoon[9644]: IKEv1 Information-Notice: transmit success. (ISAKMP-SA).
    Sep 11 22:49:46 nebuchadnezzar configd[18]: IPSec Controller: Ignoring unsupported Xauth Domain
    Sep 11 22:49:51 nebuchadnezzar racoon[9644]: IKE Packet: transmit success. (Mode-Config message).
    Sep 11 22:49:51 nebuchadnezzar configd[18]: IPSec Controller: Received unsupported Xauth Vendor attribute (value 3)
    Sep 11 22:49:51 nebuchadnezzar configd[18]: SCNCController: Disconnecting. (Connection tried to negotiate for, 0 seconds).
    Sep 11 22:49:51 nebuchadnezzar racoon[9644]: IKE Packet: transmit success. (Information message).
    Sep 11 22:49:51 nebuchadnezzar racoon[9644]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
    Sep 11 22:49:52 nebuchadnezzar racoon[9644]: Disconnecting. (Connection tried to negotiate for, 7.491457 seconds).
    I can connect using UDP or TCP to my company, so that does not matter. I just don't get it.
     
  6. rwilliams thread starter macrumors 68040

    rwilliams

    Joined:
    Apr 8, 2009
    Location:
    Durham, NC
    #6
    Me either. This VPN client is a massive FAIL. The discussions section of Apple's support site is filled with people having problems with this. Which is why it was quite disappointing that they didn't address VPN in 10.6.1.
     
  7. sastad macrumors newbie

    Joined:
    Sep 12, 2009
    #7
    Losing connection after five minutes

    I also have problems with the Cisco IPsec connection in SL. I get connected and it works fine for about five minutes, and then it won´t work anymore. To reconnect i have to turn off airport, and then connect with IPsec. Any of you have a solution to this?
     
  8. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #8
    I have used the built-in client using TCP connecting to an ASA 5520 with 8.0.4 software running on it. I can use either the Cisco client or the built-in client without error. What is everyone else using on the backend? Are you inputting the Group ID and password (case sensitive)?

    Regarding the poster talking about a "paid" client, there is no such thing (at least I have not heard of it). If you have support, you can download the client for any OS they support.

    EDIT: Correction, the connection using the built-in client is using IPSec over UDP. Using netstat, when the client connects, I see the UDP sockets open, but no TCP sockets. I don't even see a setting to change it in the built-in client.
     
  9. captbrando macrumors newbie

    Joined:
    Aug 19, 2010
    #9
    LeSigh

    Same issues here. The main problem for me is I prefer to run my mac in 64-bit mode. The Crisco client only runs in 32-bit mode. The real problem for me is the lack of GUI-based error reporting and the fact that the system.log errors are not very helpful in finding the solution. I believe my issue is older cisco infrastructure that I am connecting to, but I cannot confirm this.

    Sure wish Apple would put some time into this and/or Cisco would release a 64-bit version of their client.
     
  10. dawning macrumors newbie

    Joined:
    Aug 14, 2010
    Location:
    Milky Way Galaxy
    #10
    Still an issue

    Well, we're now in to the era of Lion and this still seems like an issue. The Lion installer managed to screw up my boot support for my other systems, so I also cannot boot in to Linux & Windows where I have this working fine. My sister also uses the same Cisco VPN rig I'm trying to connect to and she used the Cisco VPN client on OSX - which lead to a kernel panic after an OSX upgrade - so I'd rather use the built-in client... Which I can't get to work. I'm pretty sure my company only allows UDP access - though maybe I can get changed, it's not like our admin even knows what UDP is.

    Still, seems like this is a problem for many, maybe we should all get on submitting feature requests to Apple over it?
     
  11. parisv macrumors member

    Joined:
    Sep 25, 2008
    #11
    I have the same issue with Lion it connects for 35-45 mins then disconnects. Really annoying!
     

Share This Page