Cisco VPN on 10.8 Mountain Lion

[Ripmax2000]

Does anyone know how well the built in Cisco VPN works now in 10.8?

In Lion, the built in one would cut out every 45 mins (can't remember exact figure). Cisco's own VPN app works, but you have to run the kernel in 32-bit mode.

My understanding is there is no 32-bit mode anymore, so I'm hoping Apple have fixed the issue (or that Cisco have released a 64-bit version of Anytime).

Does anyone have any insight on this?

 

[mwhities]

Are you referring to the "Add VPN" in the Network Preferences?

I have been connecting to three different VPNs (Cisco IPSec) with no issues at all.

 

[Queso]

It depends on how the ASA is configured at the other end. If the VPN has multiple subnets defined for the server end of the VPN the first pair of IPSec SAs will always form successfully via the Apple built in VPN client, but subsequent SAs may not. This wasn't ever a problem on the Cisco branded client.

If you only have a small environment and can represent your entire network with one address space do so, then limit down as required by applying ACLs upon authentication.

What I can't tell you is whether it's fixed in 10.8 though, as everything I now look after has moved over to SSL-based AnyConnect.

 

[vom]

Does anyone know how well the built in Cisco VPN works now in 10.8?

In Lion, the built in one would cut out every 45 mins (can't remember exact figure). Cisco's own VPN app works, but you have to run the kernel in 32-bit mode.

My understanding is there is no 32-bit mode anymore, so I'm hoping Apple have fixed the issue (or that Cisco have released a 64-bit version of Anytime).

Does anyone have any insight on this?

The 'original' Cisco VPN client sucks (unless you are on 32 bit windows). I ran Linux for years and every kernel it got harder and harder and more patches to get it working. Took them forever for 64-bit Windows version. Never even tried Mac version. Stay away from that if possible.

AnyConnect is certainly the future. This means you have a nice up to date ASA with SSL VPN licenses though.

For good ole 'Cisco' ipsec VPN - I use the OSX built in VPN. Worked fine for me in Lion and now in ML as well.

Disconnecting every 45 min or so sounds like perhaps a firewall/router issue ? If your router is deciding to 'tear down' the NAT-T UDP connection (which is an oxymoron anyway - UDP 'connection' that is) - that could be the issue.

Do you have a friend or relative's network you could try out and see how long you stay connected ?

 

[Ripmax2000]

The 45 minute thing happens on any connection. A lot of people seem to have the same issue:

https://discussions.apple.com/thread/3275811?start=0&tstart=0

 

[0MSA0]

Cisco VPN on 10.8 Mountain Lion

Dear All,

I Still need to still using my Cisco VPN in ML 10.8, I can't change to native ML because I receive a file with all pw's from networking team.

Can anyone Help me ?

Regards

0MSA0

 

[b0rg]

Dear All,

I Still need to still using my Cisco VPN in ML 10.8, I can't change to native ML because I receive a file with all pw's from networking team.

Can anyone Help me ?

Regards

0MSA0

Use http://anders.com/guides/native-cisco-vpn-on-mac-os-x/

 

[throttlemeister]

The old client may be crap, but the one good thing it does is that it allows to set up a VPN over tcp:443. AnyConnect and the built in client use a whole boatload of different ports. On my client site, I only have access to ports 80 and 443, everything else is dropped at the firewall, so I am essentially forced to use Parallels and the Windows client to connect to my company VPN.

 

[bogatyr]

I've had no issues staying on for more than 45minutes using Lion or ML's client. I also have no issues with multiple subnets. Are you sure it is a client issue?

 

[Ripmax2000]

I've had no issues staying on for more than 45minutes using Lion or ML's client. I also have no issues with multiple subnets. Are you sure it is a client issue?

Yes, tried the VPN in ML and getting the same exact issue. The Console error says:
configd[16]: IPSec Controller: XAuth reauthentication dialog required, so connection aborted

 

[crucius]

in my case i want to access my university privileges through vpn

while on Lion, i could access it without problems through Cisco VPN client, but now on ML i can't use it anymore because 32-bit apps are not supported

i configured the native VPN, but i always get a "configuration error" (i followed instructions from this link: http://anders.com/guides/native-cisco-vpn-on-mac-os-x/ but i don't have the racoon process running...)


what's happening? i can do it without any problems on windows...

 

[JaxDroidGuy]

Many thanks for this!

I just bought my first Mac (MBP 13) and really needed to get the VPN going for work. For some reason my XP VM isn't connecting like it does from my Linux box (need to do some research). I actually prefer to run in the VM so my primary internet connection is still available.

In the interim, at least, this is working like a champ! I've already connected a couple of times (much faster than the Cisco client btw). Thanks again!

One question: is there a video setting to get it to fill the screen? Full screen still has borders on the left and right so I lose a little real estate.

 

[Kuwait]

i use storngvpn fast and esay install

 

[JaxDroidGuy]

Thanks. I'll check it out.

 

[aaarrrgggh]

Not fixed

It depends on how the ASA is configured at the other end. If the VPN has multiple subnets defined for the server end of the VPN the first pair of IPSec SAs will always form successfully via the Apple built in VPN client, but subsequent SAs may not. This wasn't ever a problem on the Cisco branded client.

If you only have a small environment and can represent your entire network with one address space do so, then limit down as required by applying ACLs upon authentication.

What I can't tell you is whether it's fixed in 10.8 though, as everything I now look after has moved over to SSL-based AnyConnect.

Not fixed in 10.8. Thanks for the explanation, was banging head against wall.

For those that don't understand the original post, as I understand it, if the LAN you are connecting do has different subnets for local resources and VPN clients you are out of luck.