Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
0
Helpful
3
Replies

ASA and Apple VPN Client

ibrewster
Level 1
Level 1

‎12-07-2006 07:36 PM - edited ‎03-11-2019 02:05 AM

I have an ASA 5510 box with software version 7.2(1) which I am trying to get to work with the built-in VPN client on Mac OS X 10.4.x I have the ASA is set up to the point that client machines using the Cisco client can VPN in properly with everything working, and the Apple client can seemingly connect properly. When connected via the apple client, however, the network is not accessible. Both the ASA with logging set to the debug level and the apple VPN log show a good connection. The apple client receives the addresses of our internal DNS servers properly, and a netstat -rn shows the 10.x destinations (our inside network) being routed over ppp0-the VPN connection. All this looks good-but no traffic flows. If, for example, I try to ping a computer inside the network, I get no response. The ASA log only shows a string of errors like the following:

3 Dec 07 2006 08:58:24 713042 IKE Initiator unable to find policy: Intf inside, Src: 10.9.1.59, Dst: 10.8.1.2

where 10.8.1.2 is the address assigned to the VPN client, and 10.9.1.59 is a computer inside the network that I know responds to pings. I know this error is described as being "probably timing related" and "likely to correct itself", but in this case it seems to be denying me access to the network. As mentioned before, the Cisco client works fine. How can I correct this, other than using the Cisco client? There are a number of reasons why I would rather use the Apple client. Thanks!

Labels:
0 Helpful
3 Replies 3

ibrewster
Level 1
Level 1

‎12-08-2006 12:48 PM

If it helps any, when connected the ASA VPNn statistics show the protocol for the apple client as "L2TPOverIPSecOverNatT" and the Encryption as 3DES. For the cisco client, the protocol is listed as only "IPSecOverNatT". Everything else looks the same. Any ideas? Thanks.

0 Helpful

ibrewster
Level 1
Level 1

‎12-11-2006 09:20 AM

Does anybody have any ideas on this? I would really like to get this working. Would there be some other place that would be more appropriate for me to ask this question? Thanks!

Israel

0 Helpful

kcaporaso
Level 1
Level 1
In response to ibrewster

‎12-19-2007 03:09 PM

ibrewster,

I'm no expert, but based on your IKE message it seems like you need some policy in place that allows the traffic from 10.8.x.x to 10.9.x.x?

I'm attempting something similiar, but with a ASA5505, I can get a Mac OS 10.3 client to connect to my ASA, but I can't ping it on the same subnet 192.168.1.x. I'm trying to use ARD (Apple Remote Desktop) to control/observe that logged in client.

PS: I'm using Cisco's VPN client, I realize you're using Apple VPN client.

Perhaps you've already figured it all out.

-Kevin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card