10-18-2007 03:54 AM - edited 02-21-2020 03:19 PM
Has anyone managed to connect with Mac's L2TP client to a Cisco (1812W) router with IOS 12.4T? I have found a bug in the l2tp client of Mac which does not handle newer L2TP AVPs. However, the L2TP server on the router sends "56 PPPoE Relay Response Capability" and "57 PPPoE Relay Forward Capability" which will cause the Mac client to abort immediately.
It seems to me as if the L2TP client on MacOSX simply does not work with Cisco routers running 12.4(T).
The Windows client connects just fine.
I am currently looking whether it is possible to prevent the router from sending these AVPs but I have not found anything, yet.
Does anyone use the MacOSX client to connect successfully or knows a way how to disable those AVPs on the router?
10-24-2007 06:14 AM
The VPN client should be able to connect to an IOS router without an issue. I have sent you a URL on setting this up as well as a sample configuration for your review. The MAC OSX client install should be the same as the 3.6 client.
http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/nonwin35/user_gd/index.htm
10-24-2007 05:13 PM
I know that the Cisco VPN Client connects to the router. I use the client myself. The point of using the L2TP client was to connect to the router with a client which comes with the OS and not being required to install another software.
10-24-2007 09:02 AM
FWIW, the native OSX client works with PIX/ASA, but panther won't work with NAT-T (tiger will.)
I doubt you'll be able to disable the AVPs. I hope they don't break this in the PIX image as well.
10-24-2007 05:21 PM
I have not found anything, yet, to disable the AVPs. Technically, they are O.K. and RFC compliant. The Tiger L2TP client does not recognize them. But what is worse: instead of ignoring them properly they try to check the size of the AVP against a static array which contains the expected sizes for all AVPs from the original RFC. Obviously accessing this array with an index larger then the array size results in random results or even a crash.
Thus, I don't think it is a problem of Cisco. I don't think they can "break this". What they do is RFC compliant. It is a bug of tiger. I just was wondering why noone noticed this problem yet. But I guess Cisco added those AVPs not long ago and I run pretty much the latest IOS version here.
Well, tomorrow I will get Leopard and will see if they have fixed this there or not.
10-26-2007 10:15 PM
I was hoping they have fixed this in Leopard. But unfortunately no difference...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide