Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1310
Views
5
Helpful
4
Replies

Mac OS l2tp/IPSEC VPN client to PIX Connections

m.reay
Level 1
Level 1

‎10-14-2004 02:38 PM - edited ‎02-21-2020 01:23 PM

Does anyone have an example configuration for configuring the Mac l2tp/IPSEC remote VPN client to a PIX using pre-shared keys.

Thanks.

Labels:
0 Helpful
4 Replies 4

sachinraja
Level 9
Level 9

‎10-17-2004 12:41 AM

Hello..

You need to have the appropriate MAC OS version to support the IPSEC VPN client connection. The version support is as given in the URL below:

http://cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094e6d.shtml

Once you download appropriate client, the PIX should be configured to accept dynamic VPN connections.

Following are the sample configurations:

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap client configuration address initiate

crypto map mymap client configuration address respond

crypto map mymap client authentication LOCAL

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

POLICY:

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

VPN GROUP:

vpngroup vpn idle-time 1800

vpngroup abcvpn address-pool vpnpool

vpngroup abcvpn split-tunnel 100

vpngroup abcvpn idle-time 1800

vpngroup abcvpn password ********

username abc password xyz

ip local pool vpnpool 10.1.1.1-10.1.1.254

NONATfor IPSEC traffic:

nat (inside) 0 access-list 100

access-list 100 permit ip host 192.168.180.1 10.1.1.0 255.255.255.0

Do let us know if this works..

0 Helpful

m.reay
Level 1
Level 1
In response to sachinraja

‎10-17-2004 02:48 AM

Thanks for the reply but the information you have posted refers to the Cisco VPN client using pure IPSEC.

The Macintosh has a built in l2tp/IPSEC client which

is supposed to be supported on the PIX.

The configuration for l2tp is different to IPSEC VPN - you need to configure VPDN on the PIX.

I have tried this using examples I have found from the web - but have been unsuccessful so far.

I have mad a connection from the Mac by downloading the Cisco client but wanted to get the l2tp version working.

0 Helpful

sachinraja
Level 9
Level 9
In response to m.reay

‎10-17-2004 11:50 PM

cool. configure the vpdn and try accessing it from a windows 2000 pc.. as per the cisco documentation, the L2TP support has been given only for windows 2000 pc/server. Not sure if it is supported with a MAC L2TP client..

Just have a look at this URL:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080148714.html

which says that the L2TP support is only for windows.

m.reay
Level 1
Level 1
In response to sachinraja

‎10-18-2004 12:19 AM

OK - thanks for the information

0 Helpful
Customers Also Viewed These Support Documents