cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
91228
Views
35
Helpful
17
Replies

MAC OS-X Lion and Error 51 - Help Needed ASAP Please

lgldsr1973
Level 1
Level 1

Greetings,

I have been using the Cisco VPN Client (4.9.01) for Mac under Snow Leopard (10.6.x) without any issues.

Since upgrading to Lion earlier today I am now receiving an Error 51 - unable to communicate with the subsystem.

I found a thread that suggested restarting the system while holding down Opt/3/2 keys to force a 32-Bit restart and the Client will indeed run. However, this is a bandaid patch.

Has Cisco addressed this issue? Is there a better workaround at this time?

Thank you,

Lyman

1 Accepted Solution

Accepted Solutions

Yes, just open the PCF file, copy the group-password-encrypted to the

http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode

and paste it in there... then you get the clear text version of your group password.

Then use this as shared password in the mac client.

Philipp

View solution in original post

17 Replies 17

ph
Level 1
Level 1

Hi,

yes, the cisco vpn client is not supported with the 64bit lion version anymore.

I am using since the lion update now the Mac integrated VPN client (Network Preferences, +, VPN, Cisco IPSec, etc.)

What is working fine when you want to change the DNS to the internal DNS manually on the Ethernet/Wi-Fi Interface (I did an App which is doing it automatically).

The newest version of the AnyConnect is supporting Lion.

But I have no idea yet how to setup the Anyconnect for using IPsec... maybe you have an idea?

Regards

Philipp

Many thanks. When using the Mac built-in client I keep receiving an error advising that the Shared Secret is incorrect. Is there a way to extract this from the Cisco .pcf file?

Also, the Firewall is a Cisco ASA-5505 and it was my understanding (which I find difficult to believe) that only the Cisco VPN Client can be used.

Thanks.

Yes, just open the PCF file, copy the group-password-encrypted to the

http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode

and paste it in there... then you get the clear text version of your group password.

Then use this as shared password in the mac client.

Philipp

Absolutely outstanding! Thank you very much!

Worked perfectly. Thanks for the clear guidance and quick responses.

Sent from Cisco Technical Support iPad App

jazou
Level 1
Level 1

Hi

The workaround is using MAC OS X Lion build-in VPN function.

I have the same issue as you do, but solved through this way.

I am sure that cisco will update VPN client app soon, but now, this ways works fine.

Sent from Cisco Technical Support iPad App

Hi,

my problem is that I need IPSEC over UDP connection, which is not supported by OSX native VPN function. As I understand (very odd though) only CISCO VNP Client was able to connect with IPSEC over UDP, not even Anyconnect. Is there any known solution or a workaround (beside the 32bit boot where old CISCO VPN client is still running ok)?

Thank you,

Aljoša

Dear Aljosa,

this is just not true, the Mac VPN client must also work over UDP as it's working when I am home with my NAT router

So NAT-T seems to be working fine... have you tested it?

Philipp

Sorry Philipp, I don't know how/where can I tell the IPSEC to work over UDP. When I create a new VPN connection (System Prefernces/Network) and I choose CISCO IPSEC, I don't see any additional options for UDP selection. What am I missing/doing wrong?

Thank you,

Aljoša

Hi,

you cannot configure it (I guess TCP is not supported) but if the client see in Phase 1 that ESP is not working it will switch back to UDP-4500 (NAT-T). So this is an automated process...

Or have you configured any special UDP Port on the VPN Gateway?

Anyway, have you tried to establish a VPN connection? Is it not working?

Regards

Philipp

Hi,

I tried anything till now but the only way I can create a woking connection is to enable transparent tunelling IPSEC via UDP (NAT/PAT) in CISCO VPN client (Windows or OSX SL). By the way, I use a certificate for authentication if that matters anything.

Now that my CISCO client is not working in Lion, I'm stuck with Windows VM and VPN client inside as the only way to connect to my client's network. And that sucks.

Any help would be very appreciated.

Regards,

Aljoša

kremikxcz
Level 1
Level 1

It's not possible to use built-in VPN client in case you are using Cetificate Authorization for user only (not for the machinge) and you don't use any Shared Secret. Seems that it's identified as AuthType=3 by the original Cisco VPN Client.

This is a part of my PCF file (yes group* items are really empty):

AuthType=3

GroupName=

GroupPwd=

enc_GroupPwd=

Does anybody know how to replace the original VPN client for my case?

Presne tak.

Yes Exactly. I have the same problem. I can use Cisco VPN client for All but

"AuthType=3" profiles.

The only workaround for me now is winxp in fusion .

There is a possibility to auth with the certificate, but I guess it's a different method.

Is there any alternative client which supports AuthType=3 authentication? Cuz built-in VPN client just does not work.

Maybe Cisco will release 64bit IP Sec client for MAC As they did for Win64 bit. I cannot force all my customers to use anyconnect. I have like 30 pcf profiles and 30% from that is AuthType=3.

Of course for normal PCF profiles just use this how to!

http://anders.com/guides/native-cisco-vpn-on-mac-os-x/

Tomas Truhliq