Mac Forums

Mac Forums (http://www.mac-forums.com/forums/)
-   Internet, Networking, and Wireless (http://www.mac-forums.com/forums/internet-networking-wireless/)
-   -   Setup Cisco IPSec VPN connection over non-standard port? (http://www.mac-forums.com/forums/internet-networking-wireless/254406-setup-cisco-ipsec-vpn-connection-over-non-standard-port.html)

gjrwbber 10-20-2011 06:54 PM

Setup Cisco IPSec VPN connection over non-standard port?
 
Hi, I am trying to setup a VPN to my work whom require the client to set the port for tunnelling to 10000, which I believe is non-standard. The cisco client provided by Cisco allows you to do this.

I have recently upgraded my Mac which now runs Lion, but the old cisco client does not work and I cannot find a version that does work. Anyway, I noticed that Lion now has a Cisco vpn template under network preferences. This appears to be what I need to use, but I cannot find a way to change the port to 10000.

Does anyone know how I can change the VPN tunnelling port to 10000 in Mac os x Lion?

Thanks,
Graham

MacsWork 10-20-2011 07:53 PM

try changing the ip to x.x.x.x:10000 where x.x.x.x is the actual ip

gjrwbber 10-20-2011 08:10 PM

Thanks for your help, though I tried that and it did not work. I have included two log sequences below. The first is connecting directly to the IP and the second is using the suggestion above. It looks pretty clear that using IP:port is not getting as far as using only the IP in the server address field.

Connecting using only the IP:

21/10/11 11:01:20.872 AM configd: IPSec connecting to server x.x.x.x
21/10/11 11:01:20.877 AM configd: IPSec Phase1 starting.
21/10/11 11:01:20.880 AM racoon: IPSec connecting to server x.x.x.x
21/10/11 11:01:20.880 AM racoon: Connecting.
21/10/11 11:01:20.880 AM racoon: IPSec Phase1 started (Initiated by me).
21/10/11 11:01:20.887 AM racoon: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
21/10/11 11:01:20.947 AM configd: network configuration changed.
21/10/11 11:01:23.888 AM racoon: IKE Packet: transmit success. (Phase1 Retransmit).
21/10/11 11:01:26.889 AM racoon: IKE Packet: transmit success. (Phase1 Retransmit).
21/10/11 11:01:29.891 AM racoon: IKE Packet: transmit success. (Phase1 Retransmit).
21/10/11 11:01:30.879 AM configd: IPSec disconnecting from server x.x.x.x
21/10/11 11:01:30.883 AM racoon: IPSec disconnecting from server x.x.x.x


Connecting using IP:port

21/10/11 11:01:11.613 AM configd: IPSec connecting to server x.x.x.x:10000
21/10/11 11:01:11.613 AM configd: SCNC: start, triggered by System Preferen, type IPSec, status 0
21/10/11 11:01:11.617 AM configd: IPSec disconnecting from server x.x.x.x

MacsWork 10-21-2011 07:28 AM

Unfortunately Mac OS X VPN client allows most Cisco VPN connectivity but not all.

In order to download VPN clients directly from Cisco you need to have an active maintenance agreement on the Cisco appliance. Providing Cisco has released a client for mac with Lion support.

Problem is that most folks who go Cisco don't keep their contracts up to date and then they are no longer eligible for newer releases of VPN clients and firmware upgrades etc. Can you confirm that your business has an active agreement with Cisco and who the account is under in order to have the newest client for mac downloaded?

blairtechguy 10-21-2011 10:15 AM

What MacsWork said is usually the case with cisco VPN. Have you tried setting up a vpn connection within your network settings in your system preferences?

System Preferences > Network > Add new connection (VPN).

snhroc 01-13-2012 11:45 AM

Has anyone figured out the alternate port issue yet? The native OSX Lion client only connects to port 500 and doesn't allow you to specify an alternate. And the Cisco client is no longer supported under Lion in 64 bit mode.

MacsWork 01-14-2012 02:27 PM

Quote:

Originally Posted by snhroc (Post 1354617)
Has anyone figured out the alternate port issue yet? The native OSX Lion client only connects to port 500 and doesn't allow you to specify an alternate. And the Cisco client is no longer supported under Lion in 64 bit mode.

You could try messing around with /etc/racoon/racoon.conf since raccoon is the what is making the connection on port 500.

It also has to negotiate on port 4500 as well.


All times are GMT -4. The time now is 11:18 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.