10-20-2011, 06:54 PM

Hi, I am trying to setup a VPN to my work whom require the client to set the port for tunnelling to 10000, which I believe is non-standard. The cisco client provided by Cisco allows you to do this.

I have recently upgraded my Mac which now runs Lion, but the old cisco client does not work and I cannot find a version that does work. Anyway, I noticed that Lion now has a Cisco vpn template under network preferences. This appears to be what I need to use, but I cannot find a way to change the port to 10000.

Does anyone know how I can change the VPN tunnelling port to 10000 in Mac os x Lion?

Thanks,
Graham

10-20-2011, 07:53 PM

try changing the ip to x.x.x.x:10000 where x.x.x.x is the actual ip

10-20-2011, 08:10 PM

Thanks for your help, though I tried that and it did not work. I have included two log sequences below. The first is connecting directly to the IP and the second is using the suggestion above. It looks pretty clear that using IP:port is not getting as far as using only the IP in the server address field.

Connecting using only the IP:

21/10/11 11:01:20.872 AM configd: IPSec connecting to server x.x.x.x
21/10/11 11:01:20.877 AM configd: IPSec Phase1 starting.
21/10/11 11:01:20.880 AM racoon: IPSec connecting to server x.x.x.x
21/10/11 11:01:20.880 AM racoon: Connecting.
21/10/11 11:01:20.880 AM racoon: IPSec Phase1 started (Initiated by me).
21/10/11 11:01:20.887 AM racoon: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
21/10/11 11:01:20.947 AM configd: network configuration changed.
21/10/11 11:01:23.888 AM racoon: IKE Packet: transmit success. (Phase1 Retransmit).
21/10/11 11:01:26.889 AM racoon: IKE Packet: transmit success. (Phase1 Retransmit).
21/10/11 11:01:29.891 AM racoon: IKE Packet: transmit success. (Phase1 Retransmit).
21/10/11 11:01:30.879 AM configd: IPSec disconnecting from server x.x.x.x
21/10/11 11:01:30.883 AM racoon: IPSec disconnecting from server x.x.x.x


Connecting using IP:port

21/10/11 11:01:11.613 AM configd: IPSec connecting to server x.x.x.x:10000
21/10/11 11:01:11.613 AM configd: SCNC: start, triggered by System Preferen, type IPSec, status 0
21/10/11 11:01:11.617 AM configd: IPSec disconnecting from server x.x.x.x

10-21-2011, 07:28 AM

Unfortunately Mac OS X VPN client allows most Cisco VPN connectivity but not all.

In order to download VPN clients directly from Cisco you need to have an active maintenance agreement on the Cisco appliance. Providing Cisco has released a client for mac with Lion support.

Problem is that most folks who go Cisco don't keep their contracts up to date and then they are no longer eligible for newer releases of VPN clients and firmware upgrades etc. Can you confirm that your business has an active agreement with Cisco and who the account is under in order to have the newest client for mac downloaded?

10-21-2011, 10:15 AM

What MacsWork said is usually the case with cisco VPN. Have you tried setting up a vpn connection within your network settings in your system preferences?

System Preferences > Network > Add new connection (VPN).

01-13-2012, 11:45 AM

Has anyone figured out the alternate port issue yet? The native OSX Lion client only connects to port 500 and doesn't allow you to specify an alternate. And the Cisco client is no longer supported under Lion in 64 bit mode.

01-14-2012, 02:27 PM

Quote:

Originally Posted by snhroc

Has anyone figured out the alternate port issue yet? The native OSX Lion client only connects to port 500 and doesn't allow you to specify an alternate. And the Cisco client is no longer supported under Lion in 64 bit mode.

You could try messing around with /etc/racoon/racoon.conf since raccoon is the what is making the connection on port 500.

It also has to negotiate on port 4500 as well.