Macs in the Enterprise – Get that Cisco VPN Client Working!

With the rise of telecommuting, connecting to your workplace’s network requires a VPN connection. In most cases it means using the Cisco VPN client. Cisco has an OS X version of their client, but typical of a big company targeting the enterprise, they treat OS X like the forgotten stepchild and their client works horrendously.

So, how do you fix the CIsco VPN client and get it to work properly?

Cisco VPN Client Compatibility:

According to Cisco’s website, their VPN client doesn’t support 10.5 Leopard. As Macs have been shipping for over a year now with Leopard only hardware, this will result in the Cisco VPN client behaving erratically. According to my research, the latest client as of this writing is 4.9.01 (0100), released almost a year ago. Perhaps a new version is in the works, but do you really have time to wait?

Common Problems with the Cisco VPN Client:

Random Kernal Panics, connections failing without warning, connections being refused, problems with other protocols, and applications (AFP/SMB File Shares), a clunky interface and other random unwanted behaviors are common to the OS X Cisco VPN client.

Although the random Kernal Panics and dropped connections aren’t easily fixed, let’s look at what troubleshooting / fixes we can do for common problems.

Refusing to connect – Error 51

Occasionally this annoying error pops up. To solve this:
– Open Terminal
– Type: sudo SystemStarter restart CiscoVPN
– Enter your password. (You will have to be an administrator to do this).

Another solution, is:
– Open Terminal
– Type: sudo ifconfig fw0 down

If all else fails, reboot the computer. That should kick it into working. Although the Error 51 is known to chronically reappear.

Refusing to connect – Unable to bind to IKE port:

To solve this error:
– Close VPN Client.
– Open Terminal
– Change directory to /etc/CiscoSystemsVPNClient/Profiles
– Use your favorite text editor to open the profile.
– Add the following line:

UseLegacyIKEPort=0

Unable to connect on a Verizon Network:

When using Cisco’s VPN client with Verizon’s network, there’s a known bug that causes it to ignore the MTU value. This will stop your VPN from connecting. To solve this:

– Open System Preferences and choose Network.
– Unlock the padlock if necessary by entering an administrator password.
– If you are connecting wirelessly, choose Airport.
– If you are connecting with a wire, choose Ethernet.
– Click on the Advanced button toward the bottom.
– Click the Ethernet tab towards the top-right.
– Change the MTU to 1400.

Note: When you change the MTU for the Ethernet (wired) adapter, it will stay changed, even after you restart the computer. If you change the MTU for the Airport, it will not.

Other Alternatives:

After spending more time fixing your Cisco VPN client or rebooting your computer because the connection doesn’t work, you may want to consider an alternative to Cisco’s VPN client. Fortunately, there are alternatives out there that have been built for OS X. While you would think an industry leading company would have built something for OS X that works as solidly as their networking gear, I guess it takes a small independent developer to actually deliver.

Have a look at the highly recommended Shimo by Fabian Jäger. It requires that the Cisco client is installed to VPN over a Cisco connection but it also supports many other formats including the newer Cisco AnyConnect protocol and LogMeIn’s Hamachi.

Comments are closed.