Parallels Desktop
Parallels Desktop 7 for Mac Run Windows applications without switching between Windows and Mac OS X! Best integration of Mac and Windows. Windows apps now work with Lion feaures, including Mission Control, Launch Pad, Resume, and all trackpad gestures. Supports Windows 7 Aero, with peformance even faster than before. Now runs OS X Server in a virtual machine!

"Parallels Desktop 7 beat VMware Fusion 4.0.2 in 74.9% of the general tests we ran, and Parallels was double the speed or more in almost a quarter of the top-level tests."
--MacTech Magazine

Snow Leopard and VPN Tips and Reports

Working with Snow Leopard and third-party virtual private network clients for Mac

Updated April 23, 2012
On This Page:

If you’re using Snow Leopard about any problems or tips.


 


Intro

Apple's Mac OS X 10.6 added "native support" for Cisco IPsec VPN connections. However, a lot of sites use third-party VPN clients for Mac. This page contains problem reports, workarounds, and tips for using VPN clients and Snow Leopard.

Reader TIPS and Reports

Fixes for Cisco VPN Mac client error 51; Win 7 & Snow Leopard | Top of Page |

Thursday, August 27, 2009

Readers have sent in solutions for a problem with the Cisco VPN client for Mac, where the client reports Error 51 and can't connect. Several readers reported that upgarding the client to version 4.9.01 (0180) fixes the problem. Another reader sent a link to a fix that recommends typing this command in Terminal:

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

We also had a comment that the Cisco Mac client won't work in Mac OS X 10.6 Snow Leopard.

Rich Rose had some suggestions, and has a problem with Windows 7:

A re-install will sometimes resolve it at least temporarily. Otherwise restarting the Cisco kext (see this blog) will make it work without restarting, but you need admin access to do so. So far I'm running 4.9.01 (0180) with 10.5.8 without issue.

On a related note, I've discovered that Cisco doesn't support Windows 7 64 bit with the VPN client for Windows -- it simply won't install. Can you or your readers suggest an alternative client for Cisco VPN concentrators?

If you can suggest a Cisco VPN client for Windows 7

Another reader suggested upgrading the client, and says that the Cisco client won't work in Snow Leopard:

I haven't seen this error at my site nor any of the other sites I work with, however I will point out that the 4.9.01 (0100) version of CiscoVPN is old -- the current one is the same version number, but the (0180) suffix. Came out in March or April of this year, IIRC.

Also note that the Cisco VPN Client will not be supported/functional under Mac OS X Snow Leopard (used to kernel panic the machine when booting up if the .kext's were installed, haven't tried under later seeds). I asked Cisco and was told that the only Mac VPN client that would be developed going forward was the AnyConnect VPN.

The good news is that Apple has integrated IPSec VPN into Snow Leopard (just like on the iPhone) and it work well, even where it's not supposed to (i.e. works on properly-configured 3005 concentrators and PIXes, not just ASA's, like AnyConnect is restricted to...)

Jerry Zeisler also found the Cisco update to work:

I too am having the same problem with the Cisco VPN. Just purchased Mac Air and installed the VPN downloaded from my company. Install was fine except that it didn't ask for passphrase. Then when it starts I get the error 51. I have since found that moving to version 4.9.01.0180 resolved my problem.

Peter Zimmermann sees the problem with Mac OS X 10.5.8:

Since upgrading to 10.5.8 I receive error 51 on my Cisco Client.

TIP: update, reinstall latest Cisco VPN Client for Snow Leopard

Friday, September 11, 2009

Readers have reported that they can fix the error 51 problem with the Cisco VPN client by upgrading and/or reinstalling. One reader said:

I was able to use both the Cisco VPN Client 4.9.01.0180 as others have reported, but only after re-installing the client software.

Steve McCabe simply reinstalled:

I got the error with Snow Leopard. I reinstalled the same Cisco client that worked before from the dmg file and it works. No other changes needed.

Robert Hammen reinstalled the current client.

A reinstall of the 4.9.01.0180 CiscoVPN Client is required following a Snow Leopard upgrade, but it does function, if you still need to use it (I've been using the built-in IPSec VPN client with few issues)...

Gregory Schmeling updated the client:

Got error 51 after upgrade to Snow Leopard. Worked fine before. Went to version 4.9.01 (0100) and now works fine.

Neopod sent a link to a non-Cisco site for the client:

The latest version of VPNClient (r180) works 100 percent with Snow Leopard at this link.

Cisco workaround doesn't work in 10.5 or 10.6 for reader

Friday, September 18, 2009

Jeremy Behrens has looked at our Leopard VPN Reports page and Snow Leopard VPN Reports page, and still has problems with the Cisco VPN client; installing/reinstalling the latest version worked for other readers, but not for Behrens:

I cannot get Cisco VPN Version 4.9.01.0180 to work correctly under either 10.5 or 10.6. Cisco works in my VMware Fusion Windows XP install but not in OS X directly. I don't even get an error. When I click the connect button the program connect icon changes color for a second then nothing. I have tried reinstalling and restarting using the terminal command and nothing.

Reader sees Error 51 with Cisco VPN and OS X 10.6.3

Tuesday, June 1, 2010

Ramon Espinosa is getting error 51 when he tries to connect to a Cisco VPN. This was a problem readers reported with Mac OS X 10.6.0, but Espinosa has the latest version:

I'm using Mac OS X 10.6.3 and still get the error 51. Restarting the services doesn't work neither reinstalling the software. Built-in VPN Client used to work, now it starts, asks for login/password "thinks" for some seconds and disconnects the VPN, never get to actually connect.

If you've seen this problem

Another report of Cisco VPN error 51 in Mac OS X

Wednesday, August 18, 2010

David Gilding is another reader getting error 51 when he tries to connect to a Cisco VPN from Snow Leopard:

I appear to have the same problem as Ramon Espinosa (Tues Jun 1, 2010). Until last week, the Mac VPN client worked beautifully. Now it asks for password (via token), 'connects' for a second or two and then disconnects. Very annoying - colleagues with PCs were told to reinstall software from discs, which seems to have solved the problem for them.

If you have any ideas about this issue

We've previously reported some suggestions, but they don't seem to work for everyone.


Cisco VPN Client split DNS problem an issue with Snow Leopard | Top of Page |

Monday, August 31, 2009

Scott Roach reports that a problem that we reported with Leopard and the Cisco VPN Mac client Split DNS feature also occurs with Snow Leopard. He did some testing and reported his findings:

I can confirm that trying to use the Split DNS feature on the Cisco VPN Client (4.9.01.0180) will cause networking issues. The Split DNS feature is implemented on the VPN Device. I have verified that this is part of the problem by running some DNS queries and this is what I found.

My resolv.conf file is changed to the following: (Obviously these values are made up)

> domain workdomain.site.com
> search workdomain.site.com\
> nameserver 255.255.255.255
> nameserver 255.255.255.255

Now if I do a DNS query for workdomain.site.com (dig workdomain.site.com) I get the following error from the VPN Client:

> Split-DNS does not support TCP based domain name queries. Use UDP instead.

However if I run the same DNS query when I am disconnected it comes up just fine.

If you seen this issue


Snow Leopard and CiscoVPN client issue with UDP

Friday, September 18, 2009

Robert Williams reported a new problem with Snow Leopard and the Cisco VPN client for Mac. (Other problems have been solved by installing/reinstalling the latest version.) Williams reports:

Just wanted to let you know about a Snow Leopard issue with the built-in Cisco VPN client. Anyone trying to connect using IPSec over UDP will not be able to do so with the Snow Leopard client. For some reason, Apple decided not to implement that feature, so those of us in that situation must continue to use the standalone Cisco VPN Client. I have submitted this to Apple as feedback, and hopefully enough people will do the same to get Apple's attention. It's pretty absurd that there's not at least an advanced configuration option for selecting something other than whatever Apple deems the "base configuration" for Cisco IPSec VPN connections.

If you've seen this issue

Snow Leopard VPN problem with IPSec over UDP

Tuesday, May 18, 2010

Cal responded to an older report about Snow Leopard not being able to connect to a Cisco VPN using IPSec over UDP. Cal said:

I have also seen this and submitted a bug. Since you posted this, any other work arounds?

We haven't, but if you have


TIP: running the Cisco VPN client in 64-bit Windows

Friday, September 18, 2009

Jeremy Behrens sent us this tip, which can apply to running Windows on a Mac:

You mention that the VPN client will not work in Windows 7. This is true for any 64 bit windows OS including the 64 bit Vista. Fortunately there is an alternative for 64-bit Windows folks at this site.


Problem with Cisco VPN client not resolving IP addresses

Monday, December 14, 2009

Nathaniel Bentzinger is having a problem with the Cisco VPN client not resolving IP addresses. We've previously had reports of this issue with Leopard. Bentzinger is seeing this with Snow Leopard:

We have this issue here with Snow Leopard 10.6 through 10.6.2. Our Cisco 2811 router provides DHCP Address, gateway, DNS IP and search domain (domain.local) and they are properly loaded into the Apple Cisco VPN client but the Mac sends all DNS lookups to the en0 en1 interface's DNS servers. Only adding lines to your /etc/hosts file will resolve the internal servers which defeats the purpose of DNS entirely. We are still using Cisco's VPN client to connect to the office.

If you've seen this problem

More on Cisco VPN Client not resolving IP address

Wednesday, June 23, 2010

Randy Campion believes he is seeing a previously reported problem with the Cisco VPN Client and Snow Leopard 10.6.3:

The issue mentioned in your article at "Problem with Cisco VPN client not resolving IP addresses" sounds like the exact same problem that I am having currently. We initially had problems with our VPN being set up from our ISP where the domain servers weren't pointed to our server in the office, so it wouldn't resolve and WINS names for any local computers, but that problem has been fixed. Now that I am using OS X 10.6.3 instead of a Windows-based machine, the same type of problem seems to have cropped up. I am unable to resolve any WINS names to connect via RDP or VNC and I also cannot use the straight IP to connect to those machines as well (given that my machine at the office has a DHCP reservation).

If you've seen this or can offer advice

Current news on the MacWindows home page

Smith Micro Special Offer for MacWindows readers

Save over $30 on StuffIt Deluxe 2010 -- no code is needed.

Lossless compression of graphic and audio files, work with Windows and Linux archives, create .dmg disk images from the Finder, cloud-based file transfer of 2+ GB files


Reader reports NetExtender VPN problem with Snow Leopard | Top of Page |

Wednesday, September 2, 2009

Jon Busby reports that the NetExtender VPN client doesn't work in Snow Leopard:

For me the problem is NetExtender which worked a treat in Leopard for remote file access via Finder. Doesn't work at all in Snow Leopard.

If you've seen this problem

TIP: fixes for Snow Leopard NetExtender VPN conflict

Wednesday, September 9, 2009

Several readers reported successful fixes for the problem of the SonicWall NetExtender virtual private network (VPN) Mac client not working with Snow Leopard. One fix requires typing some commands in Terminal to edit a file at /usr/sbin/pppd. Another was a simpler fix.

First, Jon Busby, who first reported the problem, was able to fix the problem without editing anything, using a third-party utility:

I did a clean delete of NetExtender via AppZapper then reinstalled the download from work. Seems to have done the trick. The version I am on, that works is, 3.5.620.

Rowly Walker described an error message that appears:

I just installed Show Leopard, and I also have the same issue with Net Extender. The following message appears:

FATAL: You don't have permission to read/execute '/etc/ppp/peers'
Loading saved profiles...
Loaded profile: xxx.xxx.com

Alexander Glew reported another error:

It does not work under 10.6, and get a Java error. I have had no luck from the command line either, and get a route not found error.

Bill Beasley sent a summary of a command-line fix:

Sonicwall has released an updated version of their NetExtender client. However, Apple changed the permissions on /usr/sbin/pppd. Root needs to have the setuid bit set on pppd. chmod 4555 /usr/sbin/pppd fixes this. Permission checker will complain about this afterwards, but will leave the setuid bit set. This fix works for me.

Josh Carlson provide some more detail to a similar fix:

The following is the fix to get Netextender running under Snow Leopard:

  1. Download and install the latest version of Netextender(3.5.634) from the SonicWall demo site:
  2. It will automatically start and throw up an error. Dismiss this and quit the app.
  3. - Open a terminal window and issue the following commands to fix the permissions on the /usr/sbin/pppd directory as Super User.

sudo ls -l /usr/sbin/pppd (you'll then be asked for the admin password)
sudo chmod u+s /usr/sbin/pppd
sudo ls -l /usr/sbin/pppd (this will confirm the permissions change)
exit

At this point you should be able to fire up Netextender as normal with no problems.

Scott Waschitz reported SonicWall's description, which appears to differ slightly from Carlson's:

This is taken verbatim from a MySonicwall.com support forum (paid forum):

NetExtender 3.5.x for Mac (and presumably earlier versions) does not work on Snow Leopard out of the box. Here's the fix.

DON'T do this unless you understand what you're doing.

Many binaries in Snow Leopard are no longer setuid root, including pppd. This causes NetExtender to fail to connect since it can't run pppd.

First, reinstall NetExtender after upgrading to Snow Leopard. (This is necessary because somethin'-or-'nother in the profile setup doesn't carry over.)

Next, if you haven't enabled the root account, run Directory Utility to enable it. Directory Utility has moved to /System/Library/CoreServices/Directory Utility.app. Click the lock icon to make changes, then on the Edit menu, choose the option to enable the root user. Choose a password. Lock, then close Directory Utility.

Now, open a terminal. Set the setuid bit on pppd:

su
ls -l /usr/sbin/pppd
chmod u+s /usr/sbin/pppd
ls -l /usr/sbin/pppd
exit

If you've tried these suggestions

Success with NetExtender/Snow Leopard workarounds

Friday, September 18, 2009

Several readers report success for each of the two workarounds reported for problems with SonicWall's NetExtender VPN client in Snow Leopard. Vincent Philion verified the use of the AppZapper utility:

Hi! I did the "zapping" and reinstall and everything worked.

Matthew Pendlebury used the command-line fix in Terminal:

Hi, just wanted to say thanks for getting me up and running again with NetExtender. I tried chmod 4555 /usr/sbin/pppd and it works fine now.

Sundar Siva had the same experience:

Regarding Snow Leopard NetExtender VPN: chmod 4555 /usr/sbin/pppd worked like a charm for NetExtender 3.5.629.

Another reader verifies fix NetExtender VPN client

Monday, September 21, 2009

Navin Jain verified one of the fixes for the Snow Leopard problems with SonicWall's NetExtender VPN client:

I upgraded to Snow Leopard a couple of days ago, and I thought my system was fine, but then I encountered the same problems with NetExtender that you have been documenting. This morning I changed the permissions on /usr/sbin/pppd, and NetExtender is working fine!

Reader verifies fix for Snow Leopard NetExtender VPN conflict

Monday, November 30, 2009

Douglas verified a fix for getting the SonicWall NetExtender Mac virtual private network client to work in Snow Leopard:

The set bit chmod worked. I'm on Snow Leopard. I'm also using the latest download of the client available from the SonicWall web site.

TIP: GUI version of Snow Leopard/Net Extender VPN fix

Thursday, March 25, 2010

Don shared an alternative to a previously reported workaround for Snow Leopard problems with SonicWall's NetExtender virtual private network client. The original fix uses Unix commands in Terminal. Don said his workaround accomplishes the same but without the command line:

I also couldn't connect using SonicWall NetExtender v3.5.632 after upgrading my MacBook Pro to Snow Leopard. Since I'm not comfortable with Terminal, and our IT guys were Gone For The Day, I tried Josh Carlson_s tip and Downloaded and installed the latest version of NetExtender from the SonicWALL website using these simple steps:

  1. Open this link: https://sslvpn.demo.sonicwall.com/cgi-bin/welcome
  2. Follow the instructions to demo NetExtender
  3. Click on the NetExtender button (which opens this link: https://sslvpn.demo.sonicwall.com/cgi-bin/portal#)
  4. Follow the instructions and permanently APPROVE the SonicWALL permissions dialogs that pop up

This installed the latest Snow Leopard friendly version of NetExtender (version 4.0.658) which connected to our SSL-VPN NetExtender without having to do anything in Terminal... Much easier!

My suggestion would be to simply this further to three simple steps:

Go directly to this link: https://sslvpn.demo.sonicwall.com/cgi-bin/portal#

Click on the NetExtender button (which opens this link: https://sslvpn.demo.sonicwall.com/cgi-bin/portal#)

Follow the instructions and permanently APPROVE the SonicWALL permissions dialogs that pop up.

If you've tried this approach

Reader verifies fix for Snow Leopard/Net Extender VPN fix

Monday, May 3, 2010

Casey Lynn had success with the tip "TIP: GUI version of Snow Leopard/Net Extender VPN fix," which is a workaround for problems with SonicWall's NetExtender virtual private network client and Snow Leopard:

This worked! And we used this fix on several machines all running Snow Leopard. Worked like a charm on all of them.

Reader verifies fix for Snow Leopard and Net Extender VPN

Monday, August 29, 2011

Norm in Texas said simple "It worked!" regarding the article "GUI version of Snow Leopard/Net Extender VPN fix."

If you're tried this fix .

Reader verifies SonicWall NetExtender v5 for Snow Leopard VPN

Monday, April 16, 2012

Diane found that the tip "GUI version of Snow Leopard/Net Extender VPN" fixed her problem with OS X 10.6.x and VPN, but with a later version of NetExtender than the article described:

Following these instructions updated my 4.x version (from Feb) to a 5.5.707 version, which allowed me to login without errors.

See Snow Leopard VPN Tips and Reports for more reports like this.


Reader says 10.6.3 broke Netextender VPN, but tip fixed it

Friday, April 2, 2010

Matt Fischer reported that updating to Mac OS X 10.6.3 caused the previously reported problem with SonicWall's NetExtender virtual private network client. He also found that a fix we reported last week solves the problem:

Don's workaround worked great! Thank you so much. I had done the chmod permission change before and NetExtender worked fine. Then I upgraded to 10.6.3 last night. My wife woke up and found that NetExtender no longer worked. I did a net search for issues with NetExtender and 10.6.3 and your site came up and I applied Don's fix and it worked.

I have a question though. How do I go back to changing the chmod permission back to the original settings?

If you can answer Fischer's question, or have tried this fix,

TIP: Answer regarding NetExtender VPN, resetting chmod permissions

Monday, April 23, 2012

Jamie Pruden responded to the report, "Reader says 10.6.3 broke NetExtender VPN, but tip fixed it," answering the question of how to undo the change the fixed the issue:

OK, Matt Fischer asked how to change back the chmod permission change. Simple: Run Disk Utility and fix permissions. It changes the permissions back to the correct settings for the pppd folder.


TIP: Advice for secure Cisco settings in Snow Leopard

Wednesday, April 28, 2010

Brian Povlsen (who runs the useful Chicago Mac/PC Support blog on cross-platform issues) sent in some advice and useful information about accessing Cisco virtual private network systems from Snow Leopard:

Your Snow Leopard VPN page has this comment:

Also note that the Cisco VPN Client will not be supported/functional under Mac OS X Snow Leopard (used to kernel panic the machine when booting up if the .kext's were installed, haven't tried under later seeds). I asked Cisco and was told that the only Mac VPN client that would be developed going forward was the AnyConnect VPN.

A direct link to the Cisco documentation that confirms this. It also has some security concerns that an administrator might want to carefully review such as: RetainVpnOnLogoff

true-Keeps the VPN session up when the user logs off a Windows OS. Caution: If split tunneling is enabled on the group policy and Remote Desktop is enabled on the client PC, users who are not authenticated by the secure gateway and who use RDP to log in to the PC have access to the VPN.

false-(Default) Terminates the VPN session when the user logs off a Windows OS.

Personally I will choose false. Keeping a VPN session up is too risky for PCI compliance.

If you have some insight into this issue

Juniper SSL VPN problem with Mac clients

Friday, June 4, 2010

Terence Tellis reports a problem with the Mac Juniper SSL Network client:

I have been facing an issue with the Juniper SSL Network client (Ver 6.2.0) on one of our Mac systems. Initially when I had installed the Juniper network connect client on the system, everything was working fine and there were no issues absolutely. All of a sudden one day it started throwing up an error and just refused to connect after that. The error message is "Your Session Terminated Unexpectedly. A software error caused the tunneling service to terminate."

I have tried uninstalling the Network Connect client and manually reinstalling it but even that didn't work. I even ran the below mentioned commands after reinstalling the juniper client but to no avail.

sudo chmod -R 755 /usr/local/juniper/nc/6.2.0
sudo mkdir /Applications/Network Connect.app/Contents/Frameworks
sudo chmod 4711 /usr/local/juniper/nc/6.2.0/ncncproxyd

I would really appreciate if someone could assist me in resolving this issue.

If you've seen this issue

TIP: Reader says update Juniper SSL VPN Mac client to avoid problems

Tuesday, June 15, 2010

Peter Bruderer responded to the report Juniper SSL VPN problem with Mac clients with a suggestion to update the client:

Version 6.2.0 from Juniper SSL VPN is old old old. Current version is 6.5R4. Everything works there as expected. Upgrade Juniper SSL VPN.

If you've tried this

Reader says Juniper VPN update doesn't fix Snow Leopard problem

Wednesday, August 4, 2010

Adriana Blandford says that the lastest version of the Juniper SSL VPN Mac client doesn't work, as previously reported.

I have had exactly the same problem that Terence reports. We are now on the current version 6.5R4, and I am still having tunneling issues. When connected to the VPN, cannot access the Internet or network at all. Disconnecting allows me to access the Internet, AND the network.

If you've seen this problem

TIP: Juniper SSL VPN 6.2.0 works if you run mkdir in the proper way

Tuesday, September 14, 2010

Massimo Carboni responded to a previous report of a problem with the Juniper SSL VPN Mac client and a fix that didn't work. He points out an error with a previous reader's attempt to use Terminal to fix it:

To Terence, run your commands in this way:

sudo chmod -R 755 /usr/local/juniper/nc/6.2.0
sudo mkdir "/Applications/Network Connect.app/Contents/Frameworks"
sudo chmod 4711 /usr/local/juniper/nc/6.2.0/ncncproxyd

The problem is that in UNIX a space is a command separator, then you need to join the two Unix strings in one string.

If you've tried this approach

Variation on Juniper SSL VPN 6.2.0 tip

Monday, October 4, 2010

Paul Schmocker has a slightly different Terminal command than the one previously given to fix problems running the Juniper SSL 6.2 virtual private network client in Snow Leopard:

I got Juniper 6.2 to work on Mac OS X 10.6.3 using the following commands as suggested my it department:

sudo chmod 755 /usr/local/juniper/nc/6.2.0
sudo mkdir "/Applications/Network Connect.app/Contents/Frameworks"

Does this work for you?

Reader reports OS X 10.6 problem with Juniper SSL VPN

Tuesday, March 13, 2012

Randall Gellens confirms a previous report of a problem with Snow Leopard using the Juniper SSL Network client for virtual private networks:

I'm running into the exact issue reported: "A software error caused the tunneling service to terminate" as reported on your Snow Leopard VPN tips page. Other reports are at Juniper's forums. I've repeatedly uninstalled the Juniper VPN client, nuked all traces of its files, rebooted, then re-connected and let it re-install, to no avail.

If you've seen this problem


Mac OS X 10.6.4 update broke Cisco VPN, reader reports

Wednesday, June 23, 2010

Darlene Burke's Cisco VPN Client no longer worked after upgrading to Mac OS X 10.6.4:

I updated the Mac OS to 10.6.4 and am no longer able to connect using Cisco VPN 4.9.01. I tried reinstalling but when I try to connect it gives me a username and password field but doesn't let me actually type anything into either field. I downloaded a fresh .dmg but no luck.

Not sure if this is the same issue you had noted in your article "Reader sees Error 51 with Cisco VPN and OS X 10.6.3."

I was pulling my hair out trying to resolve it! I went ahead and worked to configure the built-in Snow Leopard client and it works beautifully so I'll likely just go ahead and remove the Cisco VPN client altogether.

If you've seen this occur with the Mac OS X 10.6.4 update

Some see Error 51 with Cisco VPN, 10.6.4; others don't

Friday, July 2, 2010

Tim Haley responded to the reader report that Mac OS X 10.6.4 update broke Cisco VPN:

Yes, I see the Error 51 failure of Cisco VPN every time I attempt to launch it since updating to 10.6.4. Re-installing the client did not seem to help.

However, it works just fine for Bob Crummett:

I am using Cisco's VPN Client 4.9.01.0180 with no problems in OS X 10.6.4 (iMac 27" i7)

Jon Rasmussen also has no problems:

I only use my Cisco VPN to access a FileMaker database on another Mac but all is working fine after the 10.6.4 update. I have no troubles with it.

Same with Stephen Butler:

I haven't had any problems with the Cisco VPN client on 10.6.4 after reinstalling it. Never saw the issues described, but it is working fine on my end.

More on Cisco VPN error 51: the update works, and other workarounds

Thursday, July 8, 2010

Several readers responded to a report that updating the Cisco VPN Client for Mac to version 4.9.1(0180) fixes the Error 51 that people are reporting. Several readers also had some other thoughts. Matt Allaire reports:

I too was getting the error. I have OS 10.6.4 and had VPN client 4.9.01.100. Following your advice I got 4.9.01.0180 and it worked perfectly.

Gustav Petersson agrees, and had some other ideas:

Just some general comments on Cisco errors -51. At first vpnclient-darwin-4.9.01.0180-universal-k9.dmg is working noticable better than vpnclient-darwin-4.9.01.0100-universal-k9.dmg - they are both available from Cisco.

The error -51 is an error message telling us that the vpn-client can't see a network interface with an IP-address on it. I have noticed that you sometimes can workaround this by connecting the computer to a network. For example, using WiFi/Airport at home I sometimes get the error -51, if I connect my machine by cable it's fine even though my top priority connection is still AirPort. I've sometimes managed to get this workaround with iPhone and internet tethering as well.

Other ways to get it working is:

  • Repair permissions (this could be something in our automated app distribution system resets some permissions).
  • Reinstall the app (without restarting).
  • Restart with ethernet cable connected.

The update was mostly good for Karl Rittger, except for Mac OS X Server:

The Cisco VPN 4.9.1(0180) works with Mac OS X 10.6.4 on my Macbook Pro, but not on my Mac Mini with OS X Server 10.6.4. On the Mac Mini I get:

Error 51. Unable to communicate with the VPN subsystem. Please make sure that you have at least one network interface that is currently active and has an IP address and start this application again.

My sys admin at UCSB just tried Cisco VPN w/ his OS X Server, 10.6.4 and it worked. Sucks for me cause I can't figure it out. I might try a reinstall because cause the Mac mini is new.

Tried using the built-in VPN but haven't quite got it tweaked to work yet.


Reader sees kernel panics with Cisco VPN and Mac OS X 10.6.4 update

Friday, July 2, 2010

Connie Woodward is seeing kernel panics with the Cisco VPN client since updating to Mac OS X 10.6.4:

Gosh, my machine has crashed already 3 times today, and has been crashing several times daily while on Cisco VPN with software client 4.9.01.0180. Since I've gone to 10.6.x this has been a problem, but not near as frequently as sent I updated to 10.6.4. My machine only crashes when I'm connected on VPN. I can hardly use my machine for work any more. We use Cisco IPsec over UDP so from what I read the built in Mac VPN won't work with that only TCP, do you know differently?

Our IT department does not support Mac (I'm using my home machine to connect to work), so they are no use. I've tried re-installing the VPN client, etc.

If you've seen this problem

Kernel panics: Cisco VPN not compatible with Snow Leopard

Monday, November 8, 2010

Rob Campbell responded to a reader report about kernel panics with the Cisco VPN client since updating to Mac OS X 10.6.4. He found that Cisco says it's not compatible with Snow Leopard:

I kernel panic almost every time I use the Cisco VPN Client software (4.9.01.0180). I had thought it was Apple Remote Desktop, but it seems that even in Safari will cause it to crash. I have tried to pair down my system to check for conflicts, but to no avail.

I have read this on the Cisco website:

New Feature in Release 4.9

The VPN Client for Mac OS X now supports the Intel processor for Mac OS X. This VPN Client release for Mac OS X supports only OS X 10.4 and 10.5 on both PPC and Intel processors. It does not support earlier and later releases.

For Snow Leopard, another reader previously recommended using Cisco's Anyclient instead of Cisco VPN Client.

More on Cisco incompatibility with Snow Leopard and getting around it

Friday, November 19, 2010

Three readers commented on our reports about the Cisco VPN client's incompatible with Snow Leopard. One said Snow Leopard already has everything you need. A second said deploying the Cisco Client fails with JAMF Casper or Apple Remote Desktop. A third reader said it all works just fine.

Doug McLaughlin says there is no need to use any Cisco software on Snow Leopard:

There is no need to use the Cisco VPN Client software with Mac OS X 10.6.x. Cisco worked with Apple directly and the Cisco software is available as a Network "service". In the Network System Preferences, click _+_ to add a service and choose "VPN" interface. Then choose the _Cisco IPSec_ as the VPN Type. You may need a _Shared Secret_ or certificate from your network or security department to configure the VPN settings, but there_s no need for the stand-alone VPN Client software in Snow Leopard for the majority of VPN configurations.

Pete Curtner doesn't experience the kernel panics other readers have reported, but can deploy the Cisco client remotely:

My enterprise just went to a Cisco VPN solution after many years of CheckPoint; I am using the Cisco VPN Client, version 4.9.01.0180 on an i5 MBP 15" running 10.6.4, logged in as an AD user with admin rights, and have yet to experience any kernel panics or even crashes with it.

I have noticed however that deploying the Cisco client via JAMF's Casper or even pushing the package via ARD seems to fail - the remote machine will get various crashes and errors on launching or connecting. Running the installer locally, even while logged in as a non-admin user, seems to work fine. My network group has also reported success using 10.6's built-in VPN client.

Christopher Crowell is in the minority of readers, and doesn't have any problems with the Cisco client:

Cisco VPN version 4.9.01 (0100) works fine for us on Snow Leopard so far. Only using it on one MacBook Pro in production now, but it's a heavy VPN user, a sports guy who even does some layout remotely. He's using Quark CopyDesk and QuarkXPress while connected and accesses ExtremeZ-IP server shares.

If you've seen this problem

Workaround for Cisco VPN and Snow Leopard: kill racoon

Wednesday, December 22, 2010

Nico Bos in the Netherlands reported a workaround for the apparent Cisco VPN client incompatibility with Snow Leopard. He says the problem is the racoon deamon, a Unix process that Mac OS X uses for VPN connections. His workaround is to temporarily stop raccoon:

After updating to MacOS 10.6.5 (I think it started then) my Cisco VPN client 4.9.01.180 stopped working. I did some searching and found that the reason for this is racoon. As it happens, I have several L2TP configurations. When initiating A L2TP connection, racoon starts up. But is not terminated after closing down the connection. As a result UDP port 500 is occupied so Cisco VPN client cannot use it. Workaround is the Terminal command sudo killall racoon before initiating a Cisco connection.

If you've tried this

Reader says use Cisco AnyConnect, not VPN Client in SL

Monday, August 30, 2010

For Macs running Snow Leopard, John Brigance recommends Cisco's Anyclient over Cisco VPN Client:

We quit using Cisco VPN Client for Mac here at UT Austin because it was too unreliable. We now use Cisco AnyConnect VPN Client for all our Macs running on Snow Leopard. You can check it out here. I never have a problem with it.

If this fixes your Snow Leopard/Cisco VPN problems

Citrix VPN Client and AnyConnect are not always interchangable

Thursday, September 2, 2010

Responding to Monday's report of using Cisco AnyConnect instead of Cisco VPN Client for better results in Snow Leopard, Oliver Block warns that the two are not always interchangeable:

Readers should understand that Cisco AnyConnect is not simply a substitute for Cisco VPN Client 4.x. Cisco AnyConnect works with recent Cisco devices and supports SSL VPN. The Cisco AnyConnect VPN client is not compatible with the IPsec VPN tunnels available on many older Cisco devices, e.g. Cisco PIX 500 series firewalls. If a user's network supports Cisco AnyConnect connections, then the user should work with his or her network admin to move to AnyConnect, but that won't be the case for many users. Readers can review this FAQ from Cisco for more information about Cisco AnyConnect VPN Client.


TIP: Getting Cisco VPN running in Snow Leopard with Shimo

Monday, February 14, 2011

Clive Southwood in the United Kingdom sent us a fix problems with getting the Cisco VPN virtual private network client to work in Snow Leopard. Part of the fix involves installing the Shimo VPN client for Mac OS X, though he still uses the Cisco software:

Connecting to a PIX 520 running Version 6.3(4), the usual scenario, Cisco client 4.9.01.0180 running fine on Leopard then finally upgraded to Snow Leopard and Cisco client stopped working. No matter what I tried following all the hints I cannot get the OS X native IPSec client to work. Authorization fails and there's no way to enter a username/password even though it's stored in the profile.

After many repeat de-installs/re-installs of the Cisco client followed by disabling my only network connection (Airport) and re-connecting it, then a sudo killall racoon, it sprang into life. Up popped the username/password and a solid connection. I also have Shimo 1.0.2 installed, which seems in some way connected, more on that in a second.

I have a second MBP with 10.6.6 and a non-working Cisco client so I tried to repeat this fix. The follow steps got it working right away:

  1. Re-installed 4.9.01.0180 (not working yet)
  2. Edited the system keychain IPsec XAuth Password to add configd to the access permissions. (not working yet)
  3. Airport Off, Airport On (still not working)
  4. sudo killall racoon
  5. Installed Shimo 1.0.2 (old version but works). Connected using the Cisco Client "connect" (not actually using Shimo) and up comes the Cisco username/password and all working.

Somehow Shimo being installed is making this work ok. Previously Shimo would enter the stored username/password so this feature isn't working but it does allow the Cisco User/Pwd box to now appear so I can manually enter the details. Without Shimo it just bails out.

I can repeat the steps of Airport Off/Off and I cannot get the Cisco Client to work without Shimo running. If I simply have Shimo running but still just use the Cisco connect button up comes the Cisco username/pwd box and I can connect.

Goodness knows the reason but obviously Shimo gets involved with the Cisco VPN software and helps it thru the authentication stage.

If you've tried this

Reader has IPSecuritas VPN problem through tethered iPhone

Monday, April 25, 2011

Carlos Leitao reported a Snow Leopard problem with IPSecuritas VPN when with an Internet connection through a tether iPhone:

I'm running IPSecuritas for my VPN and I have the same symptoms reported by John McCutcheon with the 10.5.4 update.

When connected in my home network (Apple TC router) the VPN works flawlessly. However, when connecting through my tethered iPhone, I am unable to ping anything on my remote network, and like John's report, I cannot connect via RDC. In contrast, I can use a different VPN client running Windows 7 in Parallels and have no issue connecting even when tethered through my iPhone.

If you've seen this problem

iPhone tether VPN issue seen with Lion

Monday, August 15, 2011

Thomas Myers is having the problem with IPSecuritas VPN through a tethered iPhone. Although the previous report was with Snow Leopard, Myers us using Lion:

I too am having iPhone tether to VPN issue, with Lion 10.7 Mac and iPhone 4 with version 4.3.5 firmware.

  1. When I do a Wi-Fi connect it shows failed, but does actually connect.
  2. IPSecuritas 3.4 shows as connected, but I can't ping the tunnel. If I have check connection on, it will keep retrying the connection.

If you've seen this issue .


TIP: Citrix Receiver daemon eats CPU utilization in Lion

Tuesday, September 13, 2011

A reader notes that after upgrading to Lion, CPU utilization was running amok, with fans blasting. It turned out it was the AGAdmin process of the Citrix Receiver application that had a problem with Lion. Citrix Receiver enables Mac users to run Windows applications as a service over a network or the Internet. The reader's report:

I'm fairly new to OSX but and been a Windows engineer for years. High CPU utilization on Lion due to AGAdmin process -- I experienced this myself. I had just updated my late 2010 MacBook Air to 10.7 and noticed it was loud, hot and draining about 2 percent battery a minute. Application Monitor shows process AGAdmin consuming 50-90 percent CPU. This app belongs to the Citrix Receiver app.

A Google search led me to disable the daemon, which fixed the problem, but I need XenApp on my Mac for IE and Visio. Last week or so, Citrix released Receiver 11.4, which seems to have resolved the issue.

If you've seen this issue .


Reader reports Snow Leopard/Cisco problem, but Lion is OK

Friday, October 21, 2011

Rich Rose has a problem with Mac OS X 10.6 and virtual private network connections that he is not seeing with Lion:

Just recently we started getting reports of users having issues connecting via OS X IPSec to our VPN (sadly, a Cisco 3000 series concentrator). After a variety of testing it seems that 10.7.2 users can connect via any Wi-Fi network, including a Mi-Fi. Meanwhile, 10.6.8 users without the latest security update have issues on multiple Wi-Fi networks. Users with the latest 10.6.8 security update can connect on most networks, but not via Verizon Novatel 4G Mi-Fi. Again, on Lion 10.7.2 I'm able to connect to our VPN via the same Mi-Fi that a 10.6.8 user has issues with.

To clarify, the VPN connection occurs in all instances, but IP routing does not happen in the failure cases. Nothing on the remote lan can be pinged.

There's a variety of background out there on double (or triple) NAT-ing and/or firmware updates for some Mi-Fi, but nothing that seems to apply here.

This hit us all of a sudden and involves myriad products and vendors so most of the support forums are useless.

If you've seen this problem .

Current news on the MacWindows home page

Run Windows apps directly in Mac OS X without Windows

CrossOver XI runs Windows apps on a Mac--without Windows or Boot Camp
Installs Windows apps directly in Mac OS X with 1 click. Office, Outlook support, Quicken, ActiveX in Internet Explorer and more, launched directly from the Finder -- just as if they were Mac apps.
Runs games, too, including Left4Dead, Warcraft, Steam, Spore, and others on your Mac.

Starts at only $40 (and no need to buy Windows!) Free trial from CodeWeavers.
Click here for more.


Other MacWindows Departments

| Product Solutions | Reports and Tips | News Archives |
|
MacWindows Home |

| Top of Page |

This site created and maintained by
Copyright 2009-2012 John Rizzo. All rights reserved.