Cisco IPsec - RV042G

Similar Messages

• Mavericks VPN dropouts with native VPN client and Cisco IPSec

  Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
  I am connecting via a WIFI router to a remote VPN server
  The conenction is good for a while but eventually it drops out.
  I had Zero issues in mountain lion and only have issues since the update to 10.9
  I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
  My thoughts are:
  1 -issue with mavericks  ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
  2- Issue with  cisco router compaitibility or timing with Cisco IPSEC
  3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
  Any thousuggestions?

  Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
  I am connecting via a WIFI router to a remote VPN server
  The conenction is good for a while but eventually it drops out.
  I had Zero issues in mountain lion and only have issues since the update to 10.9
  I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
  My thoughts are:
  1 -issue with mavericks  ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
  2- Issue with  cisco router compaitibility or timing with Cisco IPSEC
  3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
  Any thousuggestions?

• Cisco IPSec VPN Client and sending a specific Radius A-V value to ACS 5.2

  This setup is to try routing Cisco VPN to either RSA or Entrust from Cisco ACS 5.2, depending on some parameter in incoming AUTH request from Cisco IPSec VPN Client 5.x. Tried playing with pcf files and user names/identity stores, none seems working

  Hi Tony,
  to the best of my knowledge this is currently not possible, but will be once this enhancement is implemented:
  CSCsw31922    Radius upstream VSAs (Tunnel Group,Client type) for VPN policy decisions
  You may want to try and ask in the AAA forum if there is anything you can do on ACS...
  hth
  Herbert

• Cisco IPSEC VPN not working after upgrade to Mavericks

  I have been using the Cisco IPSEC VPN for almost 2 years with no issues. When I upgraded to Mavericks this week it stopped working. When i tell it to connect it prompts for password and attempts to connect for about 30 seconds then comes back with the following message...
  VPN Connection
  The negotiation with the VPN server failed. Verify the server address and try reconnecting.
  The address, group, shared secret, user and password are correct. Any help would be greatly appreiated.

  Hry, I'm not sure if this fixes the Cisco IPSec issue, but I can vouch for it fixing the L2TP issue that occurs after tha mavericks upgrade!
  I’ve got L2TP VPN working in Mavericks 10.9 and Server App 3.0.0 / 3.0.1.
  It really is quite a simple fix.
  Obviously, the standard caveats apply: This is a temporary, unsupported, workaround, and only a suggested idea at that. Again, this workaround is NOT supported by Apple.
  Proceed with this workaround on your own equipment at your own risk. And remember the golden rule: Always backup your data!
  OK so here goes… copy and paste the following into termini ONE LINE AT A TIME!
  cd /tmp
  curl -sO http://c5mart.co/mavericks-vpn-fix/racoon.tar.gz
  tar -xzvf racoon.tar.gz
  rm racoon.tar.gz
  sudo chown root:wheel racoon
  sudo chmod 555 racoon
  if [ ! -f /usr/sbin/racoon.mavericks ]; then sudo mv /usr/sbin/racoon /usr/sbin/racoon.mavericks; fi;
  sudo mv racoon /usr/sbin/racoon
  sudo killall racoon
  This works fine for me and I'm running a OSX Server for my entire office.
  …et voilà!

• Mavericks 10.9.5 VPN Cisco IPSec stopped working. Please help.

  My machine with (what might be) relevant software:
  Macbook Pro mid 2012
  Mavericks 10.9.5
  Server 3.2.1
  Xcode 6.0.1
  I use VPN to connect to Cisco IPSec.
  This used to work fine. Two days ago I noticed it stopped working.
  Over the few days before I installed Server and used some services, but switched them off after using.
  I used the DNS service and automated xcode build, but all switched off.
  When trying to connect to Cisco IPSec VPN I now get some kind of timeout, with the following in my log:
  02/10/2014 09:42:44.768 configd[24]: IPSec connecting to server 64.13.171.130
  02/10/2014 09:42:44.771 configd[24]: network changed.
  02/10/2014 09:42:44.772 configd[24]: IPSec Phase1 starting.
  02/10/2014 09:42:44.773 configd[24]: SCNC: start, triggered by (402) SystemUIServer, type IPSec, status 0, trafficClass 0
  02/10/2014 09:42:45.221 racoon[59453]: accepted connection on vpn control socket.
  02/10/2014 09:42:45.221 racoon[59453]: IPSec connecting to server 64.13.171.130
  02/10/2014 09:42:45.222 racoon[59453]: Connecting.
  02/10/2014 09:42:45.222 racoon[59453]: IPSec Phase 1 started (Initiated by me).
  02/10/2014 09:42:45.226 racoon[59453]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
  02/10/2014 09:42:45.227 racoon[59453]: >>>>> phase change status = Phase 1 started by us
  02/10/2014 09:42:45.230 configd[24]: network changed.
  02/10/2014 09:42:45.415 racoon[59453]: port 62465 expected, but 0
  02/10/2014 09:42:45.465 racoon[59453]: IKEv1 Phase 1 AUTH: success. (Initiator, Aggressive-Mode Message 2).
  02/10/2014 09:42:45.466 racoon[59453]: >>>>> phase change status = Phase 1 started by peer
  02/10/2014 09:42:45.466 racoon[59453]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2).
  02/10/2014 09:42:45.466 racoon[59453]: IKEv1 Phase 1 Initiator: success. (Initiator, Aggressive-Mode).
  02/10/2014 09:42:45.466 racoon[59453]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3).
  02/10/2014 09:42:45.466 racoon[59453]: IPSec Phase 1 established (Initiated by me).
  02/10/2014 09:42:45.469 configd[24]: network changed.
  02/10/2014 09:42:45.655 racoon[59453]: IPSec Extended Authentication requested.
  02/10/2014 09:42:45.655 configd[24]: IPSec requesting Extended Authentication.
  02/10/2014 09:42:45.661 configd[24]: network changed.
  02/10/2014 09:42:49.984 xpcproxy[59462]: assertion failed: 13F34: xpcproxy + 3438 [D559FC96-E6B1-363A-B850-C7AC9734F210]: 0x2
  02/10/2014 09:43:36.000 kernel[0]: IOHIDSystem: postEvent LLEventQueue overflow.
  02/10/2014 09:44:45.759 racoon[59453]: IKE Packet: receive success. (Information message).
  02/10/2014 09:44:45.759 configd[24]: IPSec Controller: IKE FAILED. phase 4, assert 0
  02/10/2014 09:44:45.760 configd[24]: IPSec disconnecting from server 64.13.171.130
  02/10/2014 09:44:45.761 racoon[59453]: IPSec disconnecting from server 64.13.171.130
  02/10/2014 09:44:45.761 racoon[59453]: failed to send vpn_control message: Broken pipe
  02/10/2014 09:44:45.763 racoon[59453]: IPSec disconnecting from server 64.13.171.130
  02/10/2014 09:44:45.766 configd[24]: network changed.
  02/10/2014 09:44:45.774 configd[24]: network changed.
  Any suggestions on what I could possibly have broken and how to fix it? I need this VPN connection for work.

  A guess, but could this be an issue with changed permissions somehow? Something seems to stop the password popup to show. And then authentication fails.

• Can AnyConnect & Cisco IPsec co-exist on client pc?

  Hi- a home user has to connect to one
  business using AnyConnect and to us using Cisco IPsec client.
  When installing AnyConnect, it wiped out the IPSec client. Can they co-exist on his pc and function side by side?
  I'm sure they can't be used simultaneously, but can't both clients be installed for very different connections?
  He's running 32-bit xp.
  Thanks.

  Kathy
  I am surprised that installation of AnyConnect removed the traditional IPSec client. I have not had that experience. I have several PCs running Windows XP SP3 which have both AnyConnect and IPSec clients installed. Either client works just fine (but not both at the same time).
  HTH
  Rick

• Profile for Cisco IPsec VPN does not set shared secret correctly

  Hi,
  We have a shared secret configuration for a Cisco IPsec (connecting to an ASA). I can correctly configure a profile for the Cisco IPsec VPN and deliver it to the device. However, the VPN connection fails due to an invalid shared secret. If I then go into the VPN settings on the device itself and manually retype the shared secret, it works fine.
  I have noticed this when generating the mobileconfig profile both from Apple's iPhone Configuration Utility and also when using the MobileIron management platform to generate and push profiles.
  Has anyone else seen this problem? I'm really confident that I'm typing the shared secret correctly in the iPCU generated profile as I've tried it many times. It also has happened across every flavor of iOS 3.x and 4.x (including the 4.2 betas).
  thanks

  Hi,
  Thanks for the reply but it is a bit of a strange one. What makes you think the shared secret we are using - which you don't know - is more than 32 characters long. I can promise you it isn't. There's a bug in the way mobileconfig files are storing the encrypted shared secret values. I've now seen it on a third party mobile device management platform too.

• Setting in native Cisco IPSec come with Lion

  In my new MBA, I would like to setup a VPN connection.  Found that there is native Cisco IPSec inside Preference -> Network -> VPN and would like to configure it.  However, I need to change Port Number of destination, but cannot find anywhere I can do it.  Is there anywhere I can change the destination port number of the VPN setting? (e.g. modify the configuration file via editor directly)

  This might help, at least from Harald's post onwards.

• Configurate cisco ipsec vpn client at asa 5505 version 8.4

  Hi dear. I want to configurate cisco ipsec vpn client at asa 5505. At my asa the software version is 8.4.
  please provide me a link or some material to config ipsec vpn client at asa 5505 version 8.4
  thank you.

  are you looking for vpn client .pcf file or the configuration on ASA (ASDM) ?
  what version of vpn client ?

• CISCO IPSec

  Could some one please direct me on where to find literature on CISCO IPSec shared keys verses IPSec Internally generated Certificate based. If there isn’t any literature on the comparison of these two than the pros and cons of each would be good enough; thankyou.

  you may want to check out these links
  http://www.cisco.com/en/US/tech/tk583/tk372/tech_brief09186a00801e05dc.html
  especially this one:
  http://www.cisco.com/en/US/products/sw/secursw/ps2138/products_maintenance_guide_chapter09186a008007da1f.html#14092
  check out the case studies:
  http://www.cisco.com/en/US/products/sw/secursw/ps2138/products_maintenance_guide_chapter09186a008007da0d.html

• Cisco IPSec Client - shared key size

  Hello,
  I have got a question concerning the Cisco IPSec Client.
  Could you tell me, how large the key may be (max. 64 or 127 characters) ?
  Thanks and regards
  Patrick

  Just to help somebody else facing an issue similar to this one.
  Open Advanced menu from the configurated VPN in the Network Preferences and check 'Send all traffic over VPN connection'.
  The problem is when you have a VPN that routes all the traffic, if you want specific routes they should be configured and passed on from the router.
  I've configured a tested several vpn connections to Cisco ASA without an issue when the routes are configured on it (vpn_net1, vpn_net2 and so on) but when the route isn't specified in the router it should be considered as a default route and this option needed to be checked.

• Cisco IPSec NAT transparency

  Hi,
  Cisco IPsec works fine for me, but only in native mode: using ESP protocol. Since it's a Cisco implementation I guess it supports NAT-T. Does anyone know:
  a) it should work automatically
  b) should I configure NAT-T (UDP or TCP) somewhere else?
  So: native mode is okay, but sice I go through a NAT device, IPSec NAT_T is my goal.
  Thanks,
  Aa

  Go to Configuration > System > Tunneling Protocols > IPSec > IKE proposals. Once there, select the Active proposal used by Group and check if you are using XAUTH. To change the config, click the modify button and choose "Preshared Keys (XAUTH)" under Authentication mode.

• Version of Cisco IPSec used in 10.6

  Hi everyone,
  What version of Cisco IPSec does the built-in client in 10.6 use?
  A

  My update of OS X to 10.6.3 made mail.app (v. 4.2 1078) unusable.
  Connections to receive mail timed out repeatedly. This happened on both POP and
  IMAP accounts.
  I tried to rebuild mailboxes/indexes, delete preferences, etc. Nothing worked. I set up new
  accounts and had the same problem. I tried other email clients (Thunderbird and Seamonkey)
  with existing and new accounts and had the same problem.
  I set up Seamonkey running on a Vista machine on the same network with the same account
  information as on the Mac and it worked fine.
  I reinstalled the last OS update (10.6.3) again, no change.
  I finally reinstalled the OS from the installation DVD. Now running OS X v. 10.6 and mail.app
  v. 4, and after a slow startup (caching attachments from the IMAP account) everything seems to
  be back to normal.
  Besides the various email clients, no other applications seemed to be affected by the 10.6.3 update.
  John

• Cisco IPSec and XAuthPassword profile key

  I am creating the config profile for iPhone, while using iPhone Configuration Utility I can not enter password for IPSec VPN as the application does not have UI for that.
  I had found, though, that manually writing "XAuthPassword" key into the config profile does the trick, iPhone do recognize that entry and sets the password automatically on applying profile.
  So, the questions are:
  1) Is this config key officially supported on iOS for IPSec VPN? If yes, then starting with which version?
  2) Because iPhone Configuration Utility does not allow me to create signed profiles containing XAuthPassword key, can I manually sign the configuration profile I had edited?
  Thank you in advance

  Hi,
  in « iOS Configuration Profile Reference »:
  IPSec Dictionary Keys
  XAuthEnable – Integer:1 if XAUTH is ON, 0 if it is OFF. Used for Cisco IPSec.
  It turn off XAuth and do not ask for User/Password.
  You can try this option by editing configuration profile like this:
  <key>XAuthEnabled</key>
  <integer>0</integer>
  <key>AuthenticationMethod</key>
  <string>Certificate</string>
  but I can`t resolve the problem, I seems it is a ios (4.3.1) bug, because my vpn-server works fine with other vpn-clients, like Cisco VPN Client, with certificate authentication and without xauth.
  Best regards!

• Cisco IPSec Client Setup for Wireless

  I would like to set up Cisco IPSec VPN Client on a wireless Laptop to authenticate to a Cisco Radius Server 3.2. (WLC 4100)with pre-share keys.
  I have setup the basic parameters on the WLC,SSID, VLAN, L3 Security IPSec and default IPSec parameters. The WLC does not seem to send/forward any kind of request to ACS at all and when i connect on the Wireless Client it behaves as a pass through VPN.
  Thank you,

  Try these links:
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a008014a37c.shtml
  http://www.cisco.com/warp/public/480/acs-peap.html
  http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_administration_guide_chapter09186a008015cfd8.html