Connecting a Mac to Cisco Pix via VPN

Unanswered Question
Sep 18th, 2002
User Badges:

I am in need of the ability to connect a MAC OS 9.2 to be able to VPN to a PIX firewall. I have tried Netlock but it only works with a VPN concentrator. My question for it is can I make the PIX prompt for a username/password like the concentrator does? maybe that would work.

Next I tried TunnelBuilder to connect and it does but breaks during LCP negotiations. I have placed the debug screen below:


toontown(config)#

Tnl 7 PPTP: Tunnel created; peer initiated

Tnl 7 PPTP: SCCRQ-ok -> state change wt-sccrq to estabd

Tnl/Cl 7/7 PPTP: l2x store session: tunnel id 7, session id 7, hash_ix=7

PPP virtual access open, ifc = 0


Tnl/Cl 7/7 PPTP: vacc-ok -> state change wt-vacc to estabd

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005063dfb8a17

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 3dfb8a17


Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005063dfb8a17

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 3dfb8a17


Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005063dfb8a17

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 3dfb8a17


Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005063dfb8a17

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 3dfb8a17


Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005063dfb8a17

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 3dfb8a17


Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005062cf6fe04

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 2cf6fe04


Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005062cf6fe04

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 2cf6fe04


Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005062cf6fe04

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 2cf6fe04


Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005062cf6fe04

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 2cf6fe04


Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005062cf6fe04

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 2cf6fe04


Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:


Tnl/Cl 7/7 PPTP: ClearReq -> state change estabd to terminal

Tnl/Cl 7/7 PPTP: Destroying session

PPP va close, device = 1


Tnl 7 PPTP: no-sess -> state change estabd to wt-stprp

Tnl 7 PPTP: StopCCRQ -> state change wt-stprp to wt-stprp

Tnl 7 PPTP: Destroy tunnel


Any ideas?


Thanks

Greg Wasson

[email protected]

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hampton Wed, 09/18/2002 - 17:56
User Badges:

For Mac OS 9, you could use NAI's PGP Desktop suite. It contains PGPNet which works with the PIX without XAUTH. Check out www.pgp.com for details.

You want to check out the Corporate Desktop if I remember correctly. You'll also need the 3DES license for the PIX as PGP doesn't do DES IPSEC tunnels, only 3DES and you need to set the PIX to do IPSEC, not PPTP.

On a flip side...

You can get the PIX to do XAUTH, check the PIX TAC how-to's, that might allow you to use the netlock client, but I doubt it.


My personal recommendation would be to upgrade to Mac OS X 10.2 and use the 3.6 VPN Client from Cisco. That's a supported config of both the PIX and the client. Also Mac OS X does have a built in PPTP client.

gwasson Thu, 09/19/2002 - 06:57
User Badges:

Thanks for the tip, I will look into both PGP and Xauth. Unfortunately Mac OSX10.2 is not an option for me yet.


Thanks

Greg

Actions

This Discussion