Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA and Apple VPN Client

I have an ASA 5510 box with software version 7.2(1) which I am trying to get to work with the built-in VPN client on Mac OS X 10.4.x I have the ASA is set up to the point that client machines using the Cisco client can VPN in properly with everything working, and the Apple client can seemingly connect properly. When connected via the apple client, however, the network is not accessible. Both the ASA with logging set to the debug level and the apple VPN log show a good connection. The apple client receives the addresses of our internal DNS servers properly, and a netstat -rn shows the 10.x destinations (our inside network) being routed over ppp0-the VPN connection. All this looks good-but no traffic flows. If, for example, I try to ping a computer inside the network, I get no response. The ASA log only shows a string of errors like the following:

3 Dec 07 2006 08:58:24 713042 IKE Initiator unable to find policy: Intf inside, Src:, Dst:

where is the address assigned to the VPN client, and is a computer inside the network that I know responds to pings. I know this error is described as being "probably timing related" and "likely to correct itself", but in this case it seems to be denying me access to the network. As mentioned before, the Cisco client works fine. How can I correct this, other than using the Cisco client? There are a number of reasons why I would rather use the Apple client. Thanks!

New Member

Re: ASA and Apple VPN Client

If it helps any, when connected the ASA VPNn statistics show the protocol for the apple client as "L2TPOverIPSecOverNatT" and the Encryption as 3DES. For the cisco client, the protocol is listed as only "IPSecOverNatT". Everything else looks the same. Any ideas? Thanks.

New Member

Re: ASA and Apple VPN Client

Does anybody have any ideas on this? I would really like to get this working. Would there be some other place that would be more appropriate for me to ask this question? Thanks!


New Member

Re: ASA and Apple VPN Client


I'm no expert, but based on your IKE message it seems like you need some policy in place that allows the traffic from 10.8.x.x to 10.9.x.x?

I'm attempting something similiar, but with a ASA5505, I can get a Mac OS 10.3 client to connect to my ASA, but I can't ping it on the same subnet 192.168.1.x. I'm trying to use ARD (Apple Remote Desktop) to control/observe that logged in client.

PS: I'm using Cisco's VPN client, I realize you're using Apple VPN client.

Perhaps you've already figured it all out.


CreatePlease login to create content