Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Connecting a Mac to Cisco Pix via VPN

I am in need of the ability to connect a MAC OS 9.2 to be able to VPN to a PIX firewall. I have tried Netlock but it only works with a VPN concentrator. My question for it is can I make the PIX prompt for a username/password like the concentrator does? maybe that would work.

Next I tried TunnelBuilder to connect and it does but breaks during LCP negotiations. I have placed the debug screen below:

toontown(config)#

Tnl 7 PPTP: Tunnel created; peer initiated

Tnl 7 PPTP: SCCRQ-ok -> state change wt-sccrq to estabd

Tnl/Cl 7/7 PPTP: l2x store session: tunnel id 7, session id 7, hash_ix=7

PPP virtual access open, ifc = 0

Tnl/Cl 7/7 PPTP: vacc-ok -> state change wt-vacc to estabd

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005063dfb8a17

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 3dfb8a17

Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005063dfb8a17

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 3dfb8a17

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005063dfb8a17

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 3dfb8a17

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005063dfb8a17

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 3dfb8a17

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005063dfb8a17

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 3dfb8a17

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005062cf6fe04

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 2cf6fe04

Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005062cf6fe04

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 2cf6fe04

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005062cf6fe04

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 2cf6fe04

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005062cf6fe04

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 2cf6fe04

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005062cf6fe04

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 2cf6fe04

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 20

Pkt dump: 010405dc02060000000005064a734b1107020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: MAGIC_NUMBER, len: 6, data: 4a734b11

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 14

Pkt dump: 010405dc02060000000007020802

LCP Option: Max_Rcv_Units, len: 4, data: 05dc

LCP Option: ASYNC_MAP, len: 6, data: 00000000

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

Tnl/Cl 7/7 PPTP: ClearReq -> state change estabd to terminal

Tnl/Cl 7/7 PPTP: Destroying session

PPP va close, device = 1

Tnl 7 PPTP: no-sess -> state change estabd to wt-stprp

Tnl 7 PPTP: StopCCRQ -> state change wt-stprp to wt-stprp

Tnl 7 PPTP: Destroy tunnel

Any ideas?

Thanks

Greg Wasson

gregw@ideo.com

2 REPLIES
Cisco Employee

Re: Connecting a Mac to Cisco Pix via VPN

For Mac OS 9, you could use NAI's PGP Desktop suite. It contains PGPNet which works with the PIX without XAUTH. Check out www.pgp.com for details.

You want to check out the Corporate Desktop if I remember correctly. You'll also need the 3DES license for the PIX as PGP doesn't do DES IPSEC tunnels, only 3DES and you need to set the PIX to do IPSEC, not PPTP.

On a flip side...

You can get the PIX to do XAUTH, check the PIX TAC how-to's, that might allow you to use the netlock client, but I doubt it.

My personal recommendation would be to upgrade to Mac OS X 10.2 and use the 3.6 VPN Client from Cisco. That's a supported config of both the PIX and the client. Also Mac OS X does have a built in PPTP client.

New Member

Re: Connecting a Mac to Cisco Pix via VPN

Thanks for the tip, I will look into both PGP and Xauth. Unfortunately Mac OSX10.2 is not an option for me yet.

Thanks

Greg

153
Views
0
Helpful
2
Replies
CreatePlease to create content