Here's how to configure Snow Leopard (and iPhone) to use an enterprise Cisco VPN concentrator (which is what you connect to from internet when you want to virtually join a company or school's LAN). Open System Preferences - Network - click the plus sign (Create a new service). On the iPhone, choose Settings - General - Network - VPN - Add VPN Configuration. On the Mac, chose VPN as the interface. Choose Cisco IPSec as the VPN type, and supply a service name as a description (an arbitrary name for the connection, whatever makes sense to you). The rest of the necessary information is supplied by you eyeballing a configuration file (or profile file) used by the typical Cisco VPN client.
These files have a.pcf extension and they're usually distributed by an organization as part of the Cisco VPN client installer, usually in a folder called Profiles, but sometimes they are distributed just by themselves for users of other Cisco-compatible VPN clients. If the.pcf has already been installed on your Mac, you can find the containing directory here: /private/etc/opt/cisco-vpnclient/Profiles/ — which you can see in the Finder by selecting Go - Go to Folder. and entering that full path above. Not all the values in the Mac or iPhone configuration windows are used. Certificates, for example, are not common and can be left off or blank. Passwords need not be entered and saved; instead, they can be entered whenever a connection is made. Open the.pcf file using any text editor.
Simple to deploy and operate, the Cisco VPN Client enables customers to establish secure, end-to-end encrypted tunnels to Cisco remote access VPN devices. Free Cisco Systems Mac OS X 10.4 Intel.
You will see rows of options and values — these are what you will enter in the Mac or iPhone network preferences. For example, to enter your organization's server address, use the corresponding Host value in the.pcf file.
Back at the System Preferences - Network - VPN option, there's the Authentication Settings button. Here, you need two important settings: the Group Name and the Shared Secret. The former is found in the configuration file under the GroupName line. The final field that's necessary to make the VPN connection is something called the 'Shared Secret' (it is also sometimes called the Group Password). Cisco VPN clients use two factors for authentication to connect users to your LAN (called SUNet here at Stanford). One is very weak, and that's the Shared Secret. The other is strong: your own username and password.
In the.pcf file, you will see this as the value associated with encGroupPwd line. You'll notice it looks like an encrypted string, a bunch of letters and numbers. Because it's encrypted, you cannot cut-and-paste this string into the System Preference field. I can't tell you what that string is or what it decrypts to, but it's simple enough to use a to find a website that decrypts Cisco group passwords.
You enter the long string, click a button and it spits out the passphrase. It's that passphrase that you enter in the Mac or iPhone's Shared Secret field. What will this Shared Secret get you? Remember, it's only one of two factors necessary to connect. The other, of course, is your username and password.
That should never be disclosed, shared or mismanaged.
Hi., I have a problem getting my Aladdin USB eToken (using Aladdin eToken PKI-Client (formerly 'RTE') 4.55.44) up and running with Cisco VPN client (4.9.01.0100) under Mac OS X (10.5.6): The certificate on the eToken does not show up in the 'certificates' tab of the VPN client and therefor I cannot establish a connection. If it helps: The certificates DO show up in Mac OS X' keychain access app while the Token is pluged in. So maybe the VPN client does not get the certificate information from the correct place? For comparision: With Windows (XP SP3) everything works (of course;-) fine (Aladdin eToken RTE 3.6.5, Cisco VPN client 4.8.01.0300). Any help is appreciated. One additional information: If I export my certificate from the eToken (either via the Aladdin eToken properties or the native Mac OS X Keychain Access), import it manually into the Cisco VPN client and try to setup the VPN connection, the 'Certificate Authentication' select box on the 'Authentication' tab remains empty (i.e. The certificate imported earlier does not show up here nor in the 'Certificates' tab).
(On my Windows XP, the certificate automagically is selected in the 'Certificate Authentication' select box (and appears in the 'Certificate' tab) as soon as the eToken is plugged in) Maybe this helps in helping me:).