Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Install vpnc as a replacement for the Cisco VPN client' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Install vpnc as a replacement for the Cisco VPN client
Authored by: giulio on Feb 20, '09 08:15:50AM

The only reason I am holding onto XP is because that version of Cisco is the only one that has the stately firewall that some companies require.

Does this solution include that?
Do you plan to release some sort of binary for the 'rest of us'?

---
Freelance web development
WebVeteran.com



[ Reply to This | # ]
Install vpnc as a replacement for the Cisco VPN client
Authored by: Schwie on Feb 23, '09 06:44:03AM
I too would like to be able to access VPN servers that have the stateful firewall requirement, but from what I'm gathering "vpnc" cannot do this either.

It appears that Cisco knows about the issue and documented it here:

http://tinyurl.com/58p6na

or

http://supportwiki.cisco.com/ViewWiki/index.php/VPN_Client_on_the_MAC_OS_is_not_able_to_connect_to_the_VPN_3000_Series_Concentrator_and_the_user_receives_the_reason_=_PEER_DELETE-IKE_DELETE_FIREWALL_MISMATCH_message

I tried the latest VPN client for the Mac that I was able to get my hands on (4.9.01.100), but it still doesn't work for me. This issue has been around for years, so it would seem that Cisco has no intention of ever fixing this.

The best work around appears to be to ask your IT people to set up a new group account for *nix platforms whose firewalls don't integrate with the vpn client (or atleast offer the correct response to Cisco's Concentrator). Until then, my Cisco VPN client will continue to fill my log with crap like this:

130 08:42:11.617 02/23/2009 Sev=Info/4 IKE/0x4300004B
Discarding IKE SA negotiation (I_Cookie=A3546266FB25C222 R_Cookie=5F3E545C336A69AF) reason = PEER_DELETE-IKE_DELETE_FIREWALL_MISMATCH


[ Reply to This | # ]