Connecting via the native Cisco IPSec VPN client on Mac OS X

In Mac OS X, it is possible to use the native Cisco IPSec VPN client in order to establish a VPN connection, following the steps described below. Thus, there is no need to install any additional software.

A prerequisite is to either having been given the required information or just have the profile configuration file (.pcf extension) used by the typical Cisco VPN client in Microsoft Windows.

Example of profile configuration file, illustrating only the part that is relevant to this post:

[main]
Description=
Host=vpn.example.com
AuthType=1
GroupName=GroupExample
GroupPwd=
enc_GroupPwd=9196FE0075E359E6A2486905A1EFAE9A11D652B2C588EF3FBA15574237302B74C
194EC7D0DD16645CB534D94CE85FEC4

  1. Go to System Preferences → Network and click the plus sign (Create a new service).
  2. Choose “VPN” for the interface and “Cisco IPSec” for its type. In the Service Name field, either enter a specific name that characterizes the VPN connection or just leave the suggested one.
  3. Open the .pcf file, using any text editor, or any other file that was given and contains the necessary parameters. The values that are, at least, required from the .pcf file are: Host, GroupName and enc_GroupPwd. Entering a passwords is not obligatory, as the remote resource will prompt for password whenever a connection is made.
  4. Enter the Server Address, using the corresponding “Host” value in the .pcf file (i.e. vpn.example.com).
  5. Enter your Account Name and Password. Both refer to your personal credentials.
  6. Click on the “Authentication Settings” button.
  7. Enter the Shared Secret, based on the corresponding “enc_GroupPwd” value in the .pcf file. You have to copy the long series of letters and numbers and paste it in a website that decrypts Cisco VPN group passwords (a search on Google provides numerous results). The result needs to be copied in the Shared Secret field.
    For example, decrypting group password:
    9196FE0075E359E6A2486905A1EFAE9A11D652B2C588EF3FBA15574237302B74C194EC7D0DD166
    45CB534D94CE85FEC4

    results in:
    letmein (this is the value that should be used)
  8. Enter the Group Name using the corresponding “GroupName” value in the .pcf file (i.e. GroupExample).

Note: iPhone’s iOS has also a built-in Cisco IPSec VPN client. The configuration steps are the same with those described above. The only difference is the first step, since you have to go to Settings → General → Network → VPN and click on the “Add VPN Configuration…” option.

Advertisements