Cisco’s VPN solution are quite popular in the enterprise market and a lot of companies use them to provide their employees access to the company’s networks and resources when the employees are not onsite.
Most of these companies use the default Cisco client which Cisco supplies with a couple of modifications to suit their particular needs. More specifically, the configuration of this client involves creating a .pcf file which the client uses to read the settings for the specific network.
The .pcf file is a plain text only file which a couple of config options, the important of which are the VPN server address, the encrypted group password and the group name.
Mac OS X, since the last few version came with the ability to connect to L2TP and IPSec based VPNs out of the box but lacked the ability to connect to Cisco’s implementation. That has now changed with the release of Mac OS X 10.6 aka. Snow Leopard. OS X now ships with the ability to connect to Cisco based VPNs out of the box.
The only problem is that the configuration of the built in client requires a little bit of “homework” and in this post today I’ll be taking you through just that.
First of all you need to get hold of the .pcf file for your company’s network. If you’d been connecting to the VPN using Cisco’s client all this time, you’ll have the .pcf somewhere on your computer – Search for it and save it somewhere convenient. Or else ask your network admin to provide you with a copy of the file. Either way you need to open this file with a text editor (TextEdit on OS X) and make note of a couple of config parameters.
The first config option that we’re interested in is the Host=xxx.xxx.xxx.xxx option where the xxx.xxx.xxx.xxx is an IP address.
The second option that you’d need is the GroupName=xxx option and the third option that we want is the enc_GroupPwd=xxx where xxx will be a long string of seemingly random characters. The seemingly random characters is the encrypted group password that is needed to connect to your company’s VPN server.
We need to first get the decrypted the encrypted password that we got from the .pcf file. To do this, visit this website and enter the encrypted password from enc_GroupPwd field in the Text box and click decode. The website will decode the password and output the decrypted password in clear form. Make note of this decrypted password as we’ll need to use this later on.
Now, open the Network config panel from the System Preferences application.
Click on the + sign to add a new Network connection and Select VPN as the Interface and Cisco IPSec as the VPN Type and press Create.
Now, you need to fill in the details that you’d collected earlier from the .pcf file.
The server address comes from the Host parameter that we looked at earlier. The Account name is the username that you use to connect to the VPN. Password is the one that you use to connect to the VPN. If you use a dongle provided by RSA or some other company which generates a random password each time you login, leave this field blank.
Now, click on the Authentication Settings button and in the Shared Secret text box, enter the decrypted password that you got earlier. Enter the text from the GroupName field that we looked at earlier in the Group Name text box. Click on the Ok button and you’re all set.
Apply the settings and Click connect to get online and connect to your company’s VPN server.