If you have been using the 4.x release of Cisco’s VPNClient on the Mac — be prepared for a change. By default the VPNClient is a 32-bit piece of software and it does not run on Lion, unless you boot your machine in 32-bit mode (which sort of defeats the purpose). However, the built-in MacOS VPN client works just fine. Here’s one man’s take on a fast tutorial for getting it up and running.
Step 1: Add a new network connection
The first step is to add a new network connection from within System Preferences. Click on the Network Icon to start the process, then hit the “+” sign to create a new network connection.
Clicking on the “+” sign will make the following panel appear (Step 2). For the interface, choose the value “VPN”. For the VPN Type, choose “Cisco IPSec”. The system will provide a default value for the service name, but you can call it anything that you like. Choose the “Create” button to create the new VPN connection. (You aren’t ready to go yet, but this is the first step in the process).
Step 2: Add the server information and your username and password
For the “server address” enter the IP address or the fully qualified domain name (someserver.yyy.com). For the account name, enter your username. for the password, enter your password. (You can leave the password blank — it will prompt you for the password when you attempt to connect). The next step in the process is to add the “Authentication Settings”. You will need to do a couple of things before you are ready to enter the data into the authentication settings section.
Step 3: Find/edit your PCF file
Find your “PCF” file. All CISCO VPNs use “PCF” files to store configuration information. Locate your PCF file for the site that you want to connect to, or export the PCF file from entries in your CISCO client. (You will want to do this before you upgrade, since you can’t run the client after the upgrade. If you’ve ALREADY upgraded and do not have your PCF files — then boot in 32-bit mode by holding down the “3” and “2” keys when you power up — run the Cisco client and and export your VPN entries. Edit your PCF file and look for the following lines:
[main] ... Host=vpn.xxx.com GroupName=xxxx GroupPwd= enc_GroupPwd=812FC93EA5B61A8C2E306CE357290B52E8074755446498A3SDFDFDDDFDFDFFD2F8BFBD5E
You should already have the “host” from previous steps, but if you could not find it before — it’s here in this file as well. You will need the group name and the “enc_GroupPwd” values for the next step in the process.
Step 4: Translate the “enc_GroupPwd” value
Surf to the following URL — http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode — to display the page as shown below. Copy the “enc_GroupPwd” value (everything AFTER the “=” sign) and paste it into the “Encrypted (Group) Password” field on the screen and hit the “decode!” button. The value that you need will appear next to the “clear:” field at the bottom of the page (after you hit the decode button)
Step 5: Go back to “Authentication Settings — Step 2”
Head back to step 2 and press the “authentication settings” button to display the panel as shown in Figure 5. Paste the value that you got for the “clearirr” field from step 4 into the “Shared Secret” field. Enter the value of the “GroupName” field from the PCF file into the “Group Name” field in this panel. Press the “ok” button to save the changes. Use the “Connect” button as shown in Figure 3 to connect to your Cisco VPN.