I'm using Parallels GA on Tiger. I have the Cisco VPN client (4.0.4B) running inside a Windows XP guest OS (SP2 with all the latest updates). The VPN is using UDP NAT/PAT tunneling and that all works fine. I can establish the VPN and I can then SSH into a machine at work. I'm using either Putty (5.8) or Cygwin OpenSSH (latest version). Now that's all fine. I can type commands and get output from the machine at work, but if I get a lot of output then the SSH just hangs. A lot of output might be the result of "ls -lR /" or even running "top". It's basically unusable, especially for my intended purpose of establishing an SSH tunnel for RDP because an RDP session hangs the SSH immediately. I thought it might be related to MTU interacting badly with the virtual interface that Parallels uses, because large output might be synonymous with big packets exceeding the MTU once encapsulated by the VPN. However the symptoms don't quite agree with that, because the output from "ls -lR /" will actually occur for a few seconds before the SSH hangs. So packets were getting through at least for a short while. An identical configuration over in BootCamp (Cisco VPN client, Windows XP SP2, Putty) is very reliable. This suggests it's not a problem with my ADSL router or the VPN concentrator. I'm using Bridged Mode Networking in Parallels. If I try Host Only Networking then I can't get the VPN to establish. The VPN concentrator doesn't support TCP tunneling, only UDP. I've fiddled all the settings I can fiddle in both the Cisco VPN software and Putty, but there aren't many options. Any ideas? I'm aware this one is odd and most people are going to say "huh?".
I only say "huh" to what you are doing. There is a Cisco VPN client and a Microsoft Remote Desktop native for Mac OS X. Why not just use those? Also, I'm not sure why you need SSH to tunnel the RDP session when the VPN should be protecting it already.
It doesn't suit my purposes. The Mac client will separate my laptop from the local LAN, because that's how the concentrator is configured, which is exactly what I'm trying to avoid here. Because RDP isn't permitted through the firewall. Don't question what I'm doing if you don't know the answer to my question. It's a classic type-A personality trait and it's very annoying.
There are known problems with the 4.0.4 release. Upgrade to at least 4.0.6.2 something. I can't remember the full version number, but it's the one I distribute and support to my vpn users. Barry
I was merely trying to access why you were attempting such a setup in order to be able to perhaps make a useful suggestion. Knowing all that now helps some things. I use the Cisco VPN client as well but luckily it is not configured to cut on my LAN or else it'd be completely useless. As I have not been hit by that misfeature, I do not know exactly how it behaves, but even wit hthat off I know if does not weird things and breaks some bits of networking that should be unrelated to it. One thing you did not specify in the original post was when you tried host-only networking, did you have NAT enabled in OS X to provide access for the virtual adapter (usually en2 from what I've seen). Also, if you have the firewall on, you will need to add a rule to allow traffic for that adapter. I've seen a suggestion that Personal Web Sharing be turned on to allow this, but that only allows port 80 (so web browsing works) and has the side effect that you are now running a web server that is available to the network. The proper rule is easyily added on the command line with "sudo ipfw add 2000 allow ip from any to any via en2" (assuming en2 is the virtual adapter). If you did not have NAT on or had the firewall enabled you may want to try host-only networking again with these details taken into consideration if the updated client doesn't help in bridged mode. I'm not sure of the IT environment at our workplace, but it may be worth mentioning the difficulties you are having. Policies, such as not allowing RDP over the VPN, can only change if the administrators are aware of the need.
Yeah, I realise that, I'm sorry for snapping at you. That feature is set on the concentrator so it's beyond my control to fix. The Cisco VPN client for Windows works from BootCamp but that means dropping out of OS X. The Cisco VPN client for Mac works as well but without LAN access it's as bad as going to BootCamp. I am hoping the Cisco VPN client inside a Parallels session will give me the best of both worlds. I didn't try any of that with the host-only networking. That's very helpful information so I'll give that all a go. Thanks for your help.
I upgraded from 4.0.4B to 4.8.01.0300 today and it's now perfect. The SSH session doesn't drop out and (even better) RDP through a tunnel is reliable. Thanks for the advice, it was spot on. Thanks to everybody else who responded as well.
