Networking Issues with Cisco VPN

I know there are several threads on this topic but there appears to be two different issues going on that need resolving:
1) The Cisco VPN software (driver) can not load in the HOST (we know this is related to the driver load order)
2) The Cisco VPN software fails to work in the CLIENT

This topic is mean to address item #2 ONLY.

Setup:
Host:
Mac OS X 10.4.6
MacBook Pro 17
Cisco VPN 4.9 (using TCP port 10000)
Guest:
Windows XP SP2
Cisco VPN 4.8 (using TCP port 10000)
Parallels:
Beta5, Beta6, RC1, or RC2

How to reproduce this problem:
1) Launch Parallels (PWS) and start the guest OS
2) Connect the HOST OS to the target VPN (e.g., myvpn.mydomain.com) (SUCCESS)
3) Go back to PWS and attempt to start a VPN session to the same host (FAILURE)
4) Go back to the HOST and disconnect the VPN session
5) Return to the guest and repeat step 3 (SUCCESS)

Results:
1) Guest connection connect fails at step 3
2) At step 5, the connection succeeds

Additional examples/tests:
EXAMPLE #1
1) Launch Parallels (PWS) and start the guest OS
2) In the Host OS, lookup the IP address of the VPN target host (e.g., nslookup myvpn.mydomain.com) (SUCCESS)
3) Without connecting any VPN, go back to the guest OS
4) Perform the same lookup (e.g., nslookup myvpn.mydomain.com) (SUCCESS)
5) Return to the host and connect the VPN
6) Return to the guest and repear the same lookup (e.g., nslookup myvpn.mydomain.com) (FAILURE)

Once the host is connected to the remote network, the guest OS can not longer resolve any IP addresses in the public target domain. This seems to indicate that the routing table is not correct once the host is connected.

EXAMPLE #2
1) Launch PWS and start the guest OS
2) Within the Guest OS, establish the VPN connection (SUCCESS)
3) Go back to the Host OS and connect the VPN from the host (SUCCESS)
4) Go back to the guest and disconnect the VPN connection
5) Now attempt to reconnect the guest (FAILURE)

This is repeatable with the Parallels adapter installed or not, enabled or not, with Mac OS internet sharing enabled or not.

What we need from Parallels:
We are looking for Parallels to either a) acknowlege an issue or bug, b) explain why this behaviour occurs, or c) describe a specific workaround for this particular issue.

 

Cisco VPN

I must be missing something. I too experienced the problem with my cisco vpn in both the OSX and XP environment.

I opened up the network preference pane in OSX and looked for the network port configurations. there you will see "parallels Host-Guest adaptor". i unchecked that box and I can use vpn from the mac side or from the windows side. I have not tried using both at once.

Pete

 

Okay - does the VPN you are connecting to allow more than one connection with the same login?

BarryW

 

Cisco VPN

no.
I tried this after I sent the post last night. I logged into the mac side vpn. opened parallels and started windows xp. then tried to open vpn on windows side. it basically kicked me off the mac vpn and then allowed me to open a vpn connection via windows.

I don't find this unexpected. somewhere I read you could only have 1 vpn tunnel on either the mac or windows side, at a time.

but, from my standpoint I can get either to work when needed.

did this solve your problem at least for one connection at a time?
Pete

 

I have this same problem, great to see that their may be a work around. I thought that if I quite Parallels, then Cisco VPN would start to work, but that is not the case.
David

 

Yes as evidence in Example 2. If the guest is connected first, then the host can still resolve the target domain and has a route to it. This enables the host to make a connection too. However, if you reverse that scenario, the Guest will not have a viable route to the host. Just follow the steps to reproduce it. In short, Guest Connect 1st, Host Connect 2nd = success, but Host Connect 1st, Guest Connect 2nd = failure on the guest.

 

Follow the steps explicity and you should be able to have both running - open parallels first - make sure you have a LAN connection already. Next, connect the VPN in the guest. Now connect the VPN in the Host. Both should be up. Reverse that process by starting the host VPN first. Now go back to the guest and you won't be able to resolve or route to the the VPN host in the guest. Therefore you won't be able to form a VPN tunnel to the VPN host in the guest OS.

 

Here's my scenario of why I'm doing this: First, the client has Exchange mail which I need to read throughout a given day. I use OS X Mail for that. I also use Safari for the web browsing and testing as well as other native OS X development tools. At the same time, I use various database development tools (that only runs under Windows) but must connect to the remote database to use them. Hence, Parallels is the only viable option. The client uses a Cisco firewall. So, I must be able to connect from both sides at once - which should work - using Cisco VPN software. It works on my G5 with Virtual PC for example, and it used to work in Parallels prior to Beta 5. I can be connected on the host side and ping or tracert to any other domain in the Guest OS, but once the Host goes up, the Guest no longer has a viable route - it's like the routing table gets screwed up somehow.

 

This is very odd to me. I have no problems running Cisco's VPN client in XP or Linux at the same time as running it on the host OS X. In fact I have just opened up a Linux VM and XP VM and connected to my work's VPN at the same time, i.e. all two guest OSs and the host OS.

Edit: I had the Mac OS X vpn connection set up first, then opened XP and connected to the same VPN, then opened a Fedora Core 3 VM and did the same. At no time was there an issue with the connection or was I kicked off any of the connections.

I haven't done anything special in the set up. This is Cisco VP Client version 4.7.00.0533 in XP and 4.9.00(0050) on OS X and 4.7.00(0640) on Linux.

Could it be a server configuration issue?

 

Yes. My client has the Cisco VPN server set to only allow one logon per IP address at a time. The IP address that it sees in this case is my DSL router.

I have an almost identical need as MicroDev. I use Entourge to access my client's Exchange Server for e-mail and I am an SAP developer, so I need to run SAPGUI in WinXP. (I have a seperate issue with SAPGUI losing connection to the server ~every 15-20 minutes. Hasn't always happened. I don't remember which Beta it started with. ~Beta5.)

 

Hmm. Doubtful because I can connect with other Wintel laptops and Macs simultaneously using the same versions of Cisco VPN. I can also connect the Guest first then connect the Host second. It's the other way around - the way you describe - that has problems.

I'm running 4.8 on XP and 4.9 on OS X. Try starting XP first, with no VPNs connected, then startup the OS X VPN, then the XP VPN, and see if that works. I find that XP can no longer resolve the IP addresses of the VPN host.

For example, with XP already running (no VPN connected)...

Is OS X:
nslookup myvpn.mydomain.com
Server: 192.168.2.10
Address: 192.168.2.10#53

Name: myvpn.mydomain.com
Address: 142.212.32.112

In XP:
nslookup myvpn.mydomain.com
Server: dns1.localdomain.com
Address: 192.168.2.10

Name: myvpn.mydomain.com
Address: 142.212.32.112

Once I connect the Mac OS host and query XP again (no VPN connected yet in XP) I get:
nslookup myvpn.mydomain.com
Server: dns1.localdomain.com
Address: 192.168.2.10

*** dns1.localdomain.com can't find myvpn.mydomain.com: Non-existent domain

 

Hi MicroDev, I did what you suggested ... started XP before connecting to the VPN on OS X. I still had no problems resolving the address of the VPN server in XP after connecting in OS X, or connecting to it with either guest or host OS.

 

Error51:

I think that I have a different issue with my Cisco VPN client. I am not able to attempt to login. I get a dialog as soon as I launch the client stating:
Error 51: Unable to communicate with the VPN subsystem
Please make sure that you have at least one network interface that is currently active and has an IP address and start this application again.

In the console log I have the following:
Could not attach to driver. Is kernel module loaded?
QString::arg(): Argument missing: Error 51: Unable to communicate with the VPN subsystem.
Please make sure that you have at least one network interface that is currently active
and has an IP address and start this application again., 4

I started to see this when I installed RC2. I did not have this problem with earlier versions of Parallels.
Has anyone seen this sort of error?

 

Try this: open up the network preference pane in OSX and look for the network port configurations. there you will see "parallels Host-Guest adaptor". uncheck that box and you should be able to use vpn from the mac side or from the windows side. according to the previous posts, to use VPN simultaneously on host and guest OS, start VPN first in guest, then in host.
Pete

 

Yeah that's issue #1 - not what we want to discuss on this thread. Check out this thread instead:
http://forum.parallels.com/thread2299.html

 

Thanks prock but I've already done that. In so far as the last suggestion is concerned, that's pointed out in Example #2 above. Paul Linden claims he doesn't need to follow the Guest - Host order to get both connected (how it used to work in B4 and prior). I'm looking for the reason as to why this occurs. It's almost as though the Guest is partially connected to the Host tunnel.

 

That is bizarre. You seem to be unique my friend. That stopped working for me after Beta 4. I watched the routing table change in OS X and in XP and the only thing I can tell is that when the routing table changes in OS X, XP can't see the target domain at all - but only the target of the VPN domain - all others work okay (ie., microsoft.com, parallels.com, etc.). Once the routing table is restored, XP can see the domain again.

 

Actually, I get problem #1 (Error 51) if I connect the guest before connecting the host, and I have to disconnect guest VPN, go into the Network configuration to uncheck the Parallels adapter, start host VPN and check the Parallels adapter again.

Still works fine for me if I do host VPN first.

It's certainly bizarre - the only thing that I notice is I'm using the version 4.7 client in both Linux and XP.

 

GA release works the same way. Here's a quick example:

Step 1 - Connect Host OS (Mac Cisco VPN 4.9)
Step 2 - Open a Command window in the guest (XP) and issue a name lookup for the VPN target host:
C:\>nslookup host.mydomain.com
Server: dns1.corp.homeoffice.net
Address: 192.168.0.9

DNS request timed out.
timeout was 2 seconds.
*** Request to dns1.corp.homeoffice.net timed-out

Step 3 - Disconnect the Host OS VPN
Step 4 - Issue the previous command in the same guest Command window (up arrow - enter).
C:\>nslookup host.mydomain.com
Server: dns1.corp.homeoffice.net
Address: 192.168.0.9

Name: host.mydomain.com
Address: 66.197.23.53

Step 5 - Connect Host OS (Mac Cisco VPN 4.9)
Step 6 - Using the guest Command window, try to ping the target IP:
C:\>ping 66.197.23.53

Pinging 66.197.23.53 with 32 bytes of data:

Request timed out.

Ping statistics for 66.197.23.53:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss)

I also tried enabling and disabling the PWS adapter (in OS X), and turning on and off internet sharing (in OS X). Same effect in all tests.