How to Setup a MacStadium Cisco IPSEC VPN Connection

The majority of our corporate and enterprise customers (and all customers using Mac private cloud environments) take advantage of one of the Cisco Firewall (Adaptive Security Appliance) options that we offer here at MacStadium. The primary solutions we offer are as follows:

• Managed Firewall Service (a partition on a shared cluster)
• Dedicated Cisco ASA55xx Firewall (~1Gbps throughput)

All of the solutions are billed at a single flat-rate monthly fee regardless of the # of servers behind the firewall.  The dedicated firewall solutions can also be clustered into High Availability clusters which are in turn hard wired to each of our network cores for full A+B redundancy end to end. We support our own Cisco ASA hardware but can work with you to deploy colocated security appliance hardware in bespoke, unsupported-by-us configurations.

In most cases, users will also have us configure remote access VPN accounts which will bypass any inbound firewall rules, allowing 100% free access to their dedicated servers here at MacStadium.  The following directions will walk you thru how to setup your Mac OS X or Windows desktops to connect to your MacStadium firewall service.

When you sign up for these services at MacStadium, you will be provided a configuration document with your IP Address allocations, and specific firewall configuration information.  Before we get too far along in the guide please make sure that you have located the following information for your VPN :

• VPN Host IP Address (the IP Address of the actual Firewall)
• Group Authentication Name
• Group Authentication Password (Shared Secret / PSK)
• User Name
• User Password

Configuration Cisco IPSEC VPN in Mac OS X

With the release of OS X Snow Leopard (10.6) Apple has added support for establishing an encrypted connection to a VPN server through the L2TP over IPSec, PPTP and Cisco IPSec protocols without the need for a third party VPN client.

With this feature you'll be able to connect to your private cloud without having to hunt for a third party client and potentially save a lot of money.

(We are aware that the shown screenshots feature and outdated look of macOS, but the setup still is the same. The guide will be updated in the near future to show the current design of macOS)

STEP 1: Open System Preferences and then select Network preferences.

STEP 2: At the bottom left of the screen press the + sign in order to create a new network interface.

STEP 3:In the dialog box that comes up select the interface type of VPN and then selectCisco IPSecas your VPN type.  You may then name your VPN interface as you choose. For example, you might use something like "MacStadium VPN"

STEP 4:You may then name your VPN interface as you choose. For example, you might use something like "MacStadium VPN"

STEP 5: Once you have created the interface you can enter the following credentials in the appropriate boxes.  We also recommend that you choose the checkbox to keep the VPN status in your menu bar at the top of the screen for easy access to VPN connectivity.

• The VPN's IP Address / Hostname (something like 208.52.xxx.yyy)
• Your User Account Name
• Your User Account Password

STEP 6: Now, select the Authentication Settings... button.  In the Authentication Settings dialog box enter the following settings:

• Your assigned Group Authentication Password (the Shared Secret / PSK)
• Your assigned Group Authentication Name

STEP 7: Now, select OK, and Apply in the Network Preferences dialog.

Congratulations, you are now ready to connect to your MacStadium Firewall service via VPN!  

Configuration Cisco IPSEC VPN in Windows

Please note that this client is only compatible with certain versions of Windows including Windows XP, Server 2000, Server 2008, Windows 7, but not Windows 8 or newer.  Windows 8 and Windows 10 users should use a 3rd party IPSEC VPN client such as Shrew Soft VPN Client For Windows. (Note: While the Shrew Soft site only lists compatibility with Windows 8, we have confirmed it is compatible with Windows 10.) For non-Windows users, the native Cisco client is one of the easiest ways to connect to your VPN.

STEP 1: Download and install the Cisco VPN Client (please note this is different than Cisco Any Connect client).  MacStadium customers can download the program from the link we provide you in your VPN Setup documentation.

STEP 2:  Click create a NEW VPN connection:

STEP 3:  Enter the following credentials:

• A Connection Entry Name (something like MacStadium VPN)
• The VPN's IP Address / Hostname (something like 208.52.xxx.yyy)
• Your assigned Group Authentication Name
• Your assigned Group Authentication Password (the Shared Secret / PSK)

STEP 4:  Finally, after you have created the new connection entry, you can click the CONNECT button, and Enter the following credentials:

• Your User Account Name
• Your User Account Password

STEP 5: Now, select OK, to connect...

Congratulations, you are now ready to connect to your MacStadium Firewall service via VPN!