Cisco VPN - Fix for Error 51: Unable to communicate with the VPN subsystem

If you are running Cisco's VPNClient on Mac OSX, you might be familiar with (or tormented by) "Error 51: Unable to communicate with the VPN subsystem". The simple fix is to quit VPNClient, open a Terminal window, (Applications -> Utilities -> Terminal) and type the following:

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

and give your password when it asks. This will stop and start the "VPN Subsystem", or in other words restart the CiscoVPN.kext extension. Cisco seems to have problems when network adapters disappear and reappear, something that happens commonly in Wireless or Dial-up scenerios. Sometimes putting a system to sleep, disconnecting an Ethernet cable or simply reconnecting your wireless will cause CiscoVPN to loose track of the network adapters on the system. Considering that CiscoVPN is typically used by telecommuters, this is an astonishing oversight on Cisco's part. The above hack should side-step all of these issues by causing the CiscoVPN to re-initialize. It makes one ask, why couldn't Cisco have just put the restart into their client? Or a better idea would be to not reinvent the wheel and use the existing IPSec VPN support in OSX! Am I missing something?

Tags

CiscoVPN Error 51: Unable to communicate with the VPN subsystem

Trackbacks

To send a trackback, use the URL of this story appending ?page=tb at the end.

Comments (93)

Jeff from Chicago

Thanks for the tip - this worked like a charm.

todd from boston

you the man - thanks!

Tony from Carmel from Carmel

Didn't work but rebooted my computer and the problem went away.

Steve from Minneapolis

Nice - works to correct the same issue when running Windows on a Mac (restart the Cisco VPN Service).

Jason McCarty from Canada

This did not work for me. I've gotten this error ever since I installed the VPN from cisco. I have the 4.9 version as well. What else might I need to do?

Anders from RTP

Yep, a friend of mine pointed that out and I have since confirmed it. Apple's new security update kills CiscoVPN when using dialup adapters. I don't yet have a work-around though I hear it is an issue with Apple, not Cisco. (I have nothing to back that up) I wish Cisco would just give up and use the standard IPSec VPN that comes with OSX. It would make life much easier. I'll do a blog post when I have something on this.

Cacasodo from

Didn't work for me unfortunately, using a wired or wireless connection. Even rebooted for good measure.

'sodo

http://www.techanswerguy.com/

Anders from RTP

A separate issue with the Cisco VPN software and OSX is fixed with the latest Apple Software Update. Apparently a software update around March of 2007 broke the Cisco VPN software's ability to connect though it wouldn't show the "Error 51" that this page talks about. Connections would be attempted and a password was requested but after submitting, the connection would never be established and eventually the Cisco VPN app would time out and go back to the "not connected" state. As of May 2007, Apple has released an update that fixes this issue between Cisco VPN and OSX so now things work again as expected.

This does not cover the "Error 51" issue from this page but did cause the Cisco VPN software not to connect. If you are having this issue, try running Software Update and make sure you have the latest release and see if that helps.

Anthony from

This caused a kernel panic when I ran it for whatever reason.

Sweet!

rutger from holland

how do i solve this issue in windows? reinstalling doesnt work

Anders from RTP

Rutger: This is the first time I'm hearing about this error in Windows. Sorry, I don't have a suggestion for you outside of reinstalling the Cisco VPN software.

greg from wellington NZ

i'm working in wellington unforturneatly this hasn't worked anymore ideas

Anders from RTP

Greg: Are you sure you have the latest OS updates and have tried reinstalling the Cisco VPN software as well?

Adrian Smith from Sydney, NSW, Australia

Error 51 has just cropped up for me as well (4.9.01 (0030))... it was working fine for a while, then error 51 started and I got around it by disabling airport, but just now it is coming up with error 51 everytime :(

Have tried reinstalling but to no avail.

It just started immediately after I installed Missing Sync 6 for Palm OS...

Adrian Smith from Sydney, NSW, Australia

Interesting... a second reinstall and restart has got it working again. Hmmm...

Mika from

Worked Perfectly. Thanks.

OS X 10.4.10, Cisco VPN Client 4.9.01 (0030) and VMWare Fusion Version 1.0 (51348)

John from davis/ca/usa

I had the same issue. Tried everything above to no avail - including a post from another forum recommending to turn off web sharing. I had another mac on the network with an older version of cisco's vpn client and even though it wasn't on, it seemed to interfere when starting this version. So, after installing the client again I went through these steps.
1. turned off the other mac
2. did a command line restart of the vpn client
3. started it up and it worked great!

John from davis/ca/usa

Oh yeah, and for good measure I turned off bluetooth. This may have been the issue, I don't know.

Alberto Molina from New York USA

I lived with this error for a couple of weeks and resorted, ridiculously, to submitting work to the server via ftp.

It finally occurred to me maybe I should try repairing file permissions. Read, Write and execute permissions often get fouled up for some reason on the Mac OSX when new programs are installed. I've been told many times to repair them regularly using Apple's Disk Utility, which makes this a snap. But I always forget and of course hadn't run it in some time - frankly in several months. The last time I ran it was after having headaches due to unexpected behavior in some application or other.

So finally I put together the concept of unexplaiened behavior with Cisco VPN and file permissions. It took me about 45 seconds to open Disk Utility and hit repair and wait for it to complete. I then rebooted the computer and voila - Cisco VPN loaded like it always had before, no Error 51!

massmind.com

Craig from Colorado Springs

Hmmm... VPN over dialup still doesn't work me. I use a Treo700p with MobilStreams USB Modem to connect to the internet when away from a hotspot. My problem is while VPN works fine with my wired and wireless (802.11g) networks it won't connect when I use a dialup connection.

The client starts fine and I can click connect but it thinks for a few seconds and then goes back to disconnected (I never get the password challenge popup)

Does anyone know if the VPN with Dialup issue outlined above was fixed by the update that was mentioned (I wasn't sure if it fixed the error 51 issue or the VPN with Dialup issue)

Thanks for any help

John Thurow from Laramie, WY, USA

I just upgraded to Leopard 10.5 and it started happening. Any thoughts or ideas?

Pascal Drew from France

I have also just upgraded to Leopard 10.5 and it has started happening to me too, tried earlier ideas but to no avail! Please let us know where we go from here ?

Anders from RTP

John / Pascal: I am hearing reports that OS X 10.5 Leopard is working with Cisco VPN 4.9.01 if you do a clean install of CiscoVPN. I have Loepard on my desktop but not my laptop yet and my desktop is at work so I can't test the VPN. Anybody else have experience one way or another on this?

By the way, CiscoVPN keeps config files in /etc/opt/cisco-vpn/ so to keep all your configurations, back that directory up and restore it after you re-install CiscoVPN.

Joe from Mpls, MN

Thanks

Steve from VA

Thanks, saved me some headaches here.

George Coller from Austin, TX

Cool, glad I found this!

Steve Larimore from Lexington

Go to run and type services.msc .. Start the VPN service ..

Patrick from Los Angeles, CA

I was having that error on Mac OS X 10.5.1 but we got the VPN Client version 4.9.01 (0080) and it works great.

Neeraj from austin

been trying it .. still no dice :( .. keep getting error 51.. tried reinstalling and everything.. both builds 90 and 80.. any other tips from anyone????

Anders from RTP

Are you using OS X 10.5 Leopard?

Neeraj from Austin

sorry.. yes , i am using Leopard..

Kevin McMurtrie from Silicon Valley

VPN Client worked in 10.5.1 after I disabled all vlans.

Neeraj from austin

is there a shortcut to disabling all vlans?

Stefano from Italy

I've had the same problem as all you
I've solved with

sudo ifconfig fw0 down


found at
http://www.cb1inc.com/2007/06/11/fixing-cisco-vpn-client-4.9-with-parallels-desktop-3.0-on-mac-os-x

Neeraj from austin

i tried the ifconfig thing as well, even that doesn't work.. i just am cursed i think :)

ike from australia

chmod'ing file permissions fixed it for me:

sudo chmod 777 /etc/opt/cisco-vpnclient/Profiles/

bcgrafx from Greenville/SC/USA

I was able to upgrade to Leopard 10.5 from 10.4.11, install Cisco VPN 4.9.011 (0090) which worked. I then did an update to 10.5.1 and allowed the system to reboot. Cisco VPN is still working fine. I am using it now via a wireless connection to write this. Hope this helps any late adopters of Leopard like me.

ronzoni from new york/ NY /USA

I guess I'm having a different problem.
I can connect to my vpn ok, but then I lose access to the internet.

I see this in the terminal:
Encryption: 168-bit 3-DES
Authentication: HMAC-MD5
IP Compression: None
NAT passthrough is active on port UDP 4500
Local LAN Access is disabled

In the client, and in the profile LocalAccessEnabled is true, though.

Anyone have any suggestions?

I'm on 10.5.1 and cisco vpn 4.9.01 (0080)

Thanks!

Roger Mc Murtrie from Canberra/ACT/Australia

VPNClient.app Version 4.6.04 (0061)
on Intel Mac-mini
Same problem but can't fix.
It did work fine with 10.5.1 originally then started producing Error 51. Tried removing and reinstalling and repair permissions to no avail.

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart
produces:
Stopping Cisco Systems VPN Driver
kextunload: unload kext /System/Library/Extensions/CiscoVPN.kext failed
Starting Cisco Systems VPN Driver
extension /System/Library/Extensions/CiscoVPN.kext does not contain code for this architecture

which seems ridiculous as it worked with Tiger with occasional Error 51s then originally worked with Leopard 10.5.1

I'll see if I can get my administrator to provide the latest version of VPNClient.

Erik van der Neut from Cambridge, Massachusetts, USA

Brilliant! Made a fixvpn alias for this, and it worked like a charm on Leopard 10.5.1 :-) Thanks so much!

- Erik

Balrob from A Kiwi in Utah

To Roger McMurtrie,

your VPN client is very old - and I'm surprised it ran on 10.5.

You can pull down the 4.9.01 build from MacUpdate.com

cheers

Ben from CA

Thank You! This was exactly what i needed to do!

Tela from Washington DC

The above solutions have not worked for me but I found another fix that does work. I get this error all the time and this fix always works for me.

Access terminal and execute:

$ ifconfig -a

Enter password if prompted. Then execute:

$ sudo ifconfig fw0 down

You may have to execute the command twice. Not sure why. Launch VPN client again. It should work.

There is, apparently, a more permanent fix, but I'm a bit nervous to try it. I'm posting it for those of you that are more brave than I. Let me know if it works.

If you would like to have fw0 disabled on boot, do the following below:

$ sudo pico /System/Library/StartupItems/CiscoVPN/CiscoVPN

Then change the StartService() function to the following:


StartService ()
{
#disable fw0
/sbin/ifconfig fw0 down

if [ -d $CISCO_VPN_DIR ]; then
ConsoleMessage "Starting Cisco Systems VPN Driver"
kextload $CISCO_VPN_DIR
fi
}

Evan McClure from Sunnyvale, CA

This only occurred for me after I ran a software update yesterday. I'm running 10.5.1.

I fixed my issue with a combination of both of the most used methods above: verifying the permissions in the disk utility, and then reloading the driver.

I'm sure that a verify permissions, followed by a reload would do the same thing.

Andre from

Cisco really needs to get their act together. Restarting my computer is not something I want to spend my time doing, since I usually put my computer to sleep. Also, it would seem that Cisco is unable to respect conventions of not putting startup items /System/Library/StartupItems. It should be in /Library/StartupItems.

johnny0 from

I'd also like to see the icon change if I'm connected, but this is probably past the capabilities of the Cisco VPN group. If it weren't based on the Unix build we'd probably not even have a client for the Mac...

Jim Reardon from Madison, WI

Have been getting "Error 51" since upgrading to 10.4. None of the above fixes worked. Trying to run 4.9.01.0080 on a 1.33 GHz PowerPC G4 with 10.4.6, connected to the internet via AirPort. Hmmm--maybe it's the AirPort...

Jack from Palo Alto, CA

Thanks for the tip! It worked perfectly for me! :-)

Miguel Miranda from

Worked like a charm! thanks mate!

Hal from Washington hghts, NY, NY

It worked! You Rock!

Alfonso Mateos from Madrid / Spain / Europe

Thanks a lot, that sudo command worked for me :-)
Anyway, I'm surprised that in January 2008 this issue remains the same... Cisco should really take care of this.

Vince from Chile

Thanks Tela, it worked for me!

Luke from

Thank you very much!!

bob from sf ca

./CiscoVPN restart

worked for me too!

Casey Woods from Calgary, AB

Thanks! Resolved my issue on 10.5.2 using 4.9.01.0100

Jeff from Champaign IL

i had the same problem and was able to get around it by disabling the Firewire port in the network preferences.

mpeg2tom from LA

Yep, it worked for Cisco 4.9.01 on OS X 10.5.2 MacBook Intel

Michael from Horsham PA

We've been on tech support with Cisco for weeks on this. They provided the sudo ifconfig fw0 down command and that is the only thing that fixed this issue. We have the latest VPN client and are running 10.5.2

Strangely this problem pretty much is non-existent if I am on wireless, just wired.

Paul from Mesa Arizona

Thanks! Worked great! The Cisco VPN is crappy software. Why would I want to route all of my network traffic through work anyway? How stupid is this?

Does anyone have instructions on how to use Mac's embedded VPN to talk with a site that uses Cisco VPN and SecureID tokens?

rlmorel from MA

Hi Everyone,
The infamous Error 51 has reared it's head on my laptop running Leopard multiple times. It has ALWAYS been fixed by going into Internet Sharing and making sure that ALL ports are UNCHECKED! Then, once they are all unchecked, disable Internet Sharing and you are good to go.

There are three things to know:
1.) You need to ENABLE Internet Sharing to uncheck the ports. Then you can then DISABLE it again.

2.) For some reason, after upgrades or for no reason whatsoever, my Firewire port will get rechecked. Don't know why. It makes no difference if you have Internet Sharing enabled or disabled, if anything is checked, Cisco VPN simply will not work and will give you the "Error 51:Unable to Connect with the VPN Subsystem..."

3.) Even if you disable the blasted ports...they seem to switch right back on sometimes. You can check before exiting the preferences by simply highlighting some other sharing option then re-highlighting the Internet Sharing option. Last night I got an email from a user with this Error problem, so in the process of making some screenshots, I encountered this "sticky" setting. Just wow...what are the odds? I would uncheck it, exit preferences, then go back in and some danged port would be re-checked again. I rebuild disk permissions and rebooted, the problem went away and I was able to uncheck the Internet Sharing over Firewire port option and everything worked fine.

Eduardo Penedos from Lisbon

HI Guys,
The best advice is to download the last version of the software in macupdate if you really want to work with 10.5 (Leopard).
I had that problem that tried most of the advises posted here. None of them worked at all. I got the last version and imported the .pcf file and .. Voila it's working.

Eduardo

P.J. Hinton from Indianapolis/IN/USA

Found this page while trying to search for solutions to error message addressed in this post. It worked as described. Thanks for posting this!

--
P.J.

Craig from Sterling/VA/USA

Worked great for me. Thanks for the tip!

Jeremy Ricketts from Pasadena, CA USA

Just found this page. Worked great. THANK YOU!

MN from Cville from Cville

Awesome little hack...solved this annoying problem in a cinch. Thank you!

Adam Shand from Wellington, New Zealand

I've got my own blog post which slightly different instructions here if it's of any help to people.

http://adam.shand.net/iki/2008/howto_repair_the_cisco_vpn_client/

It's great to see all the suggestions here as well, thanks!
Adam.

Harald Walker from Almere / The Netherlands

Thank you for the post. It worked (on 10.5.3). Saves a lot of time and frustration.

t from The World

Another thing to check - make sure you do not have multiple network interfaces active. For example, if you are using a wired connection, then disable your wireless connection using "Turn AirPort Off".

Then restart CiscoVPN as above, and it may work.

Josh Golden from Lincoln, CA

I thought I tried every supposed fix out there, then I found this..... Dude, you are THE MAN!!

Allan from

Thanks -- brilliant, that fixed it. Thanks so much for your post!!

Miguel from Utah

Thank you so much for this fix.
You're the man!!!

Tony from VA

I was losing my mind until I found your fix. Thanks!

Mario from Pennsylvania

Thanks for the tip...
Worked like a charm
THAN YOU!!!

Enzo from http://tweaklearning.wordpress.com

works like a charm.. thanks!

Dave from Ottawa, Canada

Brilliant! Thank you so much

btn from San Jose / CA / US

This solution fixed the problem after I upgraded to 10.5.3. Thanks!

iWeasel from Kent, UK

Worked first time. Thanks. Help appreciated.

Julian from KL

Just upgraded to Leopard 10.5.3 from 10.5.2. Broke my Cisco VPN client 4.9.01.0100 which was working fine in 10.5.2. Tried your suggestion of restarting the Cisco VPN from terminal and it worked. Thanks man !

ray haleblian from Vancouver

thank you for posting this - it actually led me to find this StartupItem was missing, so I was able to restore it with TC and get running again.

Amarand from Columbus, OH

After upgrading to 10.5.3 (Intel MacBook) from 10.5.2, started receiving these Area 51 errors (CiscoVPN 4.9.01.0100, only version installed, clean) and through the magic of Google, found this page, and your suggestion worked perfectly. Thank you!

Cristi from Bucharest, Romania

Whew, that saved my day, or night so to say. Great tip!

Grant from Melbourne, Australia

Thank you. Fixed on OS X 10.5.3 with VPN Client 4.9.01 (100).

swoodie from berkeley

thank you! very useful.

hywel from nh

Worked perfectly!! Thanks!!

Berthor from Chicago

wow, I'm glad I googled and found your site. thanks for the info, worked right away.

Mitch from Toronto

Brilliant! Thanks - confounded my IT department

JD from San Francisco

thank you mr. awesome

eru from

sweetness!

Ben from Chicago

Thank you! Now I don't have to go into the office on the weekend. :^)

Kevin from Santa Barbara, CA

I did this and it worked, but now my Remote Desktop connection will not connect. Not sure what to do now.

Daniel Gauthier from Missoula

Cisco VPN
Error 51: unable to communicate with VPN subsystem
My Windows Fix...
Close any cisco vpn processes in control alt delete, Go to start, go to run, type in "services.msc", turn off "wireless zero configuration", restart "cisco systems, inc VPN service", turn "wireless zero configuration" back on.

Nathan from Medford, WI

Hi eveyone, this is by far the most knowledgeable set of posts about Cisco VPN on OS X, and I'm hoping you can provide me with some suggestions on running a Cisco VPN on OS X.

I've thankfully not had any of the problems noted in this blog post. I have full access to our internal network, web browsing etc. However, I'm trying to run Oracle's jDeveloper (and the embedded OC4J) from home while connected to the VPN, and not having much luck.

The OC4J is acting as a "provider" for the Oracle Portal Shell that runs on our internal network, and that machine is not able to send messages to my Mac. I'm giving the Cient IP address provided in the Cisco VPN --> Status --> Statistics to both the Oracle Portal to "register" the provider, as well as to the OC4J instance running inside of jDeveloper. But no luck; my gut is telling me that the traffic on that Client IP address is not getting to/from my MacBook. Does anyone have any ideas?

I'm running on a NetGear wireless router, which I guess could also be causing problems? Anyways, any help at is greatly appreciated.

Daniel Gauthier from Missoula MT 59808

I encountered another cause of this problem. A Virus protection program (bit defender) was blocking the VPN client. I had to turn off the program's firewall and then run my fix posted above. I then allowed the VPN client in bit defender and the problem went away.