The new Parallels Desktop 3.0 for Mac is out! At first, everything looks great! Then I noticed my Cisco VPN Client v4.9 stopped working.

Error 51: Unable to communicate with the VPN subsystem. Please make sure that you have at least one network interface that is currently active and has an IP address and start this application again.

I tried uninstalling both the VPN client and Parallels, then reinstalling and everything worked until I rebooted. So, that wasn’t going to work. After doing a ton of digging around, I found this post that suggested a fix that works!

Bring up a terminal and execute an ifconfig -a:

$ ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
        inet 127.0.0.1 netmask 0xff000000 
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
vmnet8: flags=8862<BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 172.16.91.1 netmask 0xffffff00 broadcast 172.16.91.255
        ether 00:50:56:c0:00:08 
vmnet1: flags=8862<BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 172.16.197.1 netmask 0xffffff00 broadcast 172.16.197.255
        ether 00:50:56:c0:00:01 
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        ether 00:17:f2:cd:20:02 
        media: autoselect status: inactive
        supported media: autoselect 10baseT/UTP <half-duplex>
                10baseT/UTP vfull-duplex>
                10baseT/UTP <full-duplex,hw-loopback>
                10baseT/UTP <full-duplex,flow-control>
                100baseTX <half-duplex>
                100baseTX <full-duplex>
                100baseTX <full-duplex,hw-loopback>
                100baseTX <full-duplex,flow-control>
                1000baseT <full-duplex>
                1000baseT <full-duplex,hw-loopback>
                1000baseT <full-duplex,flow-control> none
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        tunnel inet  -->
        inet6 fe80::219:e3ff:fe06:93f0%en1 prefixlen 64 scopeid 0x7 
        inet 192.168.1.97 netmask 0xffffff00 broadcast 192.168.1.255
        ether 00:19:e3:06:93:f0 
        media: autoselect status: active
        supported media: autoselect
        vlan: 0 parent interface: <none>
        bond interfaces: <none>
wlt1: flags=41<UP,RUNNING> mtu 1500
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 2030
        inet 169.254.90.185 netmask 0xffff0000 broadcast 169.254.255.255
        lladdr 00:19:e3:ff:fe:69:37:c4 
        media: autoselect <full-duplex> status: inactive
        supported media: autoselect <full-duplexv
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::21c:42ff:fe00:0%en2 prefixlen 64 scopeid 0xa 
        inet 10.0.1.3 netmask 0xffffff00 broadcast 10.0.1.255
        ether 00:1c:42:00:00:00 
        media: autoselect status: active
        supported media: autoselect
en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::21c:42ff:fe00:1%en3 prefixlen 64 scopeid 0xb 
        inet 10.0.2.12 netmask 0xffffff00 broadcast 10.0.2.255
        ether 00:1c:42:00:00:01 
        media: autoselect status: active
        supported media: autoselect

Find the interface that starts with “fw”. In my case, mine is called “fw0″. Next, shut off the interface:

$ sudo ifconfig fw0 down

fw0′s flags will now be 8822 and now the Cisco VPN client should work!

But what happens if you reboot? Oops! The fw0 interface comes back on. Disable the interface when the Cisco VPN subsystem is started:

$ sudo pico /System/Library/StartupItems/CiscoVPN/CiscoVPN

Then change the StartService() function to look like this:

StartService ()
{
    #disable fw0
    /sbin/ifconfig fw0 down

    if [ -d $CISCO_VPN_DIR ]; then
        ConsoleMessage "Starting Cisco Systems VPN Driver"
        kextload $CISCO_VPN_DIR
    fi
}

Test with a quick reboot and everything should work!


48 Comments

  1. Hi
    this is great, but since I don’t usually get involved in using the Terminal, could you help me out with the “for dummies” version. As in how do we make sure we put the right stuff in the right place using Pico and how do we save it as an overwrite of the existing file?
    That would really help.
    Thanks in advance

    Comment by Ron Pelley — June 15, 2007 @ 7:07 pm

  2. Using Pico is pretty simple. Double click the Macintosh HD and navigate to:

    Applications > Utilities > Terminal

    Launch the terminal and type the following at the command prompt:

    sudo pico /System/Library/StartupItems/CiscoVPN/CiscoVPN

    In order to edit the startup script, you must have super user access. The sudo command will allow you to run a command as the super user. Just type your password in when it prompts for the password and then Pico will launch:

    Find the StartService() function and add the bolded text:

    StartService ()
    {
        #disable fw0
        /sbin/ifconfig fw0 down
    
        if [ -d $CISCO_VPN_DIR ]; then
            ConsoleMessage "Starting Cisco Systems VPN Driver"
            kextload $CISCO_VPN_DIR
        fi
    }
    

    Remember, your interface may be called something other than fw0 such as fw1. Press CTRL-X when you are finished and it Pico will prompt you to save:

    Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ?                                                                
     Y Yes
     N No           ^C Cancel

    Press “Y” to save and you should be good to go. Give your box a quick reboot and just make sure that everything works.

    Comment by Chris Barber — June 15, 2007 @ 8:30 pm

  3. Well, that was quick. Thanks so much. I edited it as you suggested. There was one extra step at the end which seemed to invite me to rename the file, but I just hit return and it saved. I restarted, the file looks like it should (I think the formatting is a little different, as the #disable fw0 is not indented) and the VPN still comes up OK. However, when I do an ifconfig -a I see that FW0 is still there and has an IP address. What’s up with that?

    Comment by Ron Pelley — June 15, 2007 @ 10:06 pm

  4. When you run ifconfig, just make sure that the fw0‘s flags = 8822:

    fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 2030
            inet 169.254.107.94 netmask 0xffff0000 broadcast 169.254.255.255
            lladdr 00:19:e3:ff:fe:69:37:c4 
            media: autoselect <full-duplex> status: inactive
            supported media: autoselect <full-duplex>

    Comment by Chris Barber — June 15, 2007 @ 11:01 pm

  5. fw:0 flags=8822

    So I gues I’m all set.
    Thanks

    Comment by Ron Pelley — June 15, 2007 @ 11:15 pm

  6. Thankyou very much for this fix, was doing my head in.

    Comment by Geoff Smyth — June 17, 2007 @ 11:18 am

  7. Hi,
    I just wanted to thank you for this detailed blog. It was very easy to follow and allowed me to upgrade to 3.0 without a hitch.
    Greg

    Comment by Greg — June 18, 2007 @ 7:16 pm

  8. I am still not able to get this to work. What are your network settings in Parallels? I am using Bridge mode, but I have tried the others. Thanks!

    Comment by Michael Hyatt — June 19, 2007 @ 2:00 pm

  9. I personally do shared networking because I want to be able to have my Mac talk to my VMs and vice versa when I don’t have Internet access.

    I have run bridge mode, but that was before I installed Parallels 3.0.

    Comment by Chris Barber — June 19, 2007 @ 2:36 pm

  10. IIRC fw0 is the firewire port. So does it work just to turn off the firewire port in your network preferences panel? That should survive reboots just fine.

    I can’t test this since I don’t have 3.0 installed yet.

    Comment by Dan Brotsky — June 19, 2007 @ 5:41 pm

  11. The same thought crossed my mind. I did create a new Location with the firewire port and my modem disabled, but it didn’t fix the problem. I didn’t try just disabling firewire port for the “automatic” location. Give it a try and see what happens, then let everybody know how it turned out.

    Comment by Chris Barber — June 19, 2007 @ 6:21 pm

  12. Disabling the FireWire port for networking when installing Parallels seems to work. After experiencing the “Error 51″ problem, I:

    1. Uninstalled Parallels (VM files are kept, so no worries there.)
    2. Disabled FireWire port in Networking prefs
    3. Verified that VPN was working again
    4. Re-installed Parallels
    5. Restarted, just to make sure everything would stick

    I’m back up and running VPN and Parallels, without having to muck around in the config files. For me, turning the FireWire port off while Parallels is installed did the trick.

    FWIW: I did turn the FireWire networking back on and things are still working fine.

    Comment by Rich Evers — June 20, 2007 @ 2:11 am

  13. This didn’t work for me.

    Comment by Nithin — July 12, 2007 @ 7:55 am

  14. It worked!

    Comment by Nithin — July 12, 2007 @ 8:07 am

  15. The steps from Rich did not work (i.e. uninstalling parallels, disabling firewire, and then reinstalling). However, the steps in Chris’ blog article worked wonderfully.

    Comment by Nithin — July 12, 2007 @ 8:13 am

  16. Thanks for one of the best tips I’ve run across in awhile…worked like a charm.

    Comment by Anonymous — July 12, 2007 @ 11:26 pm

  17. Boom. Working, just wanted to thank you for the great discovery. I boggled on this
    for at least a day. never would have thought fw0 interface was what broke it.

    Comment by l0rdr0ck — July 21, 2007 @ 2:12 am

  18. Thanks for the discovery and the write up.

    Comment by Joannou Ng — July 21, 2007 @ 8:22 pm

  19. Open Finder for your HD – then navigate to System->Library->StartupItems->CiscoVPN.

    The CiscoVPN startup script should be there – single click on it – then select Open With – use TextEdit (or any other GUI editor you want to use) and edit the script as shown above (you can copy and paste the above change into the file).

    Save the file and you should be all set!

    Comment by Anonymous — July 27, 2007 @ 6:24 pm

  20. Hi, I do not use parallels, in fact I am still using a G4 powerbook. but I got the same errors, and I did what you suggested here (I modified the file as shown here with Pico) and then I never got the 51 errors for about a week or so. Now the error came back, when when I check, the fw0 interface is mapped to 8822, not 8863 as before.

    What else can I do now???

    Comment by Anonymous — August 17, 2007 @ 12:45 pm

  21. Thanks, I will try to reinstall the VPN, but for now I found this work around:

    $ sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

    Comment by Anonymous — August 21, 2007 @ 8:03 am

  22. Dude – you nailed it. Excellent work – Thanks.

    Comment by Tech Wizard — August 22, 2007 @ 2:02 am

  23. Can you reinstall the VPN client? Has your configuration changed recently that would cause this to break?

    Comment by Chris Barber — August 17, 2007 @ 9:31 pm

  24. Thank you ever so much – this has been bugging me for ages!

    Comment by Tim — September 5, 2007 @ 7:07 pm

  25. This is an excellent tip!

    I don’t run parallels, nor do I have any other of the configurations that are commonly being listed in the forums as possible causes for this error. But I still couldn’t run Cisco VPN client (any version up to 4.9.01 (0080)) no matter what I tried. The infamous Error 51 kept popping up.

    This tip fixed it. Thank you so much!

    Mark

    PS: for the PICO challenged: if you happen to have BBEdit: just type
    sudo bbedit /System/Library/StartupItems/CiscoVPN/CiscoVPN
    in the terminal to open the file in BBEdit.

    Comment by Mark — September 18, 2007 @ 9:52 am

  26. I run 2 macs on a network and the VPN error was affecting the intel mac, not the g4. This fixed the VPN client on the intel mac. Thanks a million!

    Comment by John — September 18, 2007 @ 5:45 pm

  27. thanks a lot … works like charm

    Comment by Fifteen — September 25, 2007 @ 10:41 am

  28. Hi,
    I wish it worked for me, but using sudo ifconfig fw0 down on Leopard it is not bringing fw0 down:

    fw0: flags=8802 mtu 2030
    lladdr 00:16:cb:ff:fe:68:5d:cc
    media: autoselect status: inactive
    supported media: autoselect

    en1: flags=8863 mtu 1500
    inet6 fe80::217:f2ff:fe4c:e095%en1 prefixlen 64 scopeid 0×6
    inet 192.168.11.7 netmask 0xffffff00 broadcast 192.168.11.255
    ether 00:17:f2:4c:e0:95
    media: autoselect status: active
    supported media: autosele …. etc

    so, as you can see flags=8802 and not 8822, any idea why?

    thanks !!!

    paul

    Comment by paul — October 31, 2007 @ 5:29 am

  29. This method works for me. Perhaps your fw0 is actually fw1? I’m using 4.9.01.0030. You can try downloading 4.9.01.0080 from http://www.macupdate.com/info.php/id/10317.

    Comment by Chris Barber — October 31, 2007 @ 6:00 am

  30. The 4.9.01 (0080) client stopped working when I switched to Leopard, even after reinstalling. Your post helped me to find the solution. All I had to do was to disable the Firewire interface as network interface in my Network preferences.

    Comment by Harald Walker — October 31, 2007 @ 7:11 pm

  31. Thankyou, quick and easy fix worked for me also.

    Comment by Anonymous — December 29, 2007 @ 1:10 am

  32. This fix allows me to launch the client.. BUT I need the FW port to network in another Mac.. what do I do about that??

    Comment by Mike — March 4, 2008 @ 11:46 pm

  33. Can you re-enable firewire after you’ve VPN’d in?

    sudo ifconfig fw0 up
    

    Comment by Chris Barber — March 5, 2008 @ 4:35 pm

  34. Hi guys, I have followed the whole post step by step, downed fw0 etc… Still not working. I am running X.5 as well as Parallel Desktop… Any one else having the same issue under x.5? Any ideas?

    Comment by Billy — April 11, 2008 @ 2:49 am

  35. The fix above never worked properly for me but I did solve the problem in a different way.

    http://www.astrangeweb.net/2008/04/24/problem-solved/

    Comment by Anonymous — April 24, 2008 @ 12:37 pm

  36. Hi there,

    It worked… The trick was to have the latest version of VPN client http://www.macupdate.com/info.php/id/10317 as well as following the steps. I work for an University department, and not only were the IT department not supplying me with the correct version of the VPN client they also didn’t have any clue about how to resolve issues with Mac OS… Considering there are over 1500+ Mac in the university environment… Really unfortunate. Well, I can say I know more than they now! :)

    Comment by Billy — April 25, 2008 @ 3:08 am

  37. Very good! Here is my bookmark of this post! http://www.searchallinone.com/Other/Fixing_Cisco_VPN_Client_4-9_With_Parallels_Desktop_3-0_on_Mac_OS_X__CB1_INC-/

    Comment by Joan S Jones — May 12, 2008 @ 11:19 pm

  38. Not running parallels yet I had this issue on a rogers network from Canada.

    The above steps worked for me, but I had to make sure I ran:

    $ sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

    I’m guessing it’s because it cahces the old driver settings, so if you make the above changes via pico, you have to force your os to pick it up. Hope this helps someone else out.

    I had incompatibility!

    Comment by Oliver — June 3, 2008 @ 6:51 am

  39. I’ve had mysterious problems: when working at home, I could not reach most of the web sites. Google worked, but that was about it.
    Working in the office, I had no problems. Also, I got the pop-up you mention in your story.
    I have reinstalled (fresh install) Leopard, but the problem came back.
    I got the feeling it had something to do with Cisco VPN and/or VMWare Fusion. It turned out my feeling was right. After applying your fix, everything turned back to normal.

    Thank you very much!

    Comment by pinx — June 11, 2008 @ 7:48 am

  40. 1. install your corporate cisco VPN (you need your company’s profiles)
    We have version vpnclient-darwin-4.9.00.0050

    2. upgrade cisco VPN version vpnclient-darwin-4.9.01.0100-universal-k9 from here:
    http://www.macupdate.com/info.php/id/10317

    3. All should work

    4. My configuration:

    System Version: Mac OS X 10.5.4 (9E17)
    Kernel Version: Darwin 9.4.0

    Enjoy!
    - Emma

    Comment by Anonymous — August 3, 2008 @ 9:51 am

  41. We have been covering similar issues in our cisco training materials. A hands on video tutorial can give you the insights in a few minutes.

    Comment by cisco training — September 18, 2008 @ 3:08 pm

  42. I’ve found that Remote Management and/or Back to My Mac will not run with the latest Cisco clilent. Will the above fix resolve this or are the two issues not related?

    Comment by Fred — October 26, 2008 @ 1:43 pm

  43. I’ve found that Back to My Mac and/or Remote Management will not work with the latest Cisco VPN client for Mac. Will the fix mentioned here resolve that or are the two issues not related? The error message is the same and if you turn off Remote Management, the Cisco client connects fine.

    Comment by Fred — October 26, 2008 @ 1:45 pm

  44. I don’t know for sure since I don’t use either of those, but you could try it and if it doesn’t work, just reverse the changes. I’m curious if it works and encourage you to post your findings!

    Comment by Chris Barber — October 26, 2008 @ 6:06 pm

  45. Hi,
    forget the Cisco client, I got it never to run:
    This works under 10.4.11 and Parallels 3.0 (5584), firewire ports inactive (I had a connection with the Cisco client but no access to anything):

    Download vpnc :
    sudo port install vpnc

    Get rid of the openssl error message:
    sudo port -vunf upgrade vpnc +hybrid_cert

    Configure the startup file:
    cd /opt/local/etc/vpnc
    sudo vi default.conf
    insert all VPN variables in this file at the respective places
    erase the IXP Authorization line (at least for my setup)

    Download tuntap: http://tuntaposx.sourceforge.net/download.xhtml
    Install the package after unzipping with “tar -xvfz tuntap_versionnumber.tar.gz

    Then start connection with following commandline:
    sudo vpnc –natt-mode force-natt –dpd-idle 0

    disconnect with
    sudo vpnc-disconnect

    Hope, this helps someone.
    Cheers
    Pelusa

    Comment by Pelusa — November 21, 2008 @ 9:45 am

  46. This is what helped me when I had this problem:

    http://forum.maas360.com/go/mobileitexpertise/fix-for-cisco-vpn-error-51-unable-to-communicate-with-the-vpn-subsystem/

    Comment by B Campbell — September 3, 2010 @ 9:40 am

  47. Just wanted to say that years after this post was first written, you have been a life saver. thank you!!!!

    Comment by Julia — October 9, 2012 @ 1:26 am

  48. I think this is one of the most significant information for me.
    And i’m glad reading your article. But should remark on some general things, The site style is wonderful, the articles is really nice : D. Good job, cheers

    Comment by click here — July 8, 2013 @ 5:14 am

RSS feed for comments on this post. TrackBack URL

Sorry, the comment form is closed at this time.