Saturday, June 9, 2012

Working Cisco AnyConnect, CISCO IP Communicator on VMWare on MAC OSX LION Host, WINDOWS 7 Guest using broadband datacard

This one was probably one of the most challenging ones i have faced so far.. I am not a networking expert by any sorts but this issue specifically has taught me stuff i don't wanna even know..

I hope people reading this post will find it useful to help them in following situations:

  1. If you run VMWare or Parallels on a host MAC OSX machine and have trouble running CISCO AnyConnect VPN on the guest WINDOWS 7/Vista/XP etc. connected via a broadband data card (which only support VPN via PPP as detailed in my previous post).
  2. Since there is no CISCO IP Communicator for MAC, this is probably your last option to have CISCO IP Communicator run on a MAC OSX machine via the guest WINDOWS operating system after connecting through VPN to your corporate network.
  3. The other party can't hear you via CISCO IP Communicator (the whole debate around NAT Vs. BRIDGED connections in VMWARE/Parallels)
So how did i end up writing this.. Well recently got a ATT datacard and had to struggle through to get CISCO AnyConnect VPN working on MAC OSX (LION). My previous post details out how to get that working. Now once you get that working you still can't use your corporate IP phone (especially CISCO IP Phone) since they don't have a MAC OSX version even after promising it for several years. Don't know if its APPLE or CISCO but what ever..

So what are your options... I guess the only reasonable one is to run CISCO IP Communicator on the Windows guest operating system either using VMWARE or Parallels. Almost everyone who owns a MAC, has WINDOWS OS running on it for variety of reasons beyond this post..

Now for CISCO IP Communicator to run on the guest WINDOWS OS on host MAC OSX, you most probably need to connect via VPN to your corporate network. The challenges you face there are plenty.
  1. There is this whole issue of how VMWARE/Parallels uses the network connections i.e. NAT, Bridged or HOST. You will find several posts talking about that it works only in BRIDGED mode but the challenge with BRIDGED mode is that it only works with an ethernet/wifi adapter i.e. if you are connected via either one of them. So if you are using a USB modem or data card, you are pretty much out of luck.
  2. The biggest issue with NAT is that the person on the other side of IP Communicator can't hear you. There is some networking issue that i can't seem to understand.
  3. You can try various things like Internet Sharing in MAC OSX, and even then can't get the CISCO AnyConnect VPN to work. Believe me i tried and couldn't get it working.. 
  4. Any who..Your best bet is to figure out a way to get Cisco AnyConnect working on the guest WINDOWS OS and then connect the CISCO Ip Communicator. You will not have to deal with this BRIDGED/NAT BS either if you follow the steps below. 
So the steps that i followed to get this working are below:
  1. Connect your data card to MAC OSX the normal way and let it connect.
  2. Start VMWARE/Parallels and connect the network adapter in it so that you have internet access.
  3. The key to getting this working at least on WINDOWS 7 is the BFE (Base Filtering Engine) service. Somehow for me the service was altogether missing. I tried researching but no luck. Some noble soul had posted the registry settings to create the BFE entry and i am attaching it below.
  4. Once you run the registry file, it will create a BFE entry in the following location --> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
  5. You will now need to open regedit.exe as administrator and go to the above entry and modify the permissions of the BFE folder in the registry to allow full access to the user operating the HOST & GUEST. You can also try giving full access to "everyone" user.
  6. Now go to My Computer > Manage > Services and start the BFE service. It should start without any ACCESS DENIED errors if you have done step 5 above.
  7. Now start CISCO AnyConnect VPN and it will connect to your corporate network in a jiffy.
  8. You will still have the network adapter in VMWARE/Parallels connected and able to access the internet. If you need proxy, make changes accordingly.
  9. Start CISCO IP Communicator and that too will connect without issues. Make a test call to yourself just to make sure that you can hear both sides :)..
This is all you need to do to get this complicated stuff working. Its working for me.. Hope it does for you guys too... Happy calling!!

1 comment:

  1. Hi Nitesh, I am a new mac user. Facing similar issue with Airtel 4g dongle even after following above steps. BFE was present in my system. Made registry permission changes then restarted the service then tried VPN but no luck in guest internet (Windows) connection. Any suggestions? Thank you