Simon has some great information here. He says “The password issue can be solved by adding ”/usr/libexec/configd” to the list of applications that are allowed to access the keychain entries.”
This kernel extension if it is on your mac will probably cause a kernel panic in 10.6.
com.cisco.nke.ipsec 2.0.1
As I documented on this page earlier only AnyConnect is compatible with 10.6. The older Mac Cisco software should not be used or it will panic. Cisco has no plans to update that software. You can read someone who did some troubleshooting and traced the problem to the installation of the Cisco VPN client here. In addition this page has more resources about troubleshooting Cisco VPN with 10.6 or Snow Leopard.
From this Cisco document.
1. Easiest – I disabled the option for (Stateful Firewall) on a few clients and so far it has worked. I have some users that even have the problem while on a VPN connection over a Pix 501 configured with the Easy VPN. Thanks rbostwick!
2. Little more time consuming – vpnclient.ini change this:
StatefulFirewallAllowICMP 0
to
StatefulFirewallAllowICMP 1
This is an annoying issue isn’t it? Here is a possible fix found in the Apple forum: (Thanks B. Wilson)
Actually the problem is solved by changing a setting on the VPN
concentrator that allows the user to save their password on the client.
Apple didn’t obey this security setting on the Cisco end until 3.0.
So it appears we just need to change some setting on the ASA to get it to
allow the user to save their password.
According to this link:
http://www.ciscofinancing.com/en/US/docs/security/asa/asa72/asdm52/selected_procedures/asdm5505.html
Search for this “Group Policy and User Attributes Pushed to the Client”
the value that needs changed is this:
Client Configuration > Cisco Client Parameters
Store Password on Client System
Lets the VPN user save a password in the user profile.
The built in client has several limitations (see this webpage) and you might be better served by using the Cisco AnyConnect client.