For work, we use a Cisco VPN. Unfortunately the Cisco VPN client for the Mac is a piece of crap. The software looks awful and isn’t completely integrated into the OS. It gets quite confused if you switch networks without disconnecting; instead of it repairing the mess it made, it almost always requires a few restarts to get things going again. The problem is that it replaces /var/run/resolv.conf (/etc/resolv.conf is symlinked to it) with DNS for the VPN. So, if you disconnect properly, your original DNS settings are put back; if you don’t disconnect properly, then DNS gets wacky.
One of the killer features in Snow Leopard is Cisco VPN support. I’ve read reports of it not working for some depending on if their VPN is using UDP or TCP; it works fine for me. The one annoying problem was that it asked for my password about every 45 minutes which almost made me crazy. A colleague sent me a tip today which solves this.
While the VPN client supplied by Cisco gets confused with network changes, the one built into Snow Leopard seems to disconnect properly on network changes and doesn’t muck with /var/run/resolv.conf. The only issue I’ve found so far is that using a command line tool like “dig” doesn’t resolve DNS lookups properly for lookups that are in my work’s domain (we use split DNS). Other terminal tools such as SSH work fine, so this is just a minor inconvenience.