11-10-2008 05:30 PM
Anyone have any idea how to set this up? It asks for me group name and password which I have but it also requests another set of credentials which I'm not sure what is at all.
sysopt connection permit-ipsec
crypto ipsec transform-set chevelle esp-des esp-md5-hmac
crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map cisco 1 set transform-set myset
crypto map transam 1 ipsec-isakmp
crypto map dyn-map 20 ipsec-isakmp dynamic cisco
crypto map dyn-map interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp nat-traversal 20
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption aes-256
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup rockvpn address-pool vpnpool1
vpngroup rockvpn dns-server 10.16.10.25
vpngroup rockvpn default-domain mydomain.com
vpngroup rockvpn split-tunnel 102
vpngroup rockvpn idle-time 1800
vpngroup rockvpn password ********
11-11-2008 06:15 AM
It's asking you for phase 1 authentication, then username and password. From your config - you have not configured local or external authentication.
I suggest you do this - a good source of config examples below:-
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
HTH>
11-11-2008 08:22 AM
Can you be a little more specific? There are about 50 articles in that link.
What I dont understand is that i only use the group authentication when connecting my notebook with cisco vpn client, i think you referred to it as phase 1 authentication. Shouldnt that me enough?
11-11-2008 08:26 AM
Ideally for strong authentication you should use group ID & password and username and password.
If you are only using group id, then you should check the config settings on the VPN client on the Blackberry - the issue is not on the VPN concentrator.
11-11-2008 09:03 AM
11-11-2008 09:05 AM
Disable "extended authentication" and re-test.
11-11-2008 11:43 AM
11-11-2008 03:12 PM
Then not only do you have to configure a group ID and password you will also have to configure a username and password for the VPN profile for the Blackberry VPN to work.
HTH>
11-11-2008 07:44 PM
Can you post a link directly to the article with exactly how to do that?
11-12-2008 11:45 AM
Sorry fopr the late reply, been busy....configure:-
crypto map dyn-map client authentication LOCAL
username <
And use the username and password for the extended auth requirements on the Blackberry.
HTH>
11-12-2008 12:40 PM
Still not working. Added the commands to the pix and then set those credentials in the blackberry and gives "Error - missing credentials" but the credentials are there.
Should i enable some sort of debug on the pix? Which would it be?
11-13-2008 03:39 AM
Then I would say again, the issue is not with the pix but the software on the blackberry, I suggest you read the blackberry documentation.
11-13-2008 06:20 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: