Anyone have any idea how to set this up? It asks for me group name and password which I have but it also requests another set of credentials which I'm not sure what is at all.
sysopt connection permit-ipsec
crypto ipsec transform-set chevelle esp-des esp-md5-hmac
crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map cisco 1 set transform-set myset
crypto map transam 1 ipsec-isakmp
crypto map dyn-map 20 ipsec-isakmp dynamic cisco
crypto map dyn-map interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp nat-traversal 20
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption aes-256
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup rockvpn address-pool vpnpool1
vpngroup rockvpn dns-server 10.16.10.25
vpngroup rockvpn default-domain mydomain.com
vpngroup rockvpn split-tunnel 102
vpngroup rockvpn idle-time 1800
vpngroup rockvpn password ********
It's asking you for phase 1 authentication, then username and password. From your config - you have not configured local or external authentication.
I suggest you do this - a good source of config examples below:-
Can you be a little more specific? There are about 50 articles in that link.
What I dont understand is that i only use the group authentication when connecting my notebook with cisco vpn client, i think you referred to it as phase 1 authentication. Shouldnt that me enough?
Ideally for strong authentication you should use group ID & password and username and password.
If you are only using group id, then you should check the config settings on the VPN client on the Blackberry - the issue is not on the VPN concentrator.
Then not only do you have to configure a group ID and password you will also have to configure a username and password for the VPN profile for the Blackberry VPN to work.
Sorry fopr the late reply, been busy....configure:-
crypto map dyn-map client authentication LOCAL
And use the username and password for the extended auth requirements on the Blackberry.
Still not working. Added the commands to the pix and then set those credentials in the blackberry and gives "Error - missing credentials" but the credentials are there.
Should i enable some sort of debug on the pix? Which would it be?
Then I would say again, the issue is not with the pix but the software on the blackberry, I suggest you read the blackberry documentation.