Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Blackberry Bold VPN to PIX

Anyone have any idea how to set this up? It asks for me group name and password which I have but it also requests another set of credentials which I'm not sure what is at all.

sysopt connection permit-ipsec

crypto ipsec transform-set chevelle esp-des esp-md5-hmac

crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map cisco 1 set transform-set myset

crypto map transam 1 ipsec-isakmp

crypto map dyn-map 20 ipsec-isakmp dynamic cisco

crypto map dyn-map interface outside

isakmp enable outside

isakmp key ******** address netmask

isakmp identity address

isakmp nat-traversal 20

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption des

isakmp policy 1 hash md5

isakmp policy 1 group 1

isakmp policy 1 lifetime 1000

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption aes-256

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup rockvpn address-pool vpnpool1

vpngroup rockvpn dns-server

vpngroup rockvpn default-domain

vpngroup rockvpn split-tunnel 102

vpngroup rockvpn idle-time 1800

vpngroup rockvpn password ********


Re: Blackberry Bold VPN to PIX

It's asking you for phase 1 authentication, then username and password. From your config - you have not configured local or external authentication.

I suggest you do this - a good source of config examples below:-


New Member

Re: Blackberry Bold VPN to PIX

Can you be a little more specific? There are about 50 articles in that link.

What I dont understand is that i only use the group authentication when connecting my notebook with cisco vpn client, i think you referred to it as phase 1 authentication. Shouldnt that me enough?

Re: Blackberry Bold VPN to PIX

Ideally for strong authentication you should use group ID & password and username and password.

If you are only using group id, then you should check the config settings on the VPN client on the Blackberry - the issue is not on the VPN concentrator.

New Member

Re: Blackberry Bold VPN to PIX

The blackberry doesnt give you the option to turn one or the other off. See the attachment.

Re: Blackberry Bold VPN to PIX

Disable "extended authentication" and re-test.

New Member

Re: Blackberry Bold VPN to PIX

Requests credentials and gives error in background. see attachment.

Re: Blackberry Bold VPN to PIX

Then not only do you have to configure a group ID and password you will also have to configure a username and password for the VPN profile for the Blackberry VPN to work.


New Member

Re: Blackberry Bold VPN to PIX

Can you post a link directly to the article with exactly how to do that?

Re: Blackberry Bold VPN to PIX

Sorry fopr the late reply, been busy....configure:-

crypto map dyn-map client authentication LOCAL

username <> password <> privilege 1

And use the username and password for the extended auth requirements on the Blackberry.


New Member

Re: Blackberry Bold VPN to PIX

Still not working. Added the commands to the pix and then set those credentials in the blackberry and gives "Error - missing credentials" but the credentials are there.

Should i enable some sort of debug on the pix? Which would it be?

Re: Blackberry Bold VPN to PIX

Then I would say again, the issue is not with the pix but the software on the blackberry, I suggest you read the blackberry documentation.

New Member

Re: Blackberry Bold VPN to PIX

I finally managed to get the Blackberry to communicate with the PIX. After enabling some debugs I was able to gather some information but cannot decipher. Please see the attach text for debugs and see if you can help me out. Thanks