Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

fail to established ipsec with Blackberry playbook

ASA fail to established connection with Blackberry Playbook, but when using Cisco client to test the connection established....pls help...Thanks in advance... The playbook error is " Failed to established connection. (Timeout)".

Logs when connecting through playbook...and the configuration....

ip local pool Playbook_pool 192.168.104.220-192.168.104.225 mask 255.255.255.0

access-list nonat extended permit ip 192.168.110.0 255.255.255.0 192.168.104.0 255.255.255.0

access-list nonat extended permit ip 192.168.100.0 255.255.255.0 192.168.104.0 255.255.255.0

access-list nonat extended permit ip 192.168.101.0 255.255.255.0 192.168.104.0 255.255.255.0

access-list nonat extended permit ip 192.168.111.0 255.255.255.0 192.168.104.0 255.255.255.0

access-list nonat extended permit ip 10.10.21.0 255.255.255.0 192.168.104.0 255.255.255.0

group-policy playbook_vpn_group internal

group-policy playbook_vpn_group attributes

vpn-idle-timeout 30

vpn-session-timeout 480

vpn-tunnel-protocol IPSec

ipsec-udp enable

tunnel-group playbook_users_group type remote-access

tunnel-group playbook_users_group general-attributes

address-pool Playbook_pool

authentication-server-group SecurID

default-group-policy playbook_vpn_group

tunnel-group playbook_users_group ipsec-attributes

pre-shared-key *

crypto ipsec transform-set AES_SHA esp-aes esp-sha-hmac

crypto dynamic-map PlayBookusers 2 set transform-set AES_SHA

crypto dynamic-map PlayBookusers 2 set security-association lifetime seconds 28800

crypto dynamic-map PlayBookusers 2 set security-association lifetime kilobytes 4608000

crypto map q9OutsideMap 45 ipsec-isakmp dynamic PlayBookusers

crypto isakmp policy 45

authentication pre-share

encryption aes

hash sha

group 5

lifetime 28800

BLACKBERRY PLAYBOOK CONFIG:

profile: profile1

server address: outside IP address

gateway type: Cisco asa

authentication type: XAUTH-PSK

group username: playbook_users_group

group pwd: shared key as same as in asa tunnel-group

username: username

pwd: rsa secure ID

automatically detrmine ip: checked

automatically determine DNS: checked

IKE DH Group: 2

IKE Cipher: Aes (128-bit-key)

IKE Hash: SHA1

IKE PRF: HMAC

IPSec DH Group: 2

IPSec Cipher: AES(128-bit-key)

IPSec Hash: SHA1

IKE lifetime(seconds): 28800

IPSec lifetime(seconds): 3600

NAT keepalive(seconds): 30

DPD frequesncy(seconds): 240

Disable banner: checked

use HTTP proxy: unchecked

Everyone's tags (6)
901
Views
0
Helpful
0
Replies
CreatePlease login to create content