cancel
Showing results for 
Search instead for 
Did you mean: 
bperez
Level 10
Report Inappropriate Content
Message 1 of 4

How to create a VPN with EFW 8.0.1 and a Blackberry Secure Computing Sidewinder client.

I need to create vpn from blackberry users, i see in the VPN configuration of the smartphine, does exist SC Sidewinder VPN Client, but i can´t make link with the remote VPN concentrator. environment:

Mcafee Enterprise Firewall 8.0.1

Blackberry 8520 Nextel

The VPN definition is the following:

Machine generated alternative text: VPN Delinitions: VPN Properties Remote Authentication Local Authentication Crypto Advanced Name: Blackberrys Mode: Fixed IP IKE version: ‘ vi r V2 Encapsulation: ( Tunnel r Transport Enabled: (‘ Yes r No Client address pool: [IE Zone: Internal Local Local IP: luse Localhost IP J Ic’catii:ih Remote Remote IP: 1192.168.100.50 Remote Network/IP J Comments: OK Cancel Help 13? Local Network! IP: New ModiFy Delete rew ModiFy Delete

Screen clipping taken: 17/05/2011 01:37 p.m.

Machine generated alternative text: VPN Definitions: VPN Properties General RemOteAuthentiCati0fli Local Authentication Crypto ¡ Advanced Remote Authentication Method: IXAUTH + Password z] Enter remote password: I Verily remote password: I Generate... Generates a strong password visible in a popup window. Remote Identity: r Gateway IP address (192.168.100.50) ( Select one or more remote IDs From list: V Blackberry 5napgear 5napgear Mexico Remote Identities... OK Cancel Help

Screen clipping taken: 17/05/2011 01:37 p.m.

Machine generated alternative text: VPN Definitions: VPN Properties General Remote Authentication [Local Authentication ii Crypto Advanced Local Authentication Method: IPassword Enter local password: Verify local password: I Generate,. Generates a strong password visible in a popup window. Local Identity type: iP Address 21 Local Identity value: locaihost OK Cancel Help

Screen clipping taken: 17/05/2011 01:37 p.m.

Machine generated alternative text: jjjDefinitioris: VPN Properties General Remote Authentication Local Authentication icrypto fi Advanced IPSEC encryption algorithms: IPSEC authentication algorithms: b aes25ó sha25ó b aesl28 sha384 ‘ castl28 sha5l2 ‘ 3des b shal ‘ðdes v’md5 null OK Cancel Help

Screen clipping taken: 17/05/2011 01:37 p.m.

Machine generated alternative text: VPN Definitions: YPH Properties n General Remote Authentication Local Authentication Crypto [Advanced i Internet Key Exchange (IKE) IKE vi exchange type: ( Main r Aggressive Hard lifetimes: 700 (sec) 10 (Kb) F Forced rekey F Enable extended sequence numbers SoFt percentage: 85 Hard limits: 3600 lo (sec) (Kb) Encryption Algorithms P’ AES-256 P’ AES-128 P’ 3DES P’ DES Hash Algorithms r r r P’ SHA-i P’ MDS Soit percentage: 85 F Force XAuth on rekey F Relax strict identity matching r Enable NAT traversal (NAT-T) P’ Enable initial contact F Encrypt Final aggressive mode packet r Rekey PRF Algorithms — r r F SHA-256 P’ SHA-1 P’ MD5 Key Exchange Groups r Group i6 (4096-bit) r Group iS (3072-bit) F Group 14 (2048-bit) P’ Group 5 (1536-bit) P’ Group 2 (1024-bit) P’ Group 1 (768-bit) F Perfect forward secrecy (PFS) Oakiey group: h ±1 OK Cancel Help

Screen clipping taken: 17/05/2011 01:37 p.m.

Any recommendations?

Regards Bernardo Perez

El mensaje fue editado por: bperez on 17/05/11 01:42:26 PM CDT
3 Replies
sliedl
Level 14
Report Inappropriate Content
Message 2 of 4

Re: How to create a VPN with EFW 8.0.1 and a Blackberry Secure Computing Sidewinder client.

What does the audit say when you try to connect?  Always, always look at the audit.

Run this command to set the VPN audit to verbose:

$> cf ikmpd set audit=Verbose

Run this command to capture a live audit, looking only for VPN audits:

$> acat -kbe "area vpn" > vpnaudit.raw

Try the VPN connection.

Stop the audit with CTRL+C when it fails.

Open it with the acat command to see what it says:

$> acat vpnaudit.raw | less

Run this command to set the VPN audit back to the default level when you're finished:

$> cf ikmpd set audit=Normal

sliedl
Level 14
Report Inappropriate Content
Message 3 of 4

Re: How to create a VPN with EFW 8.0.1 and a Blackberry Secure Computing Sidewinder client.

Another thing - without doing any troubleshooting, the first thing you have to find out is: does the Blackberry do IPSEC VPNs?

If it does not ,it will never connect to the firewall.  That's the answer right there, if so.

Re: How to create a VPN with EFW 8.0.1 and a Blackberry Secure Computing Sidewinder client.

i tried to configurate the vpn and same error