How to setup an ikev2 VPN with public key authentica​tion with your BB10 device

This setup will allow you to run a VPN between your BB10.2 (and probably BB10.1) device and a debian linux computer (I am running the testing stream).  You will need to tweak this config (and possibly install strongswan server on your LAN's gateway) to get access to network resources, or access the internet via the VPN.  I have created this setup with the intention of accessing files/services on the debian computer only.
1.  Install strongswan on your debian machine(I have v4.6.4 installed, I think the current testing version is v5.1.  If you install v5+, some lines in the config may be obsolete), and install any other extra packages you are prompted to install: 
apt-get install strongswan strongswan-ikev1 strongswan-ikev2 strongswan-starter openssl ipsec-tools
2.  Generate certificates on your debian server in any, starting with a certificate authority.  Edit the C= O= CN= fields to whatever you want:
ipsec pki --gen --outform pem > caKey.pem
ipsec pki --self --in caKey.pem --dn "C=CA, O=none, CN=Certificate-Auth" --san="Certificate-Auth" --ca --outform pem > caCert.pem
Generate a server keypair (again, editing the same fields as I indicated above.  The CN= field should be lan ip address of your strongswan server.  I would also put this as the address in --san=, or you can specify your hostname(if you have one, i.e. mydomainname.com):
ipsec pki --gen --outform pem > serverKey.pem
ipsec pki --pub --in serverKey.pem | ipsec pki --issue --cacert caCert.pem --cakey caKey.pem --dn "C=CA, O=none, CN=192.168.1.100" --san="192.168.1.100" --flag serverAuth --outform pem > serverCert.pem
Generate a keypair for your BB10 device (choose a CN=, and use it in the --san field @your server lan ip or hostname:
ipsec pki --gen --outform pem > userKey.pem
ipsec pki --pub --in userKey.pem | ipsec pki --issue --cacert caCert.pem --cakey caKey.pem --dn "C=CA, O=none, CN=bb10" --san "[email protected]"  --flag serverAuth --outform pem > userCert.pem
3.  After generating your keys, package the client keys for your BB10 device(you will be asked to create a password): openssl pkcs12 -export -in userCert.pem -inkey userKey.pem -out bb10.pfx
Copy the bb10.pfx file, and serverCert.pem to your BB10 device and import the certificates into the certificate store(Open Settings --> Security and Privacy --> Certificates --> Import)
4. Move the certificates into the appropriate folders on your debian server: 
mv caKey.pem /etc/ipsec.d/private
mv caCert.pem /etc/ipsec.d/cacerts
mv serverKey.pem /etc/ipsec.d/private
mv serverCert.pem /etc/ipsec.d/certs
5. Enable ip forwarding on your debian machine:
edit /etc/sysctl.conf - change the following value as follows:
net.ipv4.ip_forward=1
Close the file and save changes.  To enable changes, type:  sysctl -p /etc/sysctl.conf
6.  Edit config files:
          ipsec.secrets:
: RSA serverKey.pem
        ipsec.conf:
config setup
        strictcrlpolicy=no
        uniqueids=yes
conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
        leftfirewall=yes
        dpddelay=30
        dpdtimeout=120
        dpdaction=clear
conn bb10
        mobike=yes
        ike=aes256-sha1-sha1-modp1024!
        esp=aes256-sha1!
        left=%defaultroute
        leftid="C=CA, O=none, CN=192.168.1.100"
        leftcert=serverCert.pem
        right=%any
        rightsourceip=10.10.0.1
        rightid="C=CA, O=none, CN=bb10"
        rightauth=pubkey
        leftauth=pubkey
        pfs=yes
        auto=add
7. Start the ipsec service on your debian machine: service ipsec stop; service ipsec start
8. Set up the VPN connection on your blackberry: Settings -->Network Connections --> VPN --> Add.
a) Profile Name:  Give your VPN a name
b) Server Address:  Enter your server's address
c) Gateway Type: Generic IKEv2 VPN Server
d) Authentication Type: PKI
e) Authentication ID Type:  Identity Certificate Distinguished Name
f) Client Certificate: The client certificate you imported should show up in the dropdown
g) Gateway Auth Type: PKI
h) Gateway Auth ID Type: Identity Certificate Distinguished Name
i) Gateway CA Certificate:  Find the certificate authority you imported.  If you used the same name as I did above when creating the certificate, if will be called "Certificate-Auth".
j) Perfect forward secrecy : ON
k) Change IKE Lifetime to 3600
l) Change IPSEC lifetime to 1200
You can leave everything else on default settings.  Save your VPN profile.
9. Connect to your VPN.  You should now be able to ping both ways between your blackberry and debian host.  Using the above configuration, your blackberry device will have the ip address of 10.10.0.1.

There have been numerous bb10 updates (now 10.2.1.2977) since I first posted this mini how-to-I am not sure if it was the bb10 updates, or updates to strongswan (now v5.2.0) or my linux kernel (v3.15.3), though I am now able to use stronger hash and elliptic curve key exchange.  I am using sha384 in my example, though have also got it working with sha512.  Give it a try:
Simply use the same process I detailed before, though change the following lines in ipsec.conf:
ike=aes256-sha1-sha1-modp1024!
esp=aes256-sha1!
to
ike=aes256-sha384-ecp521
esp=aes256-sha384-ecp521
Be sure to restart strongswan after you change these lines in the config.
After this is done, change 'Automatically determine algorithm' to off in the VPN profile settings of your VPN connection profile on your blackberry.  I'm not sure why it doesn't work automatically.  State the following in this section:
IKE DH Group:  21
IKE CIpher: AES (256-bit key)
IKE Hash: SHA384
IKE PRF: HMAC-SHA384
IPSec DH Group: 21
IPSec Cipher: AES (256-bit key)
IPSec Hash: SHA384

Similar Messages

  • How to setup word docs, converted to PDF on local drive with links to a second file at a page

    how to setup word docs, converted to PDF on local drive with links to a second file at a page
    Need to setup a set of word documents, converted to PDF that has links from one file to a second file at a given page.
    I would like to setup a set of pdf documents, on the hard disk of a PC or Mac, that can be open with acrobat pro running on the same computer and have the link jump to, and open in a new window, in acrobat pro, to a given page of a second document in the set.
    Is there a way to setup a link in word and the conversion to pdf that will result in a link that is equivalent to the acrobat link type  you get when you add a link of the type Go to a page in another document?
    Tools-Advanced Editing-Link tool, make a box
    Check: Go to page view, Next (Create go to view dialog opens)
    Open second document and go to page
    Click “Create go to view dialog” to set up link
    Result is a link, when view by link properties, with an action of
    Go to a page in another document
    File: C:\My Documents\second file.pdf
    Page: 43
    Zoom level: Custom
    I got close but did not solve the problem:
    I have a version that uses links to a website, using #page=43 at the end of the hyperlink.
    That works but will only open to the page if is through the web browser, opening the acrobat reader plugin.
    I need to open from a folder on the local harddisk (with relative links), in acrobat pro to the given page of the pdf, on a PC or a Mac.
    I could bookmark each page “pagenumberxxx” and jump to the bookmark/page if that would get around some problem
    Current Systems in use to create documents with links and view them:
    Windows XP SP3
    Word 2003 SP3
    Acrobat 9 pro version 9.4.4
    Or just to view them:
    Mac OS 10 Lion version 10.7.4
    Acrobat 9 pro version 9.5.1
    (note I have limited understanding of Mac’s)
    John

    No.  There seems to be no automated way to do it.  You can of course go into the PDF and manually add links after you have converted to PDF, but that is what we want to avoid having to do.  We want it to be automatic from the Word doc.

  • Why my MacBook pro with Maverick, when I'm connected with internet key and connect with usb cable my HTC One the Mac restat with error?

    Why my MacBook pro with Maverick, when I'm connected with internet key and connect with usb cable my HTC One the Mac restat with error?

    Solution may be found if you search in the "More Like This" section over in the right column. 

  • How encrypt msg with Public Key ?

    I want to encrypt my Session Key with the public key of the recipient but how can I do ?
    I know how to encrypt with the Secret Key but not with the Public Key.
    Thanks for response
    Nicolas

    It depends on the cryptosystem of which the public key you are having.
    If it is of RSA then you have to get the cipher of RSA and pass the session key bytes as input to it.

  • Signing code with Public Key

    Hi guys,
    I'm working on my thesis,and my prof. told me that I have to sign a
    java object with a public key.
    Looks to be impossible, but I asked him again and he confirmed what he
    said.
    How do I create a digital signature of a java object using a Publik
    Key??
    Thanks a Lot guys!!!
    Bye!

    How do I create a digital signature of a java object using a Public Key??Well as my fellow poster said it makes no sense siging (Encrypting) an Object using a Public Key as it would be available for access.
    If it is about Siging an Object with a Single Key where there is concept having a public / private key i think most of the Symmentric Encryption Algorithms come into picture. where there would be a single key used for both encrypting & decrypting data.
    However, you can very well have a look of the specified links below to recheck on things.
    http://www.unix.org.ua/orelly/java-ent/security/ch12_01.htm
    http://www.developer.com/java/other/article.php/630851
    http://mindprod.com/jgloss/digitalsignatures.html
    Hope these might be of some help...
    REGARDS,
    RaHuL

  • Allow privilleged users to enter into EXEC mode on login not working with public keys

    Hi,
    I have recently updated one of my Cisco ASA to v9.2(1) and noticed a function to get the perform authorization for exec shell access can do a auto-enable when logging in from ssh.
    The problem is that if I use a private/public key authentication with a user it won't do the auto-enable feature. If I login without keys and using my password, it jumps into privilleged exec mode as it should.
    Anyone else had this issue?
    Config:
    aaa authentication ssh console LOCAL
    aaa authorization exec LOCAL auto-enable
    username user password xxxxxx encrypted privilege 15
    username user attributes
     ssh authentication publickey 22:af:xxxxxx hashed
    Any answer will be highly appreciated. 
    P.S I'm totally new in this forum.

    Would you be able to open a TAC SR and once you do , Email me the SR no and i will look into this issue.
    [email protected]
    Thanks and Regards,
    Vibhor Amrodia

  • Problem with public key ssh login

    Weird problem just appeared. Home computer has two accounts (A and B). I allow ssh login to both accounts via public key login (ssh-keygen). Two remote computers with accounts A' and B' on one, and A" and B" on the other.
    I can ssh into the home computer account B from account B' on one computer. I can log into the home computer account B from account B" on the other computer. I cannot ssh into the home computer account A from either A' or A", but I could last week.
    Here is what the .ssh directories look like:
    Home computer, account A:
    total 8
    drwx------ 4 userA groupA 136 Jan 30 11:51:38 2006 .
    drwxrwxr-x 25 userA groupA 850 Nov 8 20:05:58 2006 ..
    -rw-r--r-- 1 userA groupA 1216 Jan 10 13:20:20 2006 authorized_keys2
    -rw-r--r-- 1 userA groupA 447 Sep 25 15:28:42 2006 known_hosts
    Home computer, account B:
    total 16
    drwx------ 5 userB groupB 170 Oct 2 09:52:02 2006 .
    drwxr-xr-x 23 userB groupB 782 Nov 9 08:26:03 2006 ..
    -rw------- 1 userB groupB 6148 May 19 17:54:58 2006 .DS_Store
    -rw-r--r-- 1 userB groupB 1228 Jan 10 13:24:15 2006 authorized_keys2
    -rw-r--r-- 1 userB groupB 242 Oct 2 09:52:02 2006 known_hosts
    Remote computer 1, account A':
    total 16
    drwx------ 6 userA' groupA' 204 Nov 9 09:55:12 2006 .
    drwxr-xr-x 29 userA' groupA' 986 Nov 9 09:41:21 2006 ..
    -rw-r--r-- 1 userA' groupA' 41 Mar 13 12:13:17 2006 config
    -rw------- 1 userA' groupA' 736 Nov 20 13:38:54 2005 id_dsa
    -rw-r--r-- 1 userA' groupA' 607 Nov 20 13:38:54 2005 id_dsa.pub
    -rw-r--r-- 1 userA' groupA' 246 Jan 10 09:41:27 2006 known_hosts
    Remote computer 1, account B':
    total 16
    drwx------ 5 userB' groupB' 170 Nov 9 08:23:04 2006 .
    drwxr-xr-x 18 userB' groupB' 612 Nov 9 09:52:11 2006 ..
    -rw------- 1 userB' groupB' 6148 Nov 9 08:23:04 2006 .DS_Store
    -rw------- 1 userB' groupB' 668 May 25 08:51:51 2006 id_dsa
    -rw-r--r-- 1 userB' groupB' 2481 Oct 30 09:00:57 2006 known_hosts
    Remote computer 2, account A":
    total 12
    drwx------ 5 userA" groupA" 170 Jan 25 10:59:54 2006 .
    drwxr-xr-x 20 userA" groupA" 680 Nov 9 08:19:30 2006 ..
    -rw------- 1 userA" groupA" 736 Jan 10 13:14:16 2006 id_dsa
    -rw-r--r-- 1 userA" groupA" 609 Jan 10 13:14:16 2006 id_dsa.pub
    -rw-r--r-- 1 userA" groupA" 3376 Oct 31 19:48:25 2006 known_hosts
    Remote computer 2, account B":
    total 12
    drwx------ 5 userB" groupB" 170 Jan 25 11:41:48 2006 .
    drwx------ 22 userB" groupB" 748 Nov 9 10:33:00 2006 ..
    -rw------- 1 userB" groupB" 736 Jan 10 13:11:50 2006 id_dsa
    -rw-r--r-- 1 userB" groupB" 615 Jan 10 13:11:50 2006 id_dsa.pub
    -rw-r--r-- 1 userB" groupB" 2947 Nov 7 10:18:27 2006 known_hosts
    I had copied the A' id_dsa.pub from remote computer 1 to the home computer account A authorized_keys2, then I copied the A" id_dsa.pub from remote computer 2 and had appended it to the home computer account A authorized_keys2. I had done a similar thing with accounts B', B", and B on their respective computers.
    All worked great for many months, until today, when ssh connections from A' or A" into A give me the dreaded
    Permission denied,gssapi-keyex,gssapi-with-mic) error message. Pretty certain that it was as recent as earlier this week I made the A'-->A ssh connection and all was well. Meanwhile, ssh connections from B' or B" into B still work fine.
    As near as I can tell, file ownerships and permissions look okay. While ssh'ed into B from B' I even did a
    cat /Users/userA/.ssh/authorized_keys2
    and then in another Terminal window, local to the remote computer, I did a
    cat /Users/userA/.ssh/id_dsa.pub
    In the terminal windows, each key wraps over about five-and-a-half lines, and I spotchecked like the last half-dozen characters, on each Terminal window line, of remote computer 1, account A' id_dsa.pub and the first pub key entry in authorized_keys2 in home computer account A. They all match.
    I even keep a clone backup of my hard drive, and the date/timestamp of /etc/sshd_config hasn't changed (although, I'm a bit mystified why it is dated as recently as it is -- Sep 29 2006 -- don't remember doing anything to it)
    So, I'm really confused, and not sure what to try or where to look next.
    2001 Quicksilver G4 (M8360LL/A)   Mac OS X (10.4.8)  

    Hi j.v.,
    Home computer, account A:
    total 8
    drwx------ 4 userA groupA 136 Jan 30 11:51:38 2006 .
    drwxrwxr-x 25 userA groupA 850 Nov 8 20:05:58 2006 ..
    The parent directory ".." of the directory ".ssh", i.e. home directory of account A, is group-writeble. SSH considers this as "insecure". You should make it writable only by the owner.
    A@Home$ cd (cd to the home directory)
    A@Home$ chmod g-w .
    HTH
    PowerMac G4   Mac OS X (10.4.7)  

  • Encrypt data with public key?

    I am trying to find a class that support encryption with PublicKey.
    In the class Signature there is a method "initSign" that takes a PrivateKey as argument, but that is used for signing certificates.
    What I am looking for is to make A encrypt some data with B' public key that B can decrypt with its private key...is there any class for this scenario?

    You might want to check out these, if you haven't already:
    http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html
    http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html
    http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/package-summary.html
    http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/interfaces/package-summary.html
    http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/spec/package-summary.html

  • Retrieved public key not match with real public key on certificate

    //@@public key from certificate
    *30 81 89 02 81 81*
    +00 92 28 98 7b 71 5e 3b 58 93 7a 58 cd 9e b8 17 c6 8e 74 51 c7 32 be 73 c6 54 d6 e5 3b c8 3c 89 c5 6c cd 59 b2 40 58 f2 83 f4 8d c8 b0 5f 57 26 d9 27 88 ff 76 1b 2d 5e 78 8c aa 66 2e 68 1e ed 01 5a 09 c9 5f fb 11 9d 33 4d 57 f1 02 f8 61 4b 71 08 c9 da db 5c a7 c8 fa a6 ed f6 d5 1b 78 72 20 33 0b 80 6c 07 e0 14 7c 49 b5 e3 aa 39 79 28 9e 76 3f 9c 23 7b ea 5c b3 fd 79 cb d5 71 3d d4 f9 02 03 01 00 01+
    //@@retrieved public key from certificate partially not match
    *30 3F 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 3F 3F 00 30 3F 89 02 3F 3F*
    +00 92 28 98 7B 71 5E 3B 58 93 7A 58 CD 9E B8 17 C6 8E 74 51 C7 32 BE 73 C6 54 D6 E5 3B C8 3C 89 C5 6C CD 59 B2 40 58 F2 83 F4 3F C8 B0 5F 57 26 D9 27 88 FF 76 1B 2D 5E 78 8C AA 66 2E 68 1E ED 01 5A 09 C9 5F FB 11 3F 33 4D 57 F1 02 F8 61 4B 71 08 C9 DA DB 5C A7 C8 FA A6 ED F6 D5 1B 78 72 20 33 0B 80 6C 07 E0 14 7C 49 B5 E3 AA 39 79 28 9E 76 3F 9C 23 7B EA 5C B3 FD 79 CB D5 71 3D D4 F9 02 03 01 00 01+
         * Convert into hex values
         private static String hex(String binStr) {
              String newStr = new String();
              try {
                   String hexStr = "0123456789ABCDEF";
                   byte [] p = binStr.getBytes();
                   for(int k=0; k < p.length; k++ ){
                        int j = ( p[k] >> 4 )&0xF;
                        newStr = newStr + hexStr.charAt( j );
                        j = p[k]&0xF;
                        newStr = newStr + hexStr.charAt( j ) + " ";
              } catch (Exception e) {
                   System.out.println("Failed to convert into hex values: " + e);
              return newStr;
         * Get public key from keystore.
         * The public key is in the certificate.
         private static Key getPublicKey(String keyname, String keystore)
         throws IOException, KeyStoreException, NoSuchAlgorithmException,
         CertificateException {
              KeyStore ks = KeyStore.getInstance("JKS");
              ks.load(new FileInputStream(keystore), KEYSTORE_PASS.toCharArray());
              X509Certificate cert = (X509Certificate) ks.getCertificate(keyname);
              if (cert != null) {
                   return cert.getPublicKey();
              return null;
    // Read the public key from keystore certificate
                   RSAPublicKey keystorepub = (RSAPublicKey) keystorecert.getPublicKey();
                   tempPub = keystorepub.getEncoded();
                   sPub = new String( tempPub );
                   System.out.println("Public key from keystore:\n" + hex(sPub) + "\n");Italic part is match part however bold part is not match, i think should be calculation on convert hex incorrect.

    the public key on certificate can view direct in hex format although inside the certificate is in byte[] format,hence during extract public key from certificate via java code,need to convert from byte[] to hex string and then compare it.
    this is the picture of certificate that display public key in hex format
    [http://i225.photobucket.com/albums/dd135/ocibala109/cert.jpg]
    Edited by: ocibala on Oct 7, 2008 8:51 PM

  • How to setup built-in VPN server on Mountain Lion

    Anyone have information on configuring the built-in VPN server in OS X Mountain Lion ?

    Update - it works ! At least I can connect to Mountain Lion (not server) from my iPhone using the VPN Server Configurator app.
    Here's what I did :
    1) download the app and install
    2) setup using the help files on the web page : http://www.greenworldsoft.com/product-vpn-server-help.html
    3) at the last stage you need to setup port forwardin on your router
    4) under Airport Utility 6.0 you cannot setup ports 500 or 4500 due to BTTM conflicts but setup the other 2 ports (1723 TCP and 1701 UDP), update airport extreme
    5) download Airport Utility 5.6 from here : download already extracted utility  it is in it's extracted form as is necessary under Mtn Lion (thanks to NetUse Monitor for the download - great app by the way)
    6) run 5.6 and setup port forwarding (Advanced-Port Mapping) for the other 2 ports (500 and 4500 UDP), update airport extreme
    7) that's it, I was able to connect to the VPN from my iPhone !

  • How to setup the DirectAccess on windows server 2012 r2 essentials with 2 nics

    I have a server with two network cards (the first card NIC called "Internet" and the second NIC called "Local Network") with static IP both.
    The computer has "DomainName.local"
    I still have not connected to the internet with my company domain-name from my server
    I have installed and configured the DHCP, DNS, WINS, and trouble-free operation
    I have also installed the role "DirectAccess and VPN"
    But here we face the problem that I can not set the directaccess with two Network Interface Card
    Any information found on pages from microsoft none met my needs
    Can you help, set the DirectAccess with my server ?

    Hi:
    Remove/disable the "internet" nic and connect the server and all stations to a switch.  Connect the switch to the router/firewall at the edge.  Server stopped doing NAT after 2003.
    Larry Struckmeyer[MVP] If your question is answered please mark the response as the answer so that others can benefit.

  • How to setup a basic VPN

    Hi,
    I just bought a Linksys BEFSX41 VPN router, I wanted to make a basic VPN.  I tried more than a week, I followed the guide.  But it never work and really made me headache. 
    I hope any body can help me to make it work.
    I setup the router as the guide, the local IP is 192.168.1.1, I disabled the firewall, I set a statci IP, 10.254.5.92 for the router's WAN IP.  I also enable a tunnel. give name to it. setup the local secure group, remote secure group. 
    The VPN client is a XP computer, I also give a static IP to it, it's 10.254.5.7.  I also create a IP Security Policy on the Local Computer.  The VPN connection is a L2TP coonection, the pre-shared key is same as that in the IP Security policy and the tunnel.
    The client can ping the router, but never can login the the VPN.
    Here is the router log, any body find any thing wrong there:
    12:22:12 IKE[1] **Check your PFS setting !
    12:22:12 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
    12:23:14 IKE[1] Rx << Delete ISAKMP_SA : cookie 113dfda3 8f0c2714 | 8dfe132b b0eb4152
    12:23:14 IKE[1] Tx >> Delete ISAKMP_SA : cookie 113dfda3 8f0c2714 | 8dfe132b b0eb4152
    12:23:14 IKE[1] Rx << MM_I1 : 10.254.5.7 SA, VID, VID, VID
    12:23:14 IKE[1] Tx >> MM_R1 : 10.254.5.7 SA
    12:23:14 IKE[1] ISAKMP SA CKI=[28996738 20e85b24] CKR=[1f879b2d 26c7485]
    12:23:14 IKE[1] ISAKMP SA 3DES / SHA / PreShared / MODP_1024 / 28800 sec (*3600 sec)
    12:23:15 IKE[1] Rx << MM_I2 : 10.254.5.7 KE, NONCE
    12:23:15 IKE[1] Tx >> MM_R2 : 10.254.5.7 KE, NONCE
    12:23:16 IKE[1] Rx << MM_I3 : 10.254.5.7 ID, HASH
    12:23:16 IKE[1] Tx >> MM_R3 : 10.254.5.7 ID, HASH
    12:23:16 IKE[1] **Check your PFS setting !
    12:23:16 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
    12:23:24 IKE[1] **Check your PFS setting !
    12:23:24 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
    12:23:31 IKE[1] **Check your PFS setting !
    12:23:31 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
    12:23:38 IKE[1] **Check your PFS setting !
    12:23:38 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
    12:23:47 IKE[1] **Check your PFS setting !
    12:23:47 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
    12:23:54 IKE[1] **Check your PFS setting !
    12:23:54 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
    12:24:26 IKE[1] Rx << Delete ISAKMP_SA : cookie 28996738 20e85b24 | 1f879b2d 26c7485
    12:24:26 IKE[1] Tx >> Delete ISAKMP_SA : cookie 28996738 20e85b24 | 1f879b2d 26c7485
    12:24:26 IKE[1] Rx << MM_I1 : 10.254.5.7 SA, VID, VID, VID
    12:24:26 IKE[1] Tx >> MM_R1 : 10.254.5.7 SA
    12:24:26 IKE[1] ISAKMP SA CKI=[e41e0bac f6514198] CKR=[49b5d338 43497875]
    12:24:26 IKE[1] ISAKMP SA 3DES / SHA / PreShared / MODP_1024 / 28800 sec (*3600 sec)
    12:24:27 IKE[1] Rx << MM_I2 : 10.254.5.7 KE, NONCE
    12:24:27 IKE[1] Tx >> MM_R2 : 10.254.5.7 KE, NONCE
    12:24:28 IKE[1] Rx << MM_I3 : 10.254.5.7 ID, HASH
    12:24:28 IKE[1] Tx >> MM_R3 : 10.254.5.7 ID, HASH
    12:24:35 IKE[1] **Check your ISAKMP Pre-share Key setting !
    12:24:35 IKE[1] Tx >> Notify : INVALID-PAYLOAD-TYPE
    Thanks
    Wei Luo

    Hi Yu Yu,
    If I have understood you requirement correctly then please have a loom of the below URL. It may help you.
    Login Modules - User Authentication and Single Sign-On - SAP Library
    Thanks,
    Hamendra

  • How to setup an IPSec VPN Tunnel Cisco 2320 Vs RVS4000

    Hello all.
    This forum has always helped me in all my investigations about VPN and now I'm gonna help everyone with this post.
    I have succesfully config an IPSec VPN Tunnel by using a Router Scientific Atlanta Cisco 2320 and a RVS4000 4-Port Gigabit Security Router with  VPN.
    On the site of Router Scientific Atlanta Cisco 2320 this is some info:
    WAN IP: A.A.A.A
    Router Local IP: 192.168.5.1
    Subnet: 192.168.5.X
    Subnet Mask: 255.255.255.0
    On the site of RVS4000 4-Port Gigabit Security Router with  VPN this is some info:
    WAN IP: B.B.B.B
    Router Local IP: 192.168.0.10
    Subnet: 192.168.0.X
    Subnet Mask: 255.255.255.0
    Remember that you can not be on the same range of IP, I mean, you can not have 192.168.0.X if the remote network is on 192.168.0.X, you have to change some of the Routers.
    I show the configuration on Router Scientific Atlanta Cisco 2320:
    I show the configuration on RVS4000 4-Port Gigabit Security Router with  VPN:
    If all is correctly configured, you should see on Router Scientific Atlanta Cisco 2320 the Status Connected:
    If all is correctly configured, you should see on RVS4000 4-Port Gigabit Security Router with  VPN the Status Up:
    As you can see, I'm connected to the remote Router (RVS4000 4-Port Gigabit Security Router with  VPN) by my own web browser accesing by the local IP 192.168.0.10
    I have used Authentication MD5, maybe is not the best one but I had no time to test SHA1, I will when I will have time.
    I wish that this help to anyone that need to do this.
    Best regards!

    Hey,
    Thanks a ton for posting this out here. I am sure it will be helpful for people trying this out.
    Regards,
    Prapanch

  • How to setup NTP service in server 2012 R2 to synch with an external NTP server

    Server 2012 R2 Std as DC
    I have looked at the blogs on setup and could not make sense of them. I did this easily on SBS2008 before I migrated to 2012 R2.
    What is the process to establish the DC server 2012 R2 as the time source.  Right now it is BIOS clock and I wish to move to NTP as the time source.
    Thanks for your help
    John Lenz

    Hi JohnLenz,
    You can use the following command line and refer the following KB:
    w32tm /config /syncfromflags:manual
    w32tm /config /manualpeerlist:<IP_or_FQDN_of_the_time_source>
    Note: please replace "<IP_or_FQDN_of_the_time_source>” with the IP address or FQDN of your NTP server.
     Net stop w32time
    Net start w32time
    The related KB:
    Synchronize the Time Server for the Domain Controller with an External Source
    http://technet.microsoft.com/en-us/library/cc784553(v=ws.10).aspx
    Configure the Time Source for the Forest
    http://technet.microsoft.com/zh-cn/library/cc794937(v=ws.10).aspx
    Configuring a time source for the forest
    http://technet.microsoft.com/en-us/library/cc784800(v=ws.10).aspx
    I’m glad to be of help to you!
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • How to setup my Palm 700wx to connect to the Internet from your computer with the USB

    http://i35.tinypic.com/znx2yw.gif
    Can I surf using my pda web browser on my 700wx without using my cellular phone for ISP connection? If so, does anyone on here might know how to set this up on a 700wx palm? Thanks again.
    Message Edited by deeptester on 10-18-2009 10:02 PM

    Do anybody on this board might know if there is a wx700 USB modem software available?

Maybe you are looking for

  • Photos Look Blurry on NTSC monitor when played from timeline

    When I play back jpeg photos from my timeline on my monitor, the pictures look a bit blurry, especially right at the end of my transition, such as a cross dissolve...When I stop the playhead on a jpeg, after about 1 second, the image becomes very sha

  • How do I update my itunes to 10.5 or higher

    My Iphone will not update; an error always takes place when I try to update.

  • My swf is not loading xml on server

    Hi I'm creating a flipbook which get the data through xml. It works properly in the flash means when I test it using ctrl+Enter but when I upload it onto the server it not shows even a single page means the cml isn't loaded there. Any ideas what woul

  • How to recovery HD Document submenu

    Hey, I recently had my logic board replaced and since then decided to backup all my info...again. I was in the process of copying my documents to a DVD to burn. However, the way I went about it, did not work. When I opened the HD icon, and the next w

  • How to use notifier

    Hello, I will try to creat extention for photoshop in Flash Builder 4  using CS Extention Toolkit 3.4. For automatic or something happen, i think we have to used notifier but i do't no how to used it and  where i have to code that thing. Or any other