How to setup an ikev2 VPN with public key authentica​tion with your BB10 device
This setup will allow you to run a VPN between your BB10.2 (and probably BB10.1) device and a debian linux computer (I am running the testing stream). You will need to tweak this config (and possibly install strongswan server on your LAN's gateway) to get access to network resources, or access the internet via the VPN. I have created this setup with the intention of accessing files/services on the debian computer only.
1. Install strongswan on your debian machine(I have v4.6.4 installed, I think the current testing version is v5.1. If you install v5+, some lines in the config may be obsolete), and install any other extra packages you are prompted to install:
apt-get install strongswan strongswan-ikev1 strongswan-ikev2 strongswan-starter openssl ipsec-tools
2. Generate certificates on your debian server in any, starting with a certificate authority. Edit the C= O= CN= fields to whatever you want:
ipsec pki --gen --outform pem > caKey.pem
ipsec pki --self --in caKey.pem --dn "C=CA, O=none, CN=Certificate-Auth" --san="Certificate-Auth" --ca --outform pem > caCert.pem
Generate a server keypair (again, editing the same fields as I indicated above. The CN= field should be lan ip address of your strongswan server. I would also put this as the address in --san=, or you can specify your hostname(if you have one, i.e. mydomainname.com):
ipsec pki --gen --outform pem > serverKey.pem
ipsec pki --pub --in serverKey.pem | ipsec pki --issue --cacert caCert.pem --cakey caKey.pem --dn "C=CA, O=none, CN=192.168.1.100" --san="192.168.1.100" --flag serverAuth --outform pem > serverCert.pem
Generate a keypair for your BB10 device (choose a CN=, and use it in the --san field @your server lan ip or hostname:
ipsec pki --gen --outform pem > userKey.pem
ipsec pki --pub --in userKey.pem | ipsec pki --issue --cacert caCert.pem --cakey caKey.pem --dn "C=CA, O=none, CN=bb10" --san "[email protected]" --flag serverAuth --outform pem > userCert.pem
3. After generating your keys, package the client keys for your BB10 device(you will be asked to create a password): openssl pkcs12 -export -in userCert.pem -inkey userKey.pem -out bb10.pfx
Copy the bb10.pfx file, and serverCert.pem to your BB10 device and import the certificates into the certificate store(Open Settings --> Security and Privacy --> Certificates --> Import)
4. Move the certificates into the appropriate folders on your debian server:
mv caKey.pem /etc/ipsec.d/private
mv caCert.pem /etc/ipsec.d/cacerts
mv serverKey.pem /etc/ipsec.d/private
mv serverCert.pem /etc/ipsec.d/certs
5. Enable ip forwarding on your debian machine:
edit /etc/sysctl.conf - change the following value as follows:
net.ipv4.ip_forward=1
Close the file and save changes. To enable changes, type: sysctl -p /etc/sysctl.conf
6. Edit config files:
ipsec.secrets:
: RSA serverKey.pem
ipsec.conf:
config setup
strictcrlpolicy=no
uniqueids=yes
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
leftfirewall=yes
dpddelay=30
dpdtimeout=120
dpdaction=clear
conn bb10
mobike=yes
ike=aes256-sha1-sha1-modp1024!
esp=aes256-sha1!
left=%defaultroute
leftid="C=CA, O=none, CN=192.168.1.100"
leftcert=serverCert.pem
right=%any
rightsourceip=10.10.0.1
rightid="C=CA, O=none, CN=bb10"
rightauth=pubkey
leftauth=pubkey
pfs=yes
auto=add
7. Start the ipsec service on your debian machine: service ipsec stop; service ipsec start
8. Set up the VPN connection on your blackberry: Settings -->Network Connections --> VPN --> Add.
a) Profile Name: Give your VPN a name
b) Server Address: Enter your server's address
c) Gateway Type: Generic IKEv2 VPN Server
d) Authentication Type: PKI
e) Authentication ID Type: Identity Certificate Distinguished Name
f) Client Certificate: The client certificate you imported should show up in the dropdown
g) Gateway Auth Type: PKI
h) Gateway Auth ID Type: Identity Certificate Distinguished Name
i) Gateway CA Certificate: Find the certificate authority you imported. If you used the same name as I did above when creating the certificate, if will be called "Certificate-Auth".
j) Perfect forward secrecy : ON
k) Change IKE Lifetime to 3600
l) Change IPSEC lifetime to 1200
You can leave everything else on default settings. Save your VPN profile.
9. Connect to your VPN. You should now be able to ping both ways between your blackberry and debian host. Using the above configuration, your blackberry device will have the ip address of 10.10.0.1.
There have been numerous bb10 updates (now 10.2.1.2977) since I first posted this mini how-to-I am not sure if it was the bb10 updates, or updates to strongswan (now v5.2.0) or my linux kernel (v3.15.3), though I am now able to use stronger hash and elliptic curve key exchange. I am using sha384 in my example, though have also got it working with sha512. Give it a try:
Simply use the same process I detailed before, though change the following lines in ipsec.conf:
ike=aes256-sha1-sha1-modp1024!
esp=aes256-sha1!
to
ike=aes256-sha384-ecp521
esp=aes256-sha384-ecp521
Be sure to restart strongswan after you change these lines in the config.
After this is done, change 'Automatically determine algorithm' to off in the VPN profile settings of your VPN connection profile on your blackberry. I'm not sure why it doesn't work automatically. State the following in this section:
IKE DH Group: 21
IKE CIpher: AES (256-bit key)
IKE Hash: SHA384
IKE PRF: HMAC-SHA384
IPSec DH Group: 21
IPSec Cipher: AES (256-bit key)
IPSec Hash: SHA384
Similar Messages
-
How to setup word docs, converted to PDF on local drive with links to a second file at a page
how to setup word docs, converted to PDF on local drive with links to a second file at a page
Need to setup a set of word documents, converted to PDF that has links from one file to a second file at a given page.
I would like to setup a set of pdf documents, on the hard disk of a PC or Mac, that can be open with acrobat pro running on the same computer and have the link jump to, and open in a new window, in acrobat pro, to a given page of a second document in the set.
Is there a way to setup a link in word and the conversion to pdf that will result in a link that is equivalent to the acrobat link type you get when you add a link of the type Go to a page in another document?
Tools-Advanced Editing-Link tool, make a box
Check: Go to page view, Next (Create go to view dialog opens)
Open second document and go to page
Click “Create go to view dialog” to set up link
Result is a link, when view by link properties, with an action of
Go to a page in another document
File: C:\My Documents\second file.pdf
Page: 43
Zoom level: Custom
I got close but did not solve the problem:
I have a version that uses links to a website, using #page=43 at the end of the hyperlink.
That works but will only open to the page if is through the web browser, opening the acrobat reader plugin.
I need to open from a folder on the local harddisk (with relative links), in acrobat pro to the given page of the pdf, on a PC or a Mac.
I could bookmark each page “pagenumberxxx” and jump to the bookmark/page if that would get around some problem
Current Systems in use to create documents with links and view them:
Windows XP SP3
Word 2003 SP3
Acrobat 9 pro version 9.4.4
Or just to view them:
Mac OS 10 Lion version 10.7.4
Acrobat 9 pro version 9.5.1
(note I have limited understanding of Mac’s)
JohnNo. There seems to be no automated way to do it. You can of course go into the PDF and manually add links after you have converted to PDF, but that is what we want to avoid having to do. We want it to be automatic from the Word doc.
-
Why my MacBook pro with Maverick, when I'm connected with internet key and connect with usb cable my HTC One the Mac restat with error?
Solution may be found if you search in the "More Like This" section over in the right column.
-
How encrypt msg with Public Key ?
I want to encrypt my Session Key with the public key of the recipient but how can I do ?
I know how to encrypt with the Secret Key but not with the Public Key.
Thanks for response
NicolasIt depends on the cryptosystem of which the public key you are having.
If it is of RSA then you have to get the cipher of RSA and pass the session key bytes as input to it. -
Hi guys,
I'm working on my thesis,and my prof. told me that I have to sign a
java object with a public key.
Looks to be impossible, but I asked him again and he confirmed what he
said.
How do I create a digital signature of a java object using a Publik
Key??
Thanks a Lot guys!!!
Bye!How do I create a digital signature of a java object using a Public Key??Well as my fellow poster said it makes no sense siging (Encrypting) an Object using a Public Key as it would be available for access.
If it is about Siging an Object with a Single Key where there is concept having a public / private key i think most of the Symmentric Encryption Algorithms come into picture. where there would be a single key used for both encrypting & decrypting data.
However, you can very well have a look of the specified links below to recheck on things.
http://www.unix.org.ua/orelly/java-ent/security/ch12_01.htm
http://www.developer.com/java/other/article.php/630851
http://mindprod.com/jgloss/digitalsignatures.html
Hope these might be of some help...
REGARDS,
RaHuL -
Allow privilleged users to enter into EXEC mode on login not working with public keys
Hi,
I have recently updated one of my Cisco ASA to v9.2(1) and noticed a function to get the perform authorization for exec shell access can do a auto-enable when logging in from ssh.
The problem is that if I use a private/public key authentication with a user it won't do the auto-enable feature. If I login without keys and using my password, it jumps into privilleged exec mode as it should.
Anyone else had this issue?
Config:
aaa authentication ssh console LOCAL
aaa authorization exec LOCAL auto-enable
username user password xxxxxx encrypted privilege 15
username user attributes
ssh authentication publickey 22:af:xxxxxx hashed
Any answer will be highly appreciated.
P.S I'm totally new in this forum.Would you be able to open a TAC SR and once you do , Email me the SR no and i will look into this issue.
[email protected]
Thanks and Regards,
Vibhor Amrodia -
Problem with public key ssh login
Weird problem just appeared. Home computer has two accounts (A and B). I allow ssh login to both accounts via public key login (ssh-keygen). Two remote computers with accounts A' and B' on one, and A" and B" on the other.
I can ssh into the home computer account B from account B' on one computer. I can log into the home computer account B from account B" on the other computer. I cannot ssh into the home computer account A from either A' or A", but I could last week.
Here is what the .ssh directories look like:
Home computer, account A:
total 8
drwx------ 4 userA groupA 136 Jan 30 11:51:38 2006 .
drwxrwxr-x 25 userA groupA 850 Nov 8 20:05:58 2006 ..
-rw-r--r-- 1 userA groupA 1216 Jan 10 13:20:20 2006 authorized_keys2
-rw-r--r-- 1 userA groupA 447 Sep 25 15:28:42 2006 known_hosts
Home computer, account B:
total 16
drwx------ 5 userB groupB 170 Oct 2 09:52:02 2006 .
drwxr-xr-x 23 userB groupB 782 Nov 9 08:26:03 2006 ..
-rw------- 1 userB groupB 6148 May 19 17:54:58 2006 .DS_Store
-rw-r--r-- 1 userB groupB 1228 Jan 10 13:24:15 2006 authorized_keys2
-rw-r--r-- 1 userB groupB 242 Oct 2 09:52:02 2006 known_hosts
Remote computer 1, account A':
total 16
drwx------ 6 userA' groupA' 204 Nov 9 09:55:12 2006 .
drwxr-xr-x 29 userA' groupA' 986 Nov 9 09:41:21 2006 ..
-rw-r--r-- 1 userA' groupA' 41 Mar 13 12:13:17 2006 config
-rw------- 1 userA' groupA' 736 Nov 20 13:38:54 2005 id_dsa
-rw-r--r-- 1 userA' groupA' 607 Nov 20 13:38:54 2005 id_dsa.pub
-rw-r--r-- 1 userA' groupA' 246 Jan 10 09:41:27 2006 known_hosts
Remote computer 1, account B':
total 16
drwx------ 5 userB' groupB' 170 Nov 9 08:23:04 2006 .
drwxr-xr-x 18 userB' groupB' 612 Nov 9 09:52:11 2006 ..
-rw------- 1 userB' groupB' 6148 Nov 9 08:23:04 2006 .DS_Store
-rw------- 1 userB' groupB' 668 May 25 08:51:51 2006 id_dsa
-rw-r--r-- 1 userB' groupB' 2481 Oct 30 09:00:57 2006 known_hosts
Remote computer 2, account A":
total 12
drwx------ 5 userA" groupA" 170 Jan 25 10:59:54 2006 .
drwxr-xr-x 20 userA" groupA" 680 Nov 9 08:19:30 2006 ..
-rw------- 1 userA" groupA" 736 Jan 10 13:14:16 2006 id_dsa
-rw-r--r-- 1 userA" groupA" 609 Jan 10 13:14:16 2006 id_dsa.pub
-rw-r--r-- 1 userA" groupA" 3376 Oct 31 19:48:25 2006 known_hosts
Remote computer 2, account B":
total 12
drwx------ 5 userB" groupB" 170 Jan 25 11:41:48 2006 .
drwx------ 22 userB" groupB" 748 Nov 9 10:33:00 2006 ..
-rw------- 1 userB" groupB" 736 Jan 10 13:11:50 2006 id_dsa
-rw-r--r-- 1 userB" groupB" 615 Jan 10 13:11:50 2006 id_dsa.pub
-rw-r--r-- 1 userB" groupB" 2947 Nov 7 10:18:27 2006 known_hosts
I had copied the A' id_dsa.pub from remote computer 1 to the home computer account A authorized_keys2, then I copied the A" id_dsa.pub from remote computer 2 and had appended it to the home computer account A authorized_keys2. I had done a similar thing with accounts B', B", and B on their respective computers.
All worked great for many months, until today, when ssh connections from A' or A" into A give me the dreaded
Permission denied,gssapi-keyex,gssapi-with-mic) error message. Pretty certain that it was as recent as earlier this week I made the A'-->A ssh connection and all was well. Meanwhile, ssh connections from B' or B" into B still work fine.
As near as I can tell, file ownerships and permissions look okay. While ssh'ed into B from B' I even did a
cat /Users/userA/.ssh/authorized_keys2
and then in another Terminal window, local to the remote computer, I did a
cat /Users/userA/.ssh/id_dsa.pub
In the terminal windows, each key wraps over about five-and-a-half lines, and I spotchecked like the last half-dozen characters, on each Terminal window line, of remote computer 1, account A' id_dsa.pub and the first pub key entry in authorized_keys2 in home computer account A. They all match.
I even keep a clone backup of my hard drive, and the date/timestamp of /etc/sshd_config hasn't changed (although, I'm a bit mystified why it is dated as recently as it is -- Sep 29 2006 -- don't remember doing anything to it)
So, I'm really confused, and not sure what to try or where to look next.
2001 Quicksilver G4 (M8360LL/A) Mac OS X (10.4.8)Hi j.v.,
Home computer, account A:
total 8
drwx------ 4 userA groupA 136 Jan 30 11:51:38 2006 .
drwxrwxr-x 25 userA groupA 850 Nov 8 20:05:58 2006 ..
The parent directory ".." of the directory ".ssh", i.e. home directory of account A, is group-writeble. SSH considers this as "insecure". You should make it writable only by the owner.
A@Home$ cd (cd to the home directory)
A@Home$ chmod g-w .
HTH
PowerMac G4 Mac OS X (10.4.7) -
Encrypt data with public key?
I am trying to find a class that support encryption with PublicKey.
In the class Signature there is a method "initSign" that takes a PrivateKey as argument, but that is used for signing certificates.
What I am looking for is to make A encrypt some data with B' public key that B can decrypt with its private key...is there any class for this scenario?You might want to check out these, if you haven't already:
http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/package-summary.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/interfaces/package-summary.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/spec/package-summary.html -
Retrieved public key not match with real public key on certificate
//@@public key from certificate
*30 81 89 02 81 81*
+00 92 28 98 7b 71 5e 3b 58 93 7a 58 cd 9e b8 17 c6 8e 74 51 c7 32 be 73 c6 54 d6 e5 3b c8 3c 89 c5 6c cd 59 b2 40 58 f2 83 f4 8d c8 b0 5f 57 26 d9 27 88 ff 76 1b 2d 5e 78 8c aa 66 2e 68 1e ed 01 5a 09 c9 5f fb 11 9d 33 4d 57 f1 02 f8 61 4b 71 08 c9 da db 5c a7 c8 fa a6 ed f6 d5 1b 78 72 20 33 0b 80 6c 07 e0 14 7c 49 b5 e3 aa 39 79 28 9e 76 3f 9c 23 7b ea 5c b3 fd 79 cb d5 71 3d d4 f9 02 03 01 00 01+
//@@retrieved public key from certificate partially not match
*30 3F 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 3F 3F 00 30 3F 89 02 3F 3F*
+00 92 28 98 7B 71 5E 3B 58 93 7A 58 CD 9E B8 17 C6 8E 74 51 C7 32 BE 73 C6 54 D6 E5 3B C8 3C 89 C5 6C CD 59 B2 40 58 F2 83 F4 3F C8 B0 5F 57 26 D9 27 88 FF 76 1B 2D 5E 78 8C AA 66 2E 68 1E ED 01 5A 09 C9 5F FB 11 3F 33 4D 57 F1 02 F8 61 4B 71 08 C9 DA DB 5C A7 C8 FA A6 ED F6 D5 1B 78 72 20 33 0B 80 6C 07 E0 14 7C 49 B5 E3 AA 39 79 28 9E 76 3F 9C 23 7B EA 5C B3 FD 79 CB D5 71 3D D4 F9 02 03 01 00 01+
* Convert into hex values
private static String hex(String binStr) {
String newStr = new String();
try {
String hexStr = "0123456789ABCDEF";
byte [] p = binStr.getBytes();
for(int k=0; k < p.length; k++ ){
int j = ( p[k] >> 4 )&0xF;
newStr = newStr + hexStr.charAt( j );
j = p[k]&0xF;
newStr = newStr + hexStr.charAt( j ) + " ";
} catch (Exception e) {
System.out.println("Failed to convert into hex values: " + e);
return newStr;
* Get public key from keystore.
* The public key is in the certificate.
private static Key getPublicKey(String keyname, String keystore)
throws IOException, KeyStoreException, NoSuchAlgorithmException,
CertificateException {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystore), KEYSTORE_PASS.toCharArray());
X509Certificate cert = (X509Certificate) ks.getCertificate(keyname);
if (cert != null) {
return cert.getPublicKey();
return null;
// Read the public key from keystore certificate
RSAPublicKey keystorepub = (RSAPublicKey) keystorecert.getPublicKey();
tempPub = keystorepub.getEncoded();
sPub = new String( tempPub );
System.out.println("Public key from keystore:\n" + hex(sPub) + "\n");Italic part is match part however bold part is not match, i think should be calculation on convert hex incorrect.the public key on certificate can view direct in hex format although inside the certificate is in byte[] format,hence during extract public key from certificate via java code,need to convert from byte[] to hex string and then compare it.
this is the picture of certificate that display public key in hex format
[http://i225.photobucket.com/albums/dd135/ocibala109/cert.jpg]
Edited by: ocibala on Oct 7, 2008 8:51 PM -
How to setup built-in VPN server on Mountain Lion
Anyone have information on configuring the built-in VPN server in OS X Mountain Lion ?
Update - it works ! At least I can connect to Mountain Lion (not server) from my iPhone using the VPN Server Configurator app.
Here's what I did :
1) download the app and install
2) setup using the help files on the web page : http://www.greenworldsoft.com/product-vpn-server-help.html
3) at the last stage you need to setup port forwardin on your router
4) under Airport Utility 6.0 you cannot setup ports 500 or 4500 due to BTTM conflicts but setup the other 2 ports (1723 TCP and 1701 UDP), update airport extreme
5) download Airport Utility 5.6 from here : download already extracted utility it is in it's extracted form as is necessary under Mtn Lion (thanks to NetUse Monitor for the download - great app by the way)
6) run 5.6 and setup port forwarding (Advanced-Port Mapping) for the other 2 ports (500 and 4500 UDP), update airport extreme
7) that's it, I was able to connect to the VPN from my iPhone ! -
How to setup the DirectAccess on windows server 2012 r2 essentials with 2 nics
I have a server with two network cards (the first card NIC called "Internet" and the second NIC called "Local Network") with static IP both.
The computer has "DomainName.local"
I still have not connected to the internet with my company domain-name from my server
I have installed and configured the DHCP, DNS, WINS, and trouble-free operation
I have also installed the role "DirectAccess and VPN"
But here we face the problem that I can not set the directaccess with two Network Interface Card
Any information found on pages from microsoft none met my needs
Can you help, set the DirectAccess with my server ?Hi:
Remove/disable the "internet" nic and connect the server and all stations to a switch. Connect the switch to the router/firewall at the edge. Server stopped doing NAT after 2003.
Larry Struckmeyer[MVP] If your question is answered please mark the response as the answer so that others can benefit. -
Hi,
I just bought a Linksys BEFSX41 VPN router, I wanted to make a basic VPN. I tried more than a week, I followed the guide. But it never work and really made me headache.
I hope any body can help me to make it work.
I setup the router as the guide, the local IP is 192.168.1.1, I disabled the firewall, I set a statci IP, 10.254.5.92 for the router's WAN IP. I also enable a tunnel. give name to it. setup the local secure group, remote secure group.
The VPN client is a XP computer, I also give a static IP to it, it's 10.254.5.7. I also create a IP Security Policy on the Local Computer. The VPN connection is a L2TP coonection, the pre-shared key is same as that in the IP Security policy and the tunnel.
The client can ping the router, but never can login the the VPN.
Here is the router log, any body find any thing wrong there:
12:22:12 IKE[1] **Check your PFS setting !
12:22:12 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
12:23:14 IKE[1] Rx << Delete ISAKMP_SA : cookie 113dfda3 8f0c2714 | 8dfe132b b0eb4152
12:23:14 IKE[1] Tx >> Delete ISAKMP_SA : cookie 113dfda3 8f0c2714 | 8dfe132b b0eb4152
12:23:14 IKE[1] Rx << MM_I1 : 10.254.5.7 SA, VID, VID, VID
12:23:14 IKE[1] Tx >> MM_R1 : 10.254.5.7 SA
12:23:14 IKE[1] ISAKMP SA CKI=[28996738 20e85b24] CKR=[1f879b2d 26c7485]
12:23:14 IKE[1] ISAKMP SA 3DES / SHA / PreShared / MODP_1024 / 28800 sec (*3600 sec)
12:23:15 IKE[1] Rx << MM_I2 : 10.254.5.7 KE, NONCE
12:23:15 IKE[1] Tx >> MM_R2 : 10.254.5.7 KE, NONCE
12:23:16 IKE[1] Rx << MM_I3 : 10.254.5.7 ID, HASH
12:23:16 IKE[1] Tx >> MM_R3 : 10.254.5.7 ID, HASH
12:23:16 IKE[1] **Check your PFS setting !
12:23:16 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
12:23:24 IKE[1] **Check your PFS setting !
12:23:24 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
12:23:31 IKE[1] **Check your PFS setting !
12:23:31 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
12:23:38 IKE[1] **Check your PFS setting !
12:23:38 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
12:23:47 IKE[1] **Check your PFS setting !
12:23:47 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
12:23:54 IKE[1] **Check your PFS setting !
12:23:54 IKE[1] Tx >> Notify : PAYLOAD-MALFORMED
12:24:26 IKE[1] Rx << Delete ISAKMP_SA : cookie 28996738 20e85b24 | 1f879b2d 26c7485
12:24:26 IKE[1] Tx >> Delete ISAKMP_SA : cookie 28996738 20e85b24 | 1f879b2d 26c7485
12:24:26 IKE[1] Rx << MM_I1 : 10.254.5.7 SA, VID, VID, VID
12:24:26 IKE[1] Tx >> MM_R1 : 10.254.5.7 SA
12:24:26 IKE[1] ISAKMP SA CKI=[e41e0bac f6514198] CKR=[49b5d338 43497875]
12:24:26 IKE[1] ISAKMP SA 3DES / SHA / PreShared / MODP_1024 / 28800 sec (*3600 sec)
12:24:27 IKE[1] Rx << MM_I2 : 10.254.5.7 KE, NONCE
12:24:27 IKE[1] Tx >> MM_R2 : 10.254.5.7 KE, NONCE
12:24:28 IKE[1] Rx << MM_I3 : 10.254.5.7 ID, HASH
12:24:28 IKE[1] Tx >> MM_R3 : 10.254.5.7 ID, HASH
12:24:35 IKE[1] **Check your ISAKMP Pre-share Key setting !
12:24:35 IKE[1] Tx >> Notify : INVALID-PAYLOAD-TYPE
Thanks
Wei LuoHi Yu Yu,
If I have understood you requirement correctly then please have a loom of the below URL. It may help you.
Login Modules - User Authentication and Single Sign-On - SAP Library
Thanks,
Hamendra -
How to setup an IPSec VPN Tunnel Cisco 2320 Vs RVS4000
Hello all.
This forum has always helped me in all my investigations about VPN and now I'm gonna help everyone with this post.
I have succesfully config an IPSec VPN Tunnel by using a Router Scientific Atlanta Cisco 2320 and a RVS4000 4-Port Gigabit Security Router with VPN.
On the site of Router Scientific Atlanta Cisco 2320 this is some info:
WAN IP: A.A.A.A
Router Local IP: 192.168.5.1
Subnet: 192.168.5.X
Subnet Mask: 255.255.255.0
On the site of RVS4000 4-Port Gigabit Security Router with VPN this is some info:
WAN IP: B.B.B.B
Router Local IP: 192.168.0.10
Subnet: 192.168.0.X
Subnet Mask: 255.255.255.0
Remember that you can not be on the same range of IP, I mean, you can not have 192.168.0.X if the remote network is on 192.168.0.X, you have to change some of the Routers.
I show the configuration on Router Scientific Atlanta Cisco 2320:
I show the configuration on RVS4000 4-Port Gigabit Security Router with VPN:
If all is correctly configured, you should see on Router Scientific Atlanta Cisco 2320 the Status Connected:
If all is correctly configured, you should see on RVS4000 4-Port Gigabit Security Router with VPN the Status Up:
As you can see, I'm connected to the remote Router (RVS4000 4-Port Gigabit Security Router with VPN) by my own web browser accesing by the local IP 192.168.0.10
I have used Authentication MD5, maybe is not the best one but I had no time to test SHA1, I will when I will have time.
I wish that this help to anyone that need to do this.
Best regards!Hey,
Thanks a ton for posting this out here. I am sure it will be helpful for people trying this out.
Regards,
Prapanch -
How to setup NTP service in server 2012 R2 to synch with an external NTP server
Server 2012 R2 Std as DC
I have looked at the blogs on setup and could not make sense of them. I did this easily on SBS2008 before I migrated to 2012 R2.
What is the process to establish the DC server 2012 R2 as the time source. Right now it is BIOS clock and I wish to move to NTP as the time source.
Thanks for your help
John LenzHi JohnLenz,
You can use the following command line and refer the following KB:
w32tm /config /syncfromflags:manual
w32tm /config /manualpeerlist:<IP_or_FQDN_of_the_time_source>
Note: please replace "<IP_or_FQDN_of_the_time_source>” with the IP address or FQDN of your NTP server.
Net stop w32time
Net start w32time
The related KB:
Synchronize the Time Server for the Domain Controller with an External Source
http://technet.microsoft.com/en-us/library/cc784553(v=ws.10).aspx
Configure the Time Source for the Forest
http://technet.microsoft.com/zh-cn/library/cc794937(v=ws.10).aspx
Configuring a time source for the forest
http://technet.microsoft.com/en-us/library/cc784800(v=ws.10).aspx
I’m glad to be of help to you!
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
How to setup my Palm 700wx to connect to the Internet from your computer with the USB
http://i35.tinypic.com/znx2yw.gif
Can I surf using my pda web browser on my 700wx without using my cellular phone for ISP connection? If so, does anyone on here might know how to set this up on a 700wx palm? Thanks again.
Message Edited by deeptester on 10-18-2009 10:02 PMDo anybody on this board might know if there is a wx700 USB modem software available?
Maybe you are looking for
-
Photos Look Blurry on NTSC monitor when played from timeline
When I play back jpeg photos from my timeline on my monitor, the pictures look a bit blurry, especially right at the end of my transition, such as a cross dissolve...When I stop the playhead on a jpeg, after about 1 second, the image becomes very sha
-
How do I update my itunes to 10.5 or higher
My Iphone will not update; an error always takes place when I try to update.
-
My swf is not loading xml on server
Hi I'm creating a flipbook which get the data through xml. It works properly in the flash means when I test it using ctrl+Enter but when I upload it onto the server it not shows even a single page means the cml isn't loaded there. Any ideas what woul
-
How to recovery HD Document submenu
Hey, I recently had my logic board replaced and since then decided to backup all my info...again. I was in the process of copying my documents to a DVD to burn. However, the way I went about it, did not work. When I opened the HD icon, and the next w
-
Hello, I will try to creat extention for photoshop in Flash Builder 4 using CS Extention Toolkit 3.4. For automatic or something happen, i think we have to used notifier but i do't no how to used it and where i have to code that thing. Or any other