Hello,
I am having a problem with using an I-Mate Pocket PC 2003 to connect to my email using Secure Client for Checkpoint.
I am connecting to the internet using GPRS.
I have already upgraded my ROM version to 1.52 WWE , Radio Version to 1.10, Protocol version to 1337.18 and ExtROM 1.52.114
So any idea why is so or any recommendations for using other vpn clients to access the Checkpoint Firewall.
Thanks,
re: security problem
Security Guru, we are using connection manager to dial into our RSA & Radius authentication server without a VPN client. Works OK. We are encrypting data on device & sending then decrypting server side.
However, O2 were onsite yesterday to assist with monitoring our traffic flow & they use (for their own tech staff to access their environment) a movian VPN client to hit a Cisco concentrator. Movian client is available at certicoms website -
'http://www.certicom.com/index.php?action=product,secapps_index'
Not sure if the movian client will work with checkpoint but its worth a try.
Could you pls fwd me a link to download the checkpoint client & I'll try that against our firewall.
I have earlier version of ROM details for UK & will suss out most current.
Can you give me more info on your architecture? Win2003 servers, private apn, exchange, radius, checkpoint details, etc?
re: security problem
Security Guru, we are using connection manager to dial into our RSA & Radius authentication server without a VPN client. Works OK. We are encrypting data on device & sending then decrypting server side.
However, O2 were onsite yesterday to assist with monitoring our traffic flow & they use (for their own tech staff to access their environment) a movian VPN client to hit a Cisco concentrator. Movian client is available at certicoms website -
'http://www.certicom.com/index.php?action=product,secapps_index'
Not sure if the movian client will work with checkpoint but its worth a try.
Could you pls fwd me a link to download the checkpoint client & I'll try that against our firewall.
I have earlier version of ROM details for UK & will suss out most current.
Can you give me more info on your architecture? Win2003 servers, private apn, exchange, radius, checkpoint details, etc?
Related
I have been trying to establish a VPN connection with my xda over gprs to my office computer (PPTP) but I am not sure I have made the appropriate settings. There is no place to type in my username and password (except for the gprs connection).
Can anyone guide me on how to ensure a proper connection?
Also, I am not sure what the VPN connection will mean in terms of pocket pc functionality. Will it mean that I can access my office e-mail which would otherwise require a direct dial in? Will I be able to synchronize with my office outlook?
I would greatly appreciate your help. Thanks, apap
VPN
hi,
suggest ringing 0845 6006886 (O2 GPRS Helpline).
They have a PDF Doc that may help. They will e-mail it to you.
Doc Title VPN_Access_over_mobile_web.
Good luck
Ric.
Thanks for your help Ric.
I have followed the settings as discussed in the pdf file but I have not had any success. I will call the helpline.
private networks
Please note that if you are using O2 and your office have a private network range in the 10.0.0.0 range, you will have problems due to the subnet mask used, and the fact that O2 use NAT.
I have written a utility which monitors the routing table, and overcomes this problem by narrowing the net mask. Anyone who is interested, contact me for this software: [email protected]
I tried to 'give' this software to O2, but they didn't seem to care. They didn't really seem to understand the problem.
Re: private networks
martinlong1978 said:
[...]
I have written a utility which monitors the routing table, and overcomes this problem by narrowing the net mask. Anyone who is interested, contact me for this software: [email protected]
I tried to 'give' this software to O2, but they didn't seem to care. They didn't really seem to understand the problem.
Click to expand...
Click to collapse
How about this: we'll dedicate a page to it on this site, and possibly even include a small tutorial that deals with networking stuff in general. If everyone in the know contributes a bit of their knowledge, I'll lay it all out, add the screenshots and put it on a page.
Re: private networks
Thanks.
Here's the gist of it.
Often, corporate networks use addresses in the range 10.0.0.0 - 10.255.255.255 in order to create private networks. This address range is designated for this purpose, and is the only class A range designated as such.
O2's GPRS network uses NAT in order to cut down the number of IP addresses they require. In doing so, they also use the private address range.
It is not recommended practice to use NAT for subscription networks, as they do not provide a 'complete' internet service. Certain peer-to-peer services will not work through NAT, as they require both devices to be publicly addressable - this however, is not the cause of this issue.
Lets look at the process of connecting to a VPN.
1) a 'dial up' connection is made to the GPRS service. When I say 'dial up' I do not mean a circut switched call is made (before you techies correct me), but still, some kind of PPP connection is made.
2) IP addresses are negotiated. An address is allocated to the device in the 10.0.0.0 range. During this allocation proceedure no subnet mask is specified, and the device assumes 255.0.0.0 as for a class A network.
3) The device adds a route to 10.0.0.0 mask 255.0.0.0 on the GPRS virtual adapter.
The connection to the VPN can now be made
1) a 'dial up' connection is made to the VPN service.
2) IP addresses are negotiated. An address is allocated to the device in the 10.0.0.0 range (depending on corporate config). During this allocation proceedure no subnet mask is specified, and the device assumes 255.0.0.0 as for a class A network.
3) The device adds a route to 10.0.0.0 mask 255.0.0.0 on the VPNvirtual adapter.
All seems fine - no? Try connecting to any host on the private network. Mail server, terminal server, web server. I bet you it doesn't work. That's because two routes have been allocated on the 10.0.0.0 mask 255.0.0.0 network. When you try and connect to your mail server (eg 10.0.0.6) the packets go straight out through the first matching route - the GPRS, and never even see the VPN route.
My software tool watches the route table (I use a function in the IPhlpapi.dll for those interested), and waits for a change. When it spots a change, it re-writes the routing table, narrowing the routing entries to 24 bit masks (it works out the missing octets from the gateway address).
So an example would be:
10.0.0.0 mask 255.0.0.0 gw 10.34.23.254 if GPRS
10.0.0.0 mask 255.0.0.0 gw 10.0.0.1 if VPN
becomes
10.34.23.0 mask 255.255.255.0 gw 10.34.23.254 if GPRS
10.0.0.0 mask 255.255.255.0 gw 10.0.0.1 if VPN
This allows you to access stuff in the 10.0.0.0 network.
Drawback:
You won't be able to peer to peer with other O2 XDA's who aren't on the same class C netowork - big deal, does anyone do this?
You are limited to contacting hosts on the same class C within your private network. I am working on broadening this range.
Files:
There is 1 file required - the executable, which should be placed in the startup folder. Let me know where to send this, and it can be made public.
util.
To keep you updated. I've just updated this slightly. It no longer requires MFC. It is 1 x 5.5 K executable.
Regards
Martin
Please note, not everyone will need this update. Only if your office uses a 10.0.0.0 subnet.
Thanks for all the enquiries.
Can I share the files - VPN_Access_over_mobile_web.pdf?
Hi ,
Can I share the files - VPN_Access_over_mobile_web.pdf? I am also testing the VPN conection over XDA GRPS, but if it is possible , pls mail me that PDF files. [email protected]
Thx
Li
CAn anyone please email me the VPN_Access_over_mobile_web.pdf file? Please Please Please!
Thanks
Ian
[email protected]
Don't have this file to hand, but if it is the one I think (provided by o2 UK) it is on their site somewhere.
VPN to Win2k server (with fixed ip, and internal ip of 192.168.blah-de-blah) worked first time following those instructions, as did Terminal Server used to remotely control it.
HTH
imordey said:
CAn anyone please email me the VPN_Access_over_mobile_web.pdf file? Please Please Please!
Thanks
Ian
[email protected]
Click to expand...
Click to collapse
VPN Access
For goodness sake.
http://www.o2.co.uk/mobileweb
Select the VPN Access tab!
Download the PDF from there.
A little surfing goes a long way
Re: util.
Hi Martin, I tried to mail you for the VPN fix but it bounced, any chance you could email it to me or attach it here? paul_w at cix dot co dot uk.
Thanks,
Paul
--
To: [email protected]
Subject: XDAII VPN fix
Sent: Sat, 28 Feb 2004 13:15:42 -0000
did not reach the following recipient(s):
[email protected] on Sat, 28 Feb 2004 13:30:55 -0000
The recipient name is not recognized
The MTS-ID of the original message is: c=us;a= ;p=trace computers
;l=DATA1504022813301W4WRN23
MSEXCH:IMS:Trace Computers PLCatawiseATA15 0 (000C05A6) Unknown
Recipient
martinlong1978 said:
To keep you updated. I've just updated this slightly. It no longer requires MFC. It is 1 x 5.5 K executable.
Regards
Martin
Click to expand...
Click to collapse
Does anyone have this file? Or any contact details for martinlong?
Thanks,
Paul
What VPN does for me.
Me and my significant other have 3 servers in our closet and host exchange (email), Active Directory, and outlook mobile access as well as things like ftp, web, and most importantly VPN. All my email that comes to us goes into my Outlook box on the exchange server then activesync sends a text message to my tmo pda phone and activesync begins downloading my mail and synchronizes my contacts and calendar. Once that is complete, a VPN connection is started up and the pda syncs with my desktop computer, so programs like vindigo and files like my documents are up to date. I even have the option of installing over the air or browsing my files on my computer at home.
Hey Sytris, I'm setup the same way pretty much but I've tried with 2 different devices and I can't get it to sync with the local computer. The active synce with exchange works fine and the vpn connects just fine. The active Sync app on the server then gets the connection from the PPC but shows connected as guest instead of my device and the active sync on the PPC still shows connecting but never goes anywhere. Did you run into that when setting yours up? Any suggestions? Thanks - Jim
About PPTP connection via PC I found nice tutorial step by step here at supervpn.net/blog
About mobile, you should try to contact some VPN provider, they have nice live chat support so they can answer you probably on all your questions.
For setup your vpn on your phone you can find solution on worldvpn.net
Hi Everyone,
I recently purchased an XDAII and brought it to the states and am currently using it on AT&T's GSM/GPRS network. I can VPN into my corporate network and have validated a VPN Session on the server side...but for some odd reason I cannot hit my intranet site or any servers on my network. I think it is a setting I missed or configured incorrectly on my device. Anyone have any suggestions?
Any help would be greatly appreciated!
Thanks,
Richard
Richard, I'd be interested too, as it's exactly what I want to do. What VPN software are you using? I was planning on using the Secure Remote software, PDA version.
Can you get access to the firewall logs to see what is happening, any drop or messages, etc?
Securemote and Himalaya type phones
Guys, I have a similar problem and checkpoint doesn't currently himalayas!!!
Anybody has a solution?
Thanks
Moustapha
I know the problem
I know the problem(I think), it's the fact that using the default (built in) VPN client the XDAII doesn't pick up the subnet mask from the VPN, it generates it's own based on the class of IP address, setting nthe dhcp server to dish out class c addresses works on my set up - will keep you posted though!
got it working SecureClient 131/ NG FP3 SecureRemote / GPRS
Hi
I have installed the SecureClient for WM2003 Build 131 and the Firewall is a NG FP3 only with SecuRemote configured. First i needed to change the authenification schema on the firewall an enter a pre-shared secret. After that i was able to establish the vpn tunnel.
I tried putty and temrinal serrvice into the internal network and both was working . I just got a message that the secureclient was not able to download the client policy, but i just ignored that.
Hope this helps
Reto
I have just bought an O2 XDA Mini S and want to connect it to my coorporate mail service. I tried with the VPN tool of the device but t was not succesfull. My corporate service can be reached through a VPN called CheckPoint but unfortunatelly there is no client available from them for WM5. Is there any generic VPN client that cam be used with my XDA or any adjust to the includedc VPN tool in the device.
I will appreciate any help or guidance.
Best Regards
GAMxda
Have you tried the 2003se version of checkpoint vpn client?
nonereal said:
Have you tried the 2003se version of checkpoint vpn client?
Click to expand...
Click to collapse
I did, (downloaded from: http://www.checkpoint.com/downloads/quicklinks/downloads_sr.html )
but every time I want to start the CheckPoint VPN SecureClient, i get an error: 'Internal Error'. Anybody has a working version for HTC Wizard / Qteck 9100 / K-JAM?
Thanks!
I seriously doubt it. Checkpoint isn't compatible with anything and they take forever to change anything. You'd do better to try looking at the problem a different way. I forward my corporate mail to a private mail server which then forwards it to the phone.
Hi,
I try to establish a vpn connection to our company-VPN.
VPN Gateway is a cisco device. "Normal" connection via notebook with cisco vpn client works.
On my TyTN i installed ncp client. But i dont know how to configure the cisco settings.
On Cisco VPN Client:
- IP Adress of Gateway
- Group Authentication
- Transport IPSec over UDP
On ncp VPN Client:
- IP Adress of Gateway is easy to find
But i cannot assign the other settings. NCP Client has a lot of settings.
Has anybody success to establish vpn connection via windows Mobile to a cisco Gateway ?
Got it. Not the vpn Client was the problem.
The Blackberry connect SW (disabled!) prevented connection via vpn.
Deinstallation of BB Connect und vpn Client from Bluefire works fine.
What did you use as the VPN client to connect into the cisco gateway?
Do you use a RSA secureID token?
I am tring to get a VPN connection running from my HTC p3600i, WM6.
New VPN Client
Since a few days i use another VPN Client: www.ncp.de
Works fine. We do not user RSA Token. Only Group Authentication (free string to identify groups) and XAUTH - user/password.
WinnieK said:
Since a few days i use another VPN Client: www.ncp.de
Works fine. We do not user RSA Token. Only Group Authentication (free string to identify groups) and XAUTH - user/password.
Click to expand...
Click to collapse
Can you write your settings? I can't configre this
Any ideas on a MPPE PPTP VPN via WM6? I have been trying to get this to work for months and can't. I am operating under the presumption that the VPN client in WM5/6/6.1 doesn't support MPPE and I am therefor up S#!T creek without a 3rd party dialer...
(It is a VPN connection to my work and yes as sorry as this is they still use an encrypted PPTP connection for all of their VPN connections. If they would just move on to something a LITTLE more current L2TP/IPsec I wouldn't be having any of these problems...)
But is there such a thing as a 3rd party PPTP VPN client for WM5/6/6.1 I haven't been able to find one...
TIA~
WinnieK said:
Since a few days i use another VPN Client: www.ncp.de
Works fine. We do not user RSA Token. Only Group Authentication (free string to identify groups) and XAUTH - user/password.
Click to expand...
Click to collapse
kindly can you show where to set the Group Authentication ?!!!
New(ish) Cisco AnyConnect VPN Client
Cisco have released an AnyConnect VPN client for Windows Mobile 5/6 (version 2.3.185). This is specifically targetted towards the ASA 5500 platform as the VPN server, however it should also work with IOS VPN devices (I am told?).
I haven't tried it, however I have seen it demonstrated and it all seemed to work.
Personally I prefer the integrated L2TP/IPSec VPN client and have posted previously on how to get this working with Cisco PIX 6.3, ASA/PIX 7.x and IOS devices.
Andy
AnyConnect VPN client will support only SSL VPN, that avaiable on Cisco ASA and IOS from 12.4(20)T or later.
Can I have two VPN connections to two different places on the same computer?
I work at two different medical facilities. I have a VPN connection to one and I'm trying to set up one for the other. When I'm in the New Connection Wizard and I pick "automatically dial connection", it makes me pick the medical facility that I already had on the computer to "automatically dial" when trying to create this new one.
cool vpn has given the users privilege to surf internet with freedom and security Thanks to VPN
Hello,
I want to connect to my Company's VPN and read my e-mails.
My Company uses a Nortel Contivity switch to which I successfully connected with Bluefire Mobile Security VPN v2.7.5, Build 706 (IKE=DES+MD5+DH1; IPsec=3DES+MD5+LZH+PFS; NAT traversal active), using a cellular HSDPA connection. Now comes the bad part: I cannot configure Outlook to use the Exchange server nor the IMAP or POP servers (I tried with Flexmail 4 but with the same results) - it always say that the servers are not accessible. As far as I could figure it out, it seems that after the tunneling is operational, Outlook or any other software still tries to access the internet through the cellular connection (I tried to traceroot some addresses and it ALWAYS goes through the cellular line (not the tunneled connection).
What would be the correct settings in my connection manager so I could access the my Company's Exchange / POP / IMAP servers after I setup the VPN manually with Bluefire?
Thanks a lot!
DO you work for VZ ?? i too would like to connect to my vpn network ... I spoke to our techsupport and advised that wasnt possible ...just for bllackberry ... which i found odd ... i would be interested tofind out how to also
TheAlphonso said:
Hello,
I want to connect to my Company's VPN and read my e-mails.
My Company uses a Nortel Contivity switch to which I successfully connected with Bluefire Mobile Security VPN v2.7.5, Build 706 (IKE=DES+MD5+DH1; IPsec=3DES+MD5+LZH+PFS; NAT traversal active), using a cellular HSDPA connection. Now comes the bad part: I cannot configure Outlook to use the Exchange server nor the IMAP or POP servers (I tried with Flexmail 4 but with the same results) - it always say that the servers are not accessible. As far as I could figure it out, it seems that after the tunneling is operational, Outlook or any other software still tries to access the internet through the cellular connection (I tried to traceroot some addresses and it ALWAYS goes through the cellular line (not the tunneled connection).
What would be the correct settings in my connection manager so I could access the my Company's Exchange / POP / IMAP servers after I setup the VPN manually with Bluefire?
Thanks a lot!
Click to expand...
Click to collapse
!!!up!!!!!
when you configure your email account dont you specify which internet connection it should try to use? so shouldnt youspecify that your work conection is he connection that it should use to check mail.?