VPN Client for CheckPoint Needed for MiniS - Networking

I have just bought an O2 XDA Mini S and want to connect it to my coorporate mail service. I tried with the VPN tool of the device but t was not succesfull. My corporate service can be reached through a VPN called CheckPoint but unfortunatelly there is no client available from them for WM5. Is there any generic VPN client that cam be used with my XDA or any adjust to the includedc VPN tool in the device.
I will appreciate any help or guidance.
Best Regards
GAMxda

Have you tried the 2003se version of checkpoint vpn client?

nonereal said:
Have you tried the 2003se version of checkpoint vpn client?
Click to expand...
Click to collapse
I did, (downloaded from: http://www.checkpoint.com/downloads/quicklinks/downloads_sr.html )
but every time I want to start the CheckPoint VPN SecureClient, i get an error: 'Internal Error'. Anybody has a working version for HTC Wizard / Qteck 9100 / K-JAM?
Thanks!

I seriously doubt it. Checkpoint isn't compatible with anything and they take forever to change anything. You'd do better to try looking at the problem a different way. I forward my corporate mail to a private mail server which then forwards it to the phone.

Related

VPN problem

Hello,
I am having a problem with using an I-Mate Pocket PC 2003 to connect to my email using Secure Client for Checkpoint.
I am connecting to the internet using GPRS.
I have already upgraded my ROM version to 1.52 WWE , Radio Version to 1.10, Protocol version to 1337.18 and ExtROM 1.52.114
So any idea why is so or any recommendations for using other vpn clients to access the Checkpoint Firewall.
Thanks,
re: security problem
Security Guru, we are using connection manager to dial into our RSA & Radius authentication server without a VPN client. Works OK. We are encrypting data on device & sending then decrypting server side.
However, O2 were onsite yesterday to assist with monitoring our traffic flow & they use (for their own tech staff to access their environment) a movian VPN client to hit a Cisco concentrator. Movian client is available at certicoms website -
'http://www.certicom.com/index.php?action=product,secapps_index'
Not sure if the movian client will work with checkpoint but its worth a try.
Could you pls fwd me a link to download the checkpoint client & I'll try that against our firewall.
I have earlier version of ROM details for UK & will suss out most current.
Can you give me more info on your architecture? Win2003 servers, private apn, exchange, radius, checkpoint details, etc?
re: security problem
Security Guru, we are using connection manager to dial into our RSA & Radius authentication server without a VPN client. Works OK. We are encrypting data on device & sending then decrypting server side.
However, O2 were onsite yesterday to assist with monitoring our traffic flow & they use (for their own tech staff to access their environment) a movian VPN client to hit a Cisco concentrator. Movian client is available at certicoms website -
'http://www.certicom.com/index.php?action=product,secapps_index'
Not sure if the movian client will work with checkpoint but its worth a try.
Could you pls fwd me a link to download the checkpoint client & I'll try that against our firewall.
I have earlier version of ROM details for UK & will suss out most current.
Can you give me more info on your architecture? Win2003 servers, private apn, exchange, radius, checkpoint details, etc?

XDAII VPN Issue

Hi Everyone,
I recently purchased an XDAII and brought it to the states and am currently using it on AT&T's GSM/GPRS network. I can VPN into my corporate network and have validated a VPN Session on the server side...but for some odd reason I cannot hit my intranet site or any servers on my network. I think it is a setting I missed or configured incorrectly on my device. Anyone have any suggestions?
Any help would be greatly appreciated!
Thanks,
Richard
Richard, I'd be interested too, as it's exactly what I want to do. What VPN software are you using? I was planning on using the Secure Remote software, PDA version.
Can you get access to the firewall logs to see what is happening, any drop or messages, etc?
Securemote and Himalaya type phones
Guys, I have a similar problem and checkpoint doesn't currently himalayas!!!
Anybody has a solution?
Thanks
Moustapha
I know the problem
I know the problem(I think), it's the fact that using the default (built in) VPN client the XDAII doesn't pick up the subnet mask from the VPN, it generates it's own based on the class of IP address, setting nthe dhcp server to dish out class c addresses works on my set up - will keep you posted though!
got it working SecureClient 131/ NG FP3 SecureRemote / GPRS
Hi
I have installed the SecureClient for WM2003 Build 131 and the Firewall is a NG FP3 only with SecuRemote configured. First i needed to change the authenification schema on the firewall an enter a pre-shared secret. After that i was able to establish the vpn tunnel.
I tried putty and temrinal serrvice into the internal network and both was working . I just got a message that the secureclient was not able to download the client policy, but i just ignored that.
Hope this helps
Reto

WM 5.0 VPN Client from Bluefire

Hello,
on my search for a VPN Client for WM 5,0 I finally
found one. It´s Only a Trial-version but however it is the
only version i found that will be able to run under WM 5.0. If you know still different VPN software, which runs also under WM 5.0 please post it!
https://locustpoint1.bluefiresecurity.com/support/WM5_VPN/Bluefire Mobile VPN 2.2.0.190 wm5.exe
User: bfdownload
Password: 2$fireblue
Much fun!
Password not woring :-(
would like to try if possible..
Oh, they have closed the Download-Page...
See attachment!
AnthaVPN is also working on Wm5.
I should have been released a week ago (according to an e-mail I just received), but no info can be found on the website. :-(
This is interesting. I tried Cisco VPC, Antha VPN and Bluefire VPN on my Jasjar and in all cases the programm blocks both the phone mode and the GPRS/UMTS mode, even when the programm is switched off.
Only deleting the programm completely will restore both radio functions.
Any other experiences?
cyberdott said:
Oh, they have closed the Download-Page...
See attachment!
Click to expand...
Click to collapse
BLUEFIRE
IT works (on QTEK9000) with CISCO Gateway of my company;
ANTHAVPN
here the answer received today:
Dear sir,
We are in certificate process with Microsoft. We hope to release within two weeks. Thanks for your interest.
Regards
José González
Worldnet21 VPN Support
BLUEFIRE
IT works (on QTEK9000) with CISCO Gateway of my company;
Can you explain where and how you installed the program and and how you configured the settings. :lol:
Thanks
I installed the EXE downloaded in this thread; I used the usr/pwd (demo account) above.
The configuration reflects the params of my company's VPN (group, user, ike, IPSec...).
Working:
NCP Secure CE Client with a Cisco PIX
English page a little bit behind, german news say its working (and it does )
News-Link(german):
http://www.ncp.de/deutsch/home/shownews.html?show=38
Download Link:
http://www.ncp.de/english/services/testsoftware/index_entry.html
=) Georg
a little question...
does the 3 party vpn replace the ¨built in¨ vpn?
I use it with exceptions and my companies intranet adressers and servers..in the "connects to work" settings.
so if I installs a vpn from another company can use them settings there or how does the internet explorer or outlook connect to my intra net??
manually is not an optiion i think!!
ANTHAVPN beta 5.8
d.zee said:
This is interesting. I tried Cisco VPC, Antha VPN and Bluefire VPN on my Jasjar and in all cases the programm blocks both the phone mode and the GPRS/UMTS mode, even when the programm is switched off.
Only deleting the programm completely will restore both radio functions.
Any other experiences?
Click to expand...
Click to collapse
I received anthavpn beta version 5.8 for the WM2005, installed it on my JASJAR and I had to deinstall as I can't power ON the WLAN/WIFI. As d.zee, deleting the program WLAN/WIFI works on its normal behaviour...
Has anybody received also this beta version and played with it successfuly?
I had trouble installing bluefire to my SD card. Once the install was complete, it created a directory in my device called \Storage Card and renamed my SD to \Storage Card2. As you can imagine, this caused some issues. I had to go into and edit the registry and update the log file paths to \Program Files, remove the \Storage Card directory, and reset the device. Once I did that, my storage card came back, and I was still able to use the bluefire client.
Not sure if this helps anyone.
unstalling VPN BlueFire
Just to let you know, folks.
Unistalling Bluefire from an SD card is quite a nightmare.
I tried doing it from the "remove programs" on the JJ and from the ActiveSync removal tool... but no way..
When I contacted somebody from Bluefire I was answered that there was a problem with SD cards, that the problem was explained in the product documentation -never saw it when downloading the demo- and that their recommendation was to uninstall the software by hard resetting the machine!!...
A suggestion from the Support guy was to install it again -on the device- and the uninstall the whole thing... he was not sure it would clean the registry, etc.
Just to let you know

VPN Client For Cisco Concentrator

While I was looking for a *working* VPN client solution to work with a Cisco concentrator, I found a couple of potential solutions:
1. Bluefire VPN client (http://www.bluefiresecurity.com/)
2. AnthaVPN (http://www.anthavpn.com/webmaker/portal/wmlink_360)
Both claim to work with the Cisco concentrator (3000 series to be precise). Before I go ahead and install either/both on my MDA Pro (with Imate ROM), I was wondering if anyone had any good/bad things to say about the software?
Any help would be appreciated.
here's an update:
I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.
I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:
39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!
Anyone got any suggestions on how to get around this?
rukna said:
here's an update:
I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.
I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:
39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!
Anyone got any suggestions on how to get around this?
Click to expand...
Click to collapse
Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none
rukna said:
here's an update:
I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.
I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:
39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!
Anyone got any suggestions on how to get around this?
Click to expand...
Click to collapse
Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none
Did you try the VPN client from APANI
There is a trial version for CISCO VPN 3000 Series for PDA and Mac
http://www.apani.com/vpnclients.html
italos said:
Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none
Click to expand...
Click to collapse
I tried that already, didn't work. It may just be issues with the configuration on the concentrator. I'm going to play with it this weekend to see if I get anywhere. Thanks for the reply, nonetheless.
pierrelp1 said:
Did you try the VPN client from APANI
There is a trial version for CISCO VPN 3000 Series for PDA and Mac
http://www.apani.com/vpnclients.html
Click to expand...
Click to collapse
I filled out an eval request yesterday with Apani and got the instructions to download the client this morning. I'll install it over the weekend to see if it works "out of the box". Thanks for the suggestion, dude!
It appears that Apani doesn't really support the universal. Got the following from one of their support reps. Back to the drawing board, I guess.
The Client does not support the use of Windows Mobile 5. We currently
support Windows Mobile 2003 only.
Sincerely,
Janet
Apani Networks
[email protected]
714-674-1700
Click to expand...
Click to collapse
Bluefire VPN
be careful when installing Bluefire... It is a mess if you install it on the SD card..
it's a nuisance to uninstall it... all advice i got from "Bluefire support" was to try a hard reset.... most helpfull
(apparently this problem is well explained in their "product documentation"... but no solution has been found.. yet
NCP Secure Entry Client works
Have a working environment against a CISCO-PIX with NCP
http://www.ncp.de/english/services/testsoftware/index_entry.html
=) Georg
I got the BlueFire client to work finally! I had to enable the PFS (Perfect Forward Secracy) on the concentrator along with the encryption set to 1024 bits on my group profile.
After I got past that, I got the DirectPush client to work with my exchange server! Now I can confidently say this phone has been worth it for me!
OpenVPN
FYI - I just came across this openVPN port for windows mobile and thought it might be of interest for some of you guys:
http://www.ziggurat29.com/OVPNPPCAlpha/OVPNPPCAlpha.htm
Its still in the alpha stage and is continually being worked on by the author, David G. Lemley, III
I am in the same boat - need to use IPsec VPN to connect to our corporate Exchange server.
I am testing BlueFire 2.3.0 client for more than a week now. Overall it is very good - it does its job done. But after running it extensively for a week I discovered several issues with it, mostly cosmetic, but they are really annoying. Especially, if you want to have Direct Push. Those issues are:
1. "Save credentials for auto-reauthentication" does not work - you have to enter your password every time you connect.
2. It does not reconnect on its own, if it looses the connection (i.e. EDGE/GPRS goes down temporarily)
3. Detection of disconnect is not very reliable - sometimes when you loose signal and GPRS connection wants to disconnect, it cannot do it because of VPN still thinks it is connected and prevents GPRS from reconnecting.
4. Extensive use of on-screen push-buttons instead of soft-keys. And soft-keys are mapped to rarely used functions, like About - poor interface design. It woldn't be so bad, if the VPN client was not requiring user interaction to reconnect and authenticate...
5. After several minutes of standby, it brings its window on top of Today screen, kinda like letting user know that he better check his tunnel/connection, because it could be already disconnected... In most cases it is not true, because the unit wakes half the way up every several minutes to check email or sent a heat-beat packet, which keeps connection up (this only applies to GPRS/EDGE connection and not WiFi, unfortunatelly). But sometimes the VPN tunnel becomes dead, and you have to click "Disconnect", "Connect" and enter your password again.
Ok, that is my impression about BlueFire VPN client. Now the question is - is there any better IPsec client for PPC (WM5), which allows you to have Direct Push email over IPsec all day long without your intervention to check the connection status and reconnect manually?
Thanks for your time.
Im also trying to connect to our corporate network using a vpn client.
with my laptop i usually do this with the cisco vpn client and a very simple configuration.
My target is doing the same with the universal.
I tried Bluefire VPN, and AnthaVPN.
Eventhough i tried a lot of times, i couldn't make a connection with bluefire
With Antha, the results were better. I could connect , but after installing it, wifi stop working, and the active sync, sometimes doesnt recognize the device ( i saw in this forum somebody with exactly the same problem).
Is there anybody that use Antha in Universal without problems?
I checked the official web of Antha, and universal is not supported.
Do you know any other vpn software that works with Cisco?
Thanks

Sinchronize pda with web exchange

Hi Guyz,
i have an HTC Trinity with latest rom released from italian distributor, just flashed three days ago.
Everythings are working fine but i cannot set a configuration for sinchronization of my company's web exchange server.
We have Exchange Server 2003 with SP2 and gate 443 already enable, but nothing....with Active Sync, during server's configuration, i cannot see any web server at typed address.
Web addressm user id and password are right.
Someone can give me a procedure for this setup? Any suggestion??
Many thanks.
Marco
Hi there, take a look at this:
http://www.msexchange.org/tutorials/Configuring-Mobile-Devices-Exchange2003.html
and this:
http://www.msexchange.org/tutorials/Managing-Mobile-Access-Exchange-Server-2003.html
or (absolutely recommended) try olx mobile access at www.gangl.de. this works perfect an it's easy to configure. Don't mind the german website for the application ist in english. 30-days trial for download.
Best regards.
There is a known Issue connecting with Exchange with ActiveSync and OMA
If your Exchange server is set up to use Forms-Base authentication(must be used to enable compression of static and dynamic data from the exchange server), ActiveSync and OMA will fail. This is a know issue. ActiveSync and OMA use WebDav to authenticate the user with NTFS permissions. Forms-Based authentication blocks this. Another virtual directory must be made for devices that use WebDav to authenticate with. Two places that discuss this issue and how to work around it are...
http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_in_activesync.htm
and at Microsoft:
http://support.microsoft.com/Default.aspx?kbid=817379
Sean Beeson

Categories

Resources