My phone is really like a small computer (HTC Advantage x7510) and I would really like to be able to connect it to my company's corporate VPN. A typical windows/mac/linux client connects with Cisco's AnyConnect software, and while Cisco released a version of AnyConnect with the iPhone, they didn't for Windows Mobile 6.1. The problem as I understand it is that Windows Mobile natively supports PPTP and L2TP/IPSec connections while the Cisco implementation wants pure IPSec. The authentication scheme that we use is certificate based and then user/pass based. I created a user certificate on my desktop and then exported it to a .pfx (PKCS #12 Container) file and then imported it on my mobile device.
I have tried The Green Bow, but I have been unable to get this to work... The app seems rather buggy and I can't even save off the log properly to find out why it isn't working.
http://www.thegreenbow.com/mobile.html
Bluefire seemed like it would do the trick, but after I tell it what Certificate to use and click Finish, it tosses out an error: "An internal error has occurred while processing your request. Please contact the system administrator". It appears that Bluefire Security has disappeared, at least from the web.
Anatha VPN seemed like it would be an option, however the UI seems buggy because I can't get the dropdowns to work in the configuration (using any DPI setting in realvga). Either the Gateway dropdown or the Gateway Type dropdown do not work... it varies.
http://www.anthasoft.com/anthavpn-virtual-private-network.php
Does anyone have a solution? Free or commercial... doesn't matter.
Latest version of NCP VPN works very very well for Cisco IPSec, you can download a trial version which is valid for a few days. not buggy, but commercial....
http://www.ncp-e.com/en.html
padanfain said:
My phone is really like a small computer (HTC Advantage x7510) and I would really like to be able to connect it to my company's corporate VPN. A typical windows/mac/linux client connects with Cisco's AnyConnect software, and while Cisco released a version of AnyConnect with the iPhone, they didn't for Windows Mobile 6.1. The problem as I understand it is that Windows Mobile natively supports PPTP and L2TP/IPSec connections while the Cisco implementation wants pure IPSec. The authentication scheme that we use is certificate based and then user/pass based. I created a user certificate on my desktop and then exported it to a .pfx (PKCS #12 Container) file and then imported it on my mobile device.
I have tried The Green Bow, but I have been unable to get this to work... The app seems rather buggy and I can't even save off the log properly to find out why it isn't working.
http://www.thegreenbow.com/mobile.html
Bluefire seemed like it would do the trick, but after I tell it what Certificate to use and click Finish, it tosses out an error: "An internal error has occurred while processing your request. Please contact the system administrator". It appears that Bluefire Security has disappeared, at least from the web.
Anatha VPN seemed like it would be an option, however the UI seems buggy because I can't get the dropdowns to work in the configuration (using any DPI setting in realvga). Either the Gateway dropdown or the Gateway Type dropdown do not work... it varies.
http://www.anthasoft.com/anthavpn-virtual-private-network.php
Does anyone have a solution? Free or commercial... doesn't matter.
Click to expand...
Click to collapse
I am not sure who told you there wasn't a Windows Mobile version of the Cisco AnyConnect VPN Client because there is. There are Windows versions, Intel & PowerPC Mac OS X versions, Linux versions and Windows Mobile 5/6 versions available. I can't however see an iPhone version.
The current version for all platforms is 2.3.0254. The release notes are here:
http://www.cisco.com/en/US/docs/sec...nyconnect23/release/notes/anyconnect23rn.html
Andy
AnyConnect VPN Client is available for WM Pro, but it does not support IPSec...
The Anyconnect from Cisco doesnt work with the concentrators.
tenser234 said:
The Anyconnect from Cisco doesnt work with the concentrators.
Click to expand...
Click to collapse
No it doesn't. The 3000 series concentrators have been EOL for a while. The AnyConnect client is for use with IOS Routers and ASA Firewalls (plus the PIX but this is EOL as well). You can use the native L2TP/IPSec client in WM5/6 with the 3000 Concentrator though (as you can with IOS & the ASA).
Andy
We have a trial mobile agent setup and I have anyconnect installed and configured on my phone. I am able to establish a VPN over HSPDA and I can hit internal web pages via IE, but I am unable to RDP or SSH anywhere. Is anyone using anyconnect and able to do these things?
padanfain said:
We have a trial mobile agent setup and I have anyconnect installed and configured on my phone. I am able to establish a VPN over HSPDA and I can hit internal web pages via IE, but I am unable to RDP or SSH anywhere. Is anyone using anyconnect and able to do these things?
Click to expand...
Click to collapse
I know this is really old, but I was looking for some ipsec stuff for home. However I do use AnyConnect for SSL work vpn and I can RDP and SSH just fine.
The AnyConnect SSL Mobile client works great with the ASA 5500's. Does anyone know what it takes to fool the router into thinking a mobile device is not VPN'ing in? You need a Windows Mobile AnyConnect license installed to make the Windows Mobile client connect. We do not own any at the moment and I'm eager to see it work.
Ok I've got my ASA 5510 working perfectly using Windows Mobile and Bluefire IPSec vpn. We normally run SSL Vpn but keep Ipsec open for site to site VPN as well as mobile VPN. I got a quote on Cisco SSL AnyConnect mobile licenses on the firewall and they are $100 a pop. But if you're looking for a great IpSec client that works go with Bluefire...
Related
While I was looking for a *working* VPN client solution to work with a Cisco concentrator, I found a couple of potential solutions:
1. Bluefire VPN client (http://www.bluefiresecurity.com/)
2. AnthaVPN (http://www.anthavpn.com/webmaker/portal/wmlink_360)
Both claim to work with the Cisco concentrator (3000 series to be precise). Before I go ahead and install either/both on my MDA Pro (with Imate ROM), I was wondering if anyone had any good/bad things to say about the software?
Any help would be appreciated.
here's an update:
I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.
I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:
39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!
Anyone got any suggestions on how to get around this?
rukna said:
here's an update:
I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.
I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:
39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!
Anyone got any suggestions on how to get around this?
Click to expand...
Click to collapse
Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none
rukna said:
here's an update:
I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.
I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:
39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!
Anyone got any suggestions on how to get around this?
Click to expand...
Click to collapse
Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none
Did you try the VPN client from APANI
There is a trial version for CISCO VPN 3000 Series for PDA and Mac
http://www.apani.com/vpnclients.html
italos said:
Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none
Click to expand...
Click to collapse
I tried that already, didn't work. It may just be issues with the configuration on the concentrator. I'm going to play with it this weekend to see if I get anywhere. Thanks for the reply, nonetheless.
pierrelp1 said:
Did you try the VPN client from APANI
There is a trial version for CISCO VPN 3000 Series for PDA and Mac
http://www.apani.com/vpnclients.html
Click to expand...
Click to collapse
I filled out an eval request yesterday with Apani and got the instructions to download the client this morning. I'll install it over the weekend to see if it works "out of the box". Thanks for the suggestion, dude!
It appears that Apani doesn't really support the universal. Got the following from one of their support reps. Back to the drawing board, I guess.
The Client does not support the use of Windows Mobile 5. We currently
support Windows Mobile 2003 only.
Sincerely,
Janet
Apani Networks
[email protected]
714-674-1700
Click to expand...
Click to collapse
Bluefire VPN
be careful when installing Bluefire... It is a mess if you install it on the SD card..
it's a nuisance to uninstall it... all advice i got from "Bluefire support" was to try a hard reset.... most helpfull
(apparently this problem is well explained in their "product documentation"... but no solution has been found.. yet
NCP Secure Entry Client works
Have a working environment against a CISCO-PIX with NCP
http://www.ncp.de/english/services/testsoftware/index_entry.html
=) Georg
I got the BlueFire client to work finally! I had to enable the PFS (Perfect Forward Secracy) on the concentrator along with the encryption set to 1024 bits on my group profile.
After I got past that, I got the DirectPush client to work with my exchange server! Now I can confidently say this phone has been worth it for me!
OpenVPN
FYI - I just came across this openVPN port for windows mobile and thought it might be of interest for some of you guys:
http://www.ziggurat29.com/OVPNPPCAlpha/OVPNPPCAlpha.htm
Its still in the alpha stage and is continually being worked on by the author, David G. Lemley, III
I am in the same boat - need to use IPsec VPN to connect to our corporate Exchange server.
I am testing BlueFire 2.3.0 client for more than a week now. Overall it is very good - it does its job done. But after running it extensively for a week I discovered several issues with it, mostly cosmetic, but they are really annoying. Especially, if you want to have Direct Push. Those issues are:
1. "Save credentials for auto-reauthentication" does not work - you have to enter your password every time you connect.
2. It does not reconnect on its own, if it looses the connection (i.e. EDGE/GPRS goes down temporarily)
3. Detection of disconnect is not very reliable - sometimes when you loose signal and GPRS connection wants to disconnect, it cannot do it because of VPN still thinks it is connected and prevents GPRS from reconnecting.
4. Extensive use of on-screen push-buttons instead of soft-keys. And soft-keys are mapped to rarely used functions, like About - poor interface design. It woldn't be so bad, if the VPN client was not requiring user interaction to reconnect and authenticate...
5. After several minutes of standby, it brings its window on top of Today screen, kinda like letting user know that he better check his tunnel/connection, because it could be already disconnected... In most cases it is not true, because the unit wakes half the way up every several minutes to check email or sent a heat-beat packet, which keeps connection up (this only applies to GPRS/EDGE connection and not WiFi, unfortunatelly). But sometimes the VPN tunnel becomes dead, and you have to click "Disconnect", "Connect" and enter your password again.
Ok, that is my impression about BlueFire VPN client. Now the question is - is there any better IPsec client for PPC (WM5), which allows you to have Direct Push email over IPsec all day long without your intervention to check the connection status and reconnect manually?
Thanks for your time.
Im also trying to connect to our corporate network using a vpn client.
with my laptop i usually do this with the cisco vpn client and a very simple configuration.
My target is doing the same with the universal.
I tried Bluefire VPN, and AnthaVPN.
Eventhough i tried a lot of times, i couldn't make a connection with bluefire
With Antha, the results were better. I could connect , but after installing it, wifi stop working, and the active sync, sometimes doesnt recognize the device ( i saw in this forum somebody with exactly the same problem).
Is there anybody that use Antha in Universal without problems?
I checked the official web of Antha, and universal is not supported.
Do you know any other vpn software that works with Cisco?
Thanks
Does anyone know:
Is it possible to do Group Authentication with the built-in VPN client? My work network uses a Cisco VPN and I've managed to extract out of our IT department the Group name and Password but I can't figure out how to enter this onto the Exec - it offers me "A certificate on this device" or "A pre-shared key" and entering the password into the pre-shared key doesn't seem to work. Our IT department tells me that the Exec is unsupported and won't give me any help so anyone out there know how to do this?
If it's not possible, anyone recommend a good VPN client for connecting to a Cisco VPN?
Thanks
G
Anybody?
My work uses group authentication also. Does anyone know a good vpn client that will work with group authentication?
There is a Cisco ICA/Xen/client for ARM PDA here: http://www.citrix.com/English/ss/downloads/details.asp?downloadId=3607&productId=186#top
Is this what you are looking for?
interesting..
I didn't know there was a citrix client for WM. My work also uses citrix. The only problem is in order to connect with the citrix client I must have a VPN tunnel first . My work uses Cisco VPN Group Authentication. I have not yet found a VPN client for WM that will allow Cisco group authentication. If anyone knows of one, PLEASE let me know.
Thanks wovens for the citrix client. That will be neat to try if I can ever get a VPN tunnel setup.
FOUND IT!
I finally found a VPN client that will work with Cisco group authentication. It is Bluefire Mobile Security VPN. One thing I found is that after you connect you must press the END key to get out of the client because pressing the x will kill the client. Works Great!
The only problem is the company went out of business (http://www.bluefiresecurity.com). I was able to find the .cab, but not sure if it is against forum rules to post it... Can a mod please inform me, thx.
Does your company use Cisco SSL Vpn by chance? It's the way Cisco is leaning as is with less support for the ipsec since they can make more money off of licensing.
Anyhow if your company does use SSL VPN, Cisco's anyconnect client supports Windows mobile. I have been using it and it works good for what I use it for (primarily SSH, but for kicks I tried remote desktop and it worked good too).
McGeezy said:
I finally found a VPN client that will work with Cisco group authentication. It is Bluefire Mobile Security VPN. One thing I found is that after you connect you must press the END key to get out of the client because pressing the x will kill the client. Works Great!
The only problem is the company went out of business (http://www.bluefiresecurity.com). I was able to find the .cab, but not sure if it is against forum rules to post it... Can a mod please inform me, thx.
Click to expand...
Click to collapse
this website of "bluefiresecurity.com can not the opened. would u pls post it here with the cab file? thanks a lot.
BlueFire VPN Client
http://rapidshare.com/files/8640811....5.706.XScale.WM5.WM6.Regged.DIRFIX-DVTPDA.ra
There are a lot of files, rar files within zip files, but the cab for the vpn client is there, name: MobileVPN.27.5.706.ARM.PPC.Client.cab
I recently purchased a tmobile mda and was trying to access my campus's network. But when I logged on, the only page I could view was about downloading a vpn client for multiple os's (but no windows mobile) to use the network.
Is there a vpn client for windows mobile?
Any help would be great.
Thanks!
There's a built-in client that will handle L2TP and PPTP VPNs. If you go into Settings/Connections and click "Edit my VPN servers" you can configure the client for your VPN. It's worth a try.
Tried that, didn't work... I decided to ask my University about their network, they said it was a cisco 3000 or something... And also informed me that "to their knowledge" the windows mobile 5 built in client isn't compatible...
I then went to the College of computer science help desk to see if some peers could help me. They said someone had bought a $100 program to be able to connect to the concentrator but didn't know who made it or where to get it.
Does anyone know of such a thing? Or a cheaper alternative?
AnthaVPN
I have found AnthaVPN wich is about from 40$ to 100$ depending what you need.
I'm trying also to open VPN without this IMHO too expensive solution. But if it's the only way - then I need to buy....
Maybe some kind of tunneling from own Linux-server (With Swan) might be the free solution....
I have been testing Bluefire Security's VPN and it works great, but my employer is using a Nortel system sio I cannot comment on the Cisco compatibility. It costs $79. I have also tries Antha but is cause problems enabling Wifi and Gprs.
John
Long time I could’t make connection with the built-in VPN client. After the latest ROM update from Qtek it works (I tested only PPTP). I can make VPN to SBS server and Windows XP. Also I can use Terminal Services true VPN connection.
The only thing I can’t get working is to access network shares (I tried GSFinder+ and NetUse).
Guka
Hi,
I try to establish a vpn connection to our company-VPN.
VPN Gateway is a cisco device. "Normal" connection via notebook with cisco vpn client works.
On my TyTN i installed ncp client. But i dont know how to configure the cisco settings.
On Cisco VPN Client:
- IP Adress of Gateway
- Group Authentication
- Transport IPSec over UDP
On ncp VPN Client:
- IP Adress of Gateway is easy to find
But i cannot assign the other settings. NCP Client has a lot of settings.
Has anybody success to establish vpn connection via windows Mobile to a cisco Gateway ?
Got it. Not the vpn Client was the problem.
The Blackberry connect SW (disabled!) prevented connection via vpn.
Deinstallation of BB Connect und vpn Client from Bluefire works fine.
What did you use as the VPN client to connect into the cisco gateway?
Do you use a RSA secureID token?
I am tring to get a VPN connection running from my HTC p3600i, WM6.
New VPN Client
Since a few days i use another VPN Client: www.ncp.de
Works fine. We do not user RSA Token. Only Group Authentication (free string to identify groups) and XAUTH - user/password.
WinnieK said:
Since a few days i use another VPN Client: www.ncp.de
Works fine. We do not user RSA Token. Only Group Authentication (free string to identify groups) and XAUTH - user/password.
Click to expand...
Click to collapse
Can you write your settings? I can't configre this
Any ideas on a MPPE PPTP VPN via WM6? I have been trying to get this to work for months and can't. I am operating under the presumption that the VPN client in WM5/6/6.1 doesn't support MPPE and I am therefor up S#!T creek without a 3rd party dialer...
(It is a VPN connection to my work and yes as sorry as this is they still use an encrypted PPTP connection for all of their VPN connections. If they would just move on to something a LITTLE more current L2TP/IPsec I wouldn't be having any of these problems...)
But is there such a thing as a 3rd party PPTP VPN client for WM5/6/6.1 I haven't been able to find one...
TIA~
WinnieK said:
Since a few days i use another VPN Client: www.ncp.de
Works fine. We do not user RSA Token. Only Group Authentication (free string to identify groups) and XAUTH - user/password.
Click to expand...
Click to collapse
kindly can you show where to set the Group Authentication ?!!!
New(ish) Cisco AnyConnect VPN Client
Cisco have released an AnyConnect VPN client for Windows Mobile 5/6 (version 2.3.185). This is specifically targetted towards the ASA 5500 platform as the VPN server, however it should also work with IOS VPN devices (I am told?).
I haven't tried it, however I have seen it demonstrated and it all seemed to work.
Personally I prefer the integrated L2TP/IPSec VPN client and have posted previously on how to get this working with Cisco PIX 6.3, ASA/PIX 7.x and IOS devices.
Andy
AnyConnect VPN client will support only SSL VPN, that avaiable on Cisco ASA and IOS from 12.4(20)T or later.
Can I have two VPN connections to two different places on the same computer?
I work at two different medical facilities. I have a VPN connection to one and I'm trying to set up one for the other. When I'm in the New Connection Wizard and I pick "automatically dial connection", it makes me pick the medical facility that I already had on the computer to "automatically dial" when trying to create this new one.
cool vpn has given the users privilege to surf internet with freedom and security Thanks to VPN
HI to all
I am looking for a working VPN Client (the Iphone has one which is working) to connect my Touch Cruise to the intranet of my firm.
I read that NCP has one, but it is quite expensive ...
is there any other solucion?
For free?
Shrew is working fine on my laptop, but y would like to check something out of mi WinMo Polaris.
I actually am using WinMo 6.1 but if necessary I also could change to 6.5
Thanks
Isidar
OpenVPN has a free client for WinMo but I don't know if it will work for your VPN, give it a shot.
you can use hamachi-0.0.3.1
http://rapidshare.com/files/83751409/hamachi-0.0.3.1.rar (for your mobile)
https://secure.logmein.com/products/hamachi/list.asp (for your pc)
clmbngbkng said:
OpenVPN has a free client for WinMo but I don't know if it will work for your VPN, give it a shot.
Click to expand...
Click to collapse
i think openvpn is not compatible with cisco vpn since cisco uses ipsec and openvpn uses a simply tunnel created on udp port 1194 (no need for gre,ike,or pptp port's/protocols open).
it's much simpier but work very well and just with the p12 certificate (ok my certificate is 2048bit so i think it is minimally secure, nothing like a dynamic generated rsa key but even better than just a ssh tunnel or something like).
Back in the days of Windows Mobile 2003 I used to use "MovianVPN" to connect to my university network. The software is now superseded by AnthaVPN (www.anthasoft.com). It is designed for Windows Mobile 5 and they have no mention of WM6 compatibility, but I think its worth a shot.
I also read about another product called "Bluefire VPN", but I can't seem to find it online at the moment.
Edit: The above solutions are not free, but the price might be refundable by your company.
Cisco AnyConnect for Pocket PC
There is an application from Cisco itself that you can download and try.
It's based an Cisco's new Anyconnect module
anyconnect-wince-ARMv4I-activesync-2.3.2016-k9.msi
http://cisco.quanza.net/anyconnect-wince-ARMv4I-activesync-2.3.2016-k9.msi
The website http://www.tycoon.mxm.cx/ has a couple of VPN software apps for all OS
Shawn Botha said:
There is an application from Cisco itself that you can download and try.
It's based an Cisco's new Anyconnect module
anyconnect-wince-ARMv4I-activesync-2.3.2016-k9.msi
http://cisco.quanza.net/anyconnect-wince-ARMv4I-activesync-2.3.2016-k9.msi
The website http://www.tycoon.mxm.cx/ has a couple of VPN software apps for all OS
Click to expand...
Click to collapse
The Cisco device at the other end has to be setup for SSL VPN otherwise Anyconnect does not work. This is somewhat new and SSL VPN licenses are expensive.
Personally I use AnthaVPN on my HTC Touch (WinMo 6.1 Pro) and it works great with our IPSec Cisco VPN (the old way since we're too cheap to buy the licenses for the SSL VPN).
EDIT: And if your company is setup for SSL VPN, you should not need to download a client. Your admin should give you a website and it connects to the router/firewall/VPN concentrator and downloads the proper client for you. Better than going to some random site to download something.
The integrated L2TP/IPSec client?
I have posted previously on here about VPN clients and Cisco Routers & Firewalls. The integrated L2TP/IPSec client works with both Cisco PIX/ASA Firewalls as well as IOS Routers - it is dependant on how these are configured though. I posted two configurations from PIX 6.3(5) and PIX 7.2(4) - both of which I had working. It seems there are some limitations when setting up groups however my testing didn't include this.
http://forum.xda-developers.com/showthread.php?t=444948&highlight=Cisco
I was going to test the Group issues someone reported but never got around to it - I have a full-time job as well
Andy
Shawn Botha said:
There is an application from Cisco itself that you can download and try.
It's based an Cisco's new Anyconnect module
anyconnect-wince-ARMv4I-activesync-2.3.2016-k9.msi
http://cisco.quanza.net/anyconnect-wince-ARMv4I-activesync-2.3.2016-k9.msi
The website http://www.tycoon.mxm.cx/ has a couple of VPN software apps for all OS
Click to expand...
Click to collapse
Cisco nice good work,try it with my Dopod and router working.
thank you guys to put the links.
AnyConnect Secure Mobility Client 2.5
Hi guys
Could anyone post the link for Cisco AnyConnect Secure Mobility Client 2.5 as it is one of the only vpn client solutions having WM6.5 and Cisco routers work together
Could you propose any other solution for WM6.5 and Group authentication cisco servers
Thanks
I have just downloaded the AnyConnect Secure Mobility Client, v2.5 and it works a treat thanks for this post, it was released in Aug and works with 6.5
Please note, i legally have a CCO account and valid service contracts for Cisco ASA and VPN gateways.
To the previous poster, please buy relevant CCO access to download.