1. lowtrac's Avatar
    I'm having a problem getting this to work. I can't get it to work on my Torch either, so I'm thinking it must be with my concentrator. It's a 3005 running release 3.5.2. I don't have any problems with PC clients.

    Maybe I'm having a problem translating what the concentrator calls things in the IKE proposals and Security Associations vs. what they're called on the PlayBook. My 3005 is pretty vanilla though, so I would think the "GatewayType 3000 series" would take care of it.

    Can somebody give me a rundown of your 3000 series config and the settings you're using on the PB?
    05-03-11 09:16 AM
  2. lowtrac's Avatar
    I'm using pre-shared keys and not certs. I set up a new group, IKE proposal, and SA yesterday to test. Here's all the settings I'm using on the 3005:

    **IKE Proposal**
    Proposal Name: blackberry
    Authentication Mode: Preshared Keys
    Authentication Algorithm: MD5/HMAC-128
    Encryption Algorithm: DES-56
    Diffe-Hellman Group: Group 2 (1024-bits)
    Lifetime Measurement: Time
    Data Lifetime 10000
    Time Lifetime 86400

    **Security Association**
    SA Name: blackberry
    Inheritance: From Rule
    *IPSec Parameters*
    Authentication Algorithm: ESP/MD5/HMAC-128
    Encryption Algorithm: DES-56
    Encapsulation Mode: Tunnel
    Perfect Forward Secrecy: Disabled
    Lifetime Measurement: Time
    Data Lifetime 10000
    Time Lifetime 28800
    *IKE Parameters*
    IKE Peer: 0.0.0.0
    Negotiation Mode: Main
    Digital Certificate: None (Use Preshared Keys)
    Certificate Transmission: Identify certificate only
    IKE Proposal: blackberry
    05-03-11 09:39 AM
  3. lowtrac's Avatar
    Ok. Turns out I hadn't applied settings in the group config for SA. I did that, and I'm connected on my Torch. Still no dice on the PB. Settings appear to be the same with the exception of the lifetimes and keepalive shown on the PB which aren't visable on the Torch.

    The killer is that nothing is showing up in my live event log on the 3005 when the playbook tries to connect.
    05-03-11 10:26 AM
  4. theguz4l's Avatar
    I am able to connect to my Cisco 3000 concentrator, but once I disconnect I can't reconnect until a hard reset. Anyone else have this issue connecting/reconnecting?
    Last edited by theguz4l; 05-03-11 at 10:30 AM.
    05-03-11 10:28 AM
  5. lowtrac's Avatar
    Did you use the basic or advanced settings on the PlayBook?
    05-03-11 09:26 PM
  6. UnifiedTechs's Avatar
    Long shot but anyone get this working with ZyWALL USG series routers? I haven't even started looking at it yet because there is no way to browse files anyways... but If someone got it working already I'd rather not reinvent the wheel.
    05-03-11 09:53 PM
  7. lowtrac's Avatar
    Just to update this, I submitted a support request to RIM. After an initial response sending me to the KB article about importing certificates, i forwarded them configs and logs. They escalated the ticket, so we'll see where it goes from here.
    05-06-11 03:42 PM
LINK TO POST COPIED TO CLIPBOARD