PIX and Nokia Communicator 9500/9300(i)

Discussion in 'Cisco' started by Jyri Korhonen, Mar 8, 2006.

  1. It seems that the only Cisco products that Nokia officially
    supports are the Cisco VPN 3000 Series Concentrators. However
    with a little help from Nokia I did succeed in making Nokia
    VPN client work with PIX 6.3(5). So I decided to post some
    instructions.

    In PIX I used a simple configuration with pre-shared keys, DES,
    MD5 and Diffie-Hellman goup 2, but Nokia's client supports
    also the alternatives (3DES, AES, SHA-1, 1536-bit groups,
    NAT-Traversal etc.).

    The hard part is the phone and the hardest part was finding
    how you should begin. Basically you'll need:

    - Nokia Communicator 9500/9300(i)
    - Nokia PC Suite program for your Communicator (usually
    comes with the phone)
    - Nokia VPN Client for your Communicator (downloadable
    from Nokia's pages)
    - MAKESIS.EXE - a command line program for creating
    Symbian Software Installation (SIS) files. I don't
    know how you can get this easily. I had to download
    a 127 MB Symbian SDK from http://www.forum.nokia.com
    to get this program (size about 300 kB).
    - a text editor like Notepad

    Then you create three text files (below), put them in the same
    folder as MAKESIS.EXE, run

    makesis VPN-policy-preshared-Cisco.pkg

    to create the SIS installation pakage and install the pakage
    into your phone. Finally you create a new VPN Access Point in
    your phone, select the VPN policy you just installed to the
    new VPN Access Point and you are ready.

    The three text files are

    VPN-policy-preshared-Cisco.pin
    VPN-policy-preshared-Cisco.pol
    VPN-policy-preshared-Cisco.pkg

    The contents of the files you can see below. Note that
    you must edit the .pol file to match the configuration
    of your PIX. I have added comments to the .pol file
    and marked them with a star (*). Remove the comments.

    ---
    VPN-policy-preshared-Cisco.pin

    [POLICYNAME]
    VPN Policy
    [POLICYDESCRIPTION]
    VPN-policy-preshared-cisco.pol for Nokia Mobile VPN Client v3.0.
    [POLICYVERSION]
    1.1
    [ISSUERNAME]
    Do not edit
    [CONTACTINFO]
    Do not edit


    VPN-policy-preshared-Cisco.pol

    SECURITY_FILE_VERSION: 3
    [INFO]
    VPN-policy-preshared-cisco.pol for Nokia Mobile VPN Client v3.0.
    [POLICY]
    sa ipsec_1 = {
    esp
    encrypt_alg 12 * 2=DES, 3=3DES, 12=AES
    max_encrypt_bits 256 * needed only for AES, remove if not
    auth_alg 3 * 2=MD5, 3=SHA-1
    identity_remote 0.0.0.0/0 * remote network
    pfs * can be removed if PFS is not in use
    src_specific
    hard_lifetime_bytes 0
    hard_lifetime_addtime 3600
    hard_lifetime_usetime 3600
    soft_lifetime_bytes 0
    soft_lifetime_addtime 3600
    soft_lifetime_usetime 3600
    }

    remote 0.0.0.0 0.0.0.0 = { ipsec_1(123.45.67.89) }
    * remote network and address of the PIX
    inbound = { }
    outbound = { }

    [IKE]
    ADDR: 123.45.67.89 255.255.255.255 * PIX
    MODE: Aggressive * other is MAIN
    SEND_NOTIFICATION: TRUE
    ID_TYPE: 11 * do not touche
    FQDN: PreSharedGroup * name of the vpngroup
    GROUP_DESCRIPTION_II: MODP_1536 * for DH group 2 use 1024
    USE_COMMIT: FALSE
    IPSEC_EXPIRE: FALSE
    SEND_CERT: FALSE
    INITIAL_CONTACT: FALSE
    RESPONDER_LIFETIME: TRUE
    REPLAY_STATUS: TRUE
    USE_INTERNAL_ADDR: FALSE
    USE_NAT_PROBE: FALSE * do not touche
    ESP_UDP_PORT: 0 * do not touche
    NAT_KEEPALIVE: 60
    USE_XAUTH: TRUE * true or false
    USE_MODE_CFG: TRUE * true or false
    REKEYING_THRESHOLD: 90
    PROPOSALS: 1
    ENC_ALG: AES256-CBC * I used DES-CBC
    AUTH_METHOD: PRE-SHARED
    HASH_ALG: SHA1
    GROUP_DESCRIPTION: MODP_1536 * for DH group 2 use 1024
    GROUP_TYPE: DEFAULT
    LIFETIME_KBYTES: 0
    LIFETIME_SECONDS: 28800
    PRF: NONE
    PRESHARED_KEYS:
    FORMAT: STRING_FORMAT
    KEY: 8 password * the number is the lenght of the password


    VPN-policy-preshared-Cisco.pkg

    ;
    ; A VPN POLICY PACKAGE
    ;

    ; LANGUAGES
    ; - None (English only by default)

    ; INSTALLATION HEADER
    ; - Only one component name is needed to support English only
    ; - UID is the UID of the VPN Policy Installer application
    #{"VPN Policy"},(0x1000597E),1,0,0,TYPE = SISCONFIG

    ; LIST OF FILES

    ; Policy file
    "VPN-policy-preshared-Cisco.pol"-"C:\System\Data\Security\Install\VPN-policy-preshared-Cisco.pol"

    ; Policy-information file
    ; - NOTE: The policy-information file MUST be the last file in this
    ; list!
    ; - FM (FILEMIME) passes the file to the respective MIME handler
    ; (in this case, the VPN Policy Installer
    ; application).
    "VPN-policy-preshared-Cisco.pin"-"C:\System\Data\Security\Install\VPN-policy-preshared-Cisco.pin",
    FM, "application/x-ipsec-policy-info"

    ; REQUIRED FILES
    ; - The VPN Policy Installer application
    (0x1000597E), 1, 0, 0, {"VPN Policy Installer"}
     
    Jyri Korhonen, Mar 8, 2006
    #1
    1. Advertising

  2. Jyri Korhonen

    mikerayjones

    Joined:
    Sep 12, 2006
    Messages:
    1
    Thanks Jyri, this could be very useful to me. One problem though - when I try to run MAKESIS I get an error, as follows:
    C:\makeSIS>makesis VPN-policy-preshared-Cisco.pkg
    sh: C:Symbian9.1S60_3rdepoc32toolsMAKESIS.exe: No such file or directory

    Any idea what I'm doing wrong?

    Cheers
    Mike.
     
    mikerayjones, Sep 12, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?VG9hZGll?=

    Nokia 9500 to Vaio via 802.11b

    =?Utf-8?B?VG9hZGll?=, Feb 19, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    507
    =?Utf-8?B?VG9hZGll?=
    Feb 19, 2005
  2. Marco-L
    Replies:
    0
    Views:
    535
    Marco-L
    Apr 21, 2005
  3. Alasdair Baxter

    Casio Digital Diary model SF-9300 and DatalinkWIN Version 1

    Alasdair Baxter, Dec 29, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    3,426
    Alasdair Baxter
    Dec 29, 2003
  4. faulbert
    Replies:
    0
    Views:
    1,998
    faulbert
    May 18, 2006
  5. shopbb.com
    Replies:
    0
    Views:
    1,401
    shopbb.com
    Nov 18, 2007
Loading...

Share This Page