×

Discussion Board

Results 1 to 2 of 2
  1. #1
    Registered User
    Join Date
    Jan 2008
    Posts
    1

    Nokia E61 VPN connection problems (splittunneling?) with Cisco ASA

    Hi
    I'm trying to establish a VPN connection between a Nokia e61 and a Cisco ASA (5510 series).

    In the test environment the connection works less than more. For instance if I connect the Nokia via it's browser and then try to connect via the mailbox as well, the E61 doesn't "realize" that there exists already a VPN session and tries to set up a new one. It fails and then, I guess, tries to connect normally, not using the tunnel. Or since it's in a test environment, I didn't set up a DNS server, but only a static route. I can connect via the tunnel to the server with the static route, but if I try an other web page, the ASA log files show the IP address of the hotspot trying to connect to the DNS server configured in the hotspot configs..

    In the real environment, a session is set up correctly and shows up in the ASDM Monitoring page, but no Bytes are received or transmitted. And after a few seconds, the E61 says: internet gateway does not respond...

    My guess is that something with the routing doesn't work and that the E61 does splittunneling, even though it's disabled on the ASA.

    Does anyone know how I can force the E61 to communicate only via the tunnel? And is there a tool which can sniff the traffic of the E61? Or any other debugging suggestion?

    Here is my .pol file

    Code:
    SECURITY_FILE_VERSION: 3
    [INFO]
    VPN
    [POLICY]
    sa ipsec_1 = {
     esp
     encrypt_alg 12
     max_encrypt_bits 256
     auth_alg 3
     identity_remote 0.0.0.0/0
     src_specific
     hard_lifetime_bytes 0
     hard_lifetime_addtime 3600
     hard_lifetime_usetime 3600
     soft_lifetime_bytes 0
     soft_lifetime_addtime 3600
     soft_lifetime_usetime 3600
     }
     
    remote 0.0.0.0 0.0.0.0 = { ipsec_1(xxx.xxx.xxx.xxx) }
    inbound = { }
    outbound = { }
    
    [IKE]
    ADDR: xxx.xxx.xxx.xxx 255.255.255.255
    MODE: Aggressive
    SEND_NOTIFICATION: TRUE
    ID_TYPE: 11
    FQDN: xxx
    GROUP_DESCRIPTION_II: MODP_1024
    USE_COMMIT: FALSE
    IPSEC_EXPIRE: FALSE
    SEND_CERT: FALSE
    INITIAL_CONTACT: FALSE
    RESPONDER_LIFETIME: TRUE
    REPLAY_STATUS: TRUE
    USE_INTERNAL_ADDR: FALSE
    USE_NAT_PROBE: FALSE
    ESP_UDP_PORT: 0
    NAT_KEEPALIVE: 60
    USE_XAUTH: TRUE
    USE_MODE_CFG: TRUE
    REKEYING_THRESHOLD: 90
    PROPOSALS: 1 
    ENC_ALG: AES256-CBC
    AUTH_METHOD: PRE-SHARED
    HASH_ALG: SHA1
    GROUP_DESCRIPTION: MODP_1024
    GROUP_TYPE: DEFAULT
    LIFETIME_KBYTES: 0
    LIFETIME_SECONDS: 28800
    PRF: NONE
    PRESHARED_KEYS:
    FORMAT: STRING_FORMAT
    KEY: x xxx
    Thank you for any suggestion!
    Last edited by dreini; 2008-01-18 at 14:10.

  2. #2
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Location
    Budapest, Hungary
    Posts
    28,569

    Re: Nokia E61 VPN connection problems (splittunneling?) with Cisco ASA


Similar Threads

  1. ###Upgrading Firmware###
    By zahid44 in forum General Development Questions
    Replies: 27
    Last Post: 2008-10-21, 07:17
  2. which phones for laptop
    By dvdljns in forum PC Suite API and PC Connectivity SDK
    Replies: 2
    Last Post: 2006-02-14, 12:58

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •