Discussion Board

Results 1 to 2 of 2
  1. #1
    Registered User
    Join Date
    May 2009

    Mobile VPN client


    I have E90 with new software, installed mobile vpn version 3.1.
    Generated vpn file using Mobile VPN client policy tool.
    On the end of tunnel i have cisco vpn asa. I use preshared keys for remote access.

    Phase 1 IKE is successfull. Also Xauth is successfull. But phase 2 IKE fails.
    ASA says that: "All IPSec SA proposals found unacceptable!"

    My client configuration for IPSec SA:
    sa CISCO_ASA_PSK = {
    encrypt_alg 12
    max_encrypt_bits 128
    auth_alg 3
    hard_lifetime_bytes 0
    hard_lifetime_addtime 3600
    hard_lifetime_usetime 3600
    soft_lifetime_bytes 0
    soft_lifetime_addtime 3600
    soft_lifetime_usetime 3600
    replay_win_len 0

    i understeand that client is using AES128 and SHA. My ASA also has such transform-set (other clients using cisco vpn client or routers log in usuing such data). My asa configuration:
    crypto dynamic-map outside_dyn_map 110 set transform-set ESP-AES-128-SHA
    crypto dynamic-map outside_dyn_map 110 set security-association lifetime seconds 3600
    (default pfs group is 2). I have also many others transform sets, but they can not agree on any proposal.

    I tried to debug problem on ASA. After phase 1 IKE, Nokia send such proposal for IPSec SA:
    ISAKMP Header
    Initiator COOKIE: 20 06 57 76 24 bf c7 93
    Responder COOKIE: e7 00 0a 3a db 30 f8 76
    Next Payload: Hash
    Version: 1.0
    Exchange Type: Quick Mode
    Flags: (Encryption)
    MessageID: 2E3B169D
    Length: 156
    Payload Hash
    Next Payload: Security Association
    Reserved: 00
    Payload Length: 24
    0c 2f 68 dc b3 01 df e9 57 d4 78 92 f6 ca 6c ff
    37 7c 0a 76
    Payload Security Association
    Next Payload: Nonce
    Reserved: 00
    Payload Length: 56
    DOI: IPsec
    Payload Proposal
    Next Payload: None
    Reserved: 00
    Payload Length: 44
    Proposal #: 0
    Protocol-Id: PROTO_IPSEC_ESP
    SPI Size: 4
    # of transforms: 1
    SPI: 19 91 c2 49
    Payload Transform
    Next Payload: None
    Reserved: 00
    Payload Length: 32
    Transform #: 0
    Transform-Id: ESP_AES
    Reserved2: 0000
    Life Type: Seconds
    Life Duration (Hex): 00 00 0e 10
    Encapsulation Mode: UDP Tunnel(NAT-T)
    Authentication Algorithm: SHA1
    Key Length: 128

    I see that it want to use SHA1, but i'm not sure if it has selected AES

    Where can be the problem ?

    Do you know why ? Where might be the problem ?

    Last edited by highland7; 2009-05-21 at 08:27.

  2. #2
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Oslo, Norway

    Re: Mobile VPN client

    There was a neverending thread about VPN, http://discussion.forum.nokia.com/fo...ad.php?t=80837
    Check that, and if you still have questions, follow the links in its closing post.

Similar Threads

  1. Nokia Mobile VPN VPN-policy file
    By k3nob1 in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 322
    Last Post: 2009-03-27, 13:56
  2. Mobile Podcasting - will it happen?
    By mobile monte in forum News and Announcements
    Replies: 0
    Last Post: 2006-09-22, 23:45
  3. How to config mobile VPN by Nokia Mobile phone?
    By cqliuke in forum Symbian Networking & Messaging (Closed)
    Replies: 2
    Last Post: 2005-12-10, 09:51
  4. Nokia 9500 VPN client
    By tgp9999 in forum General Development Questions
    Replies: 3
    Last Post: 2005-03-15, 12:31
  5. Nokia 9500 + Nokia VPN client + connection profile
    By wolvie in forum Symbian Networking & Messaging (Closed)
    Replies: 0
    Last Post: 2005-01-16, 16:04

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts