DescriptionThis article provides an example of IPsec configuration for a Blackberry.
SolutionConfiguration example
config vpn ipsec phase1-interface
edit "playbook_ph1"
set type dynamic
set interface "wan1"
set dhgrp 2
set proposal 3des-sha1 3des-md5
set xauthtype auto
set mode aggressive
set mode-cfg enable
set authusrgrp "blackberry" <<===== authorization against user group "blackberry"
set ipv4-start-ip 10.20.30.11
set ipv4-end-ip 10.20.30.20
set ipv4-netmask 255.255.255.0
set ipv4-dns-server1 192.168.20.1
set psksecret ENC zXHkFV/F2yFF86GRmzzGHGuH1SRkxanMYtiDpQ
next
end
config vpn ipsec phase2-interface
edit "playbook_ph2"
set keepalive enable
set phase1name "playbook_ph1"
set proposal 3des-sha1 3des-md5
set replay disable
set dhgrp 2
next
end
------
config user local
edit "jun"
set type password
set passwd ENC iDr2InCZtIAGPW2E8E6HigA
next
end
------
config user group
edit "blackberry"
set member "jun"
next
end
The connection from the BlackBerry can be tested with all CISCO IPsec profiles:
- Cisco ASA
- Cisco Secure PIX Firewall VPN
- Cisco VPN 3000-Konzentrator
- Cisco IOS mit Easy VPN Server
