|
Cisco PIX VPN Connect from N900
Hello everyone,
I am trying to figure out if the N900 properly supports any of the VPNs available on the Cisco PIX 501 firewall? This is an older device, produced starting around 2001 and end-of-lifed around 2007. Update: Vpnc connects great with the Cisco PIX line of devices (IOS 6.3 and prior)! The only problem is for some reason the VPN connection drops after an undetermined amount of time... this does not happen with the Cisco native client... I am still investigating why this occurs, but the core functionality works! |
Re: Cisco PIX VPN Connect from N900
wish i knew what model cisco we use at work, i know its a good 4/5 years old, and works :D
|
Re: Cisco PIX VPN Connect from N900
I would say that vpnc (and vpnc-gui) will work with the PIX 501... it's from the same era as the Cisco 3000 VPN concentrators (and those got EOL'ed in 2008 or 2009...)
|
Re: Cisco PIX VPN Connect from N900
I don't know the specific model but I connect to Cisco PIX VPN using vpnc. I have to use --dpd-idle=0 otherwise i get disconnected after a few minutes idle.
|
Re: Cisco PIX VPN Connect from N900
Update: Vpnc connects great with the Cisco PIX line of devices (IOS 6.3 and prior)!
The only problem is for some reason the VPN connection drops after an undetermined amount of time... this does not happen with the Cisco native client... I am still investigating why this occurs, but the core functionality works! |
Re: Cisco PIX VPN Connect from N900
Anyone know anything about "Clean Access Agent"? My works use sthis on teh laptop to 'log in" and I'm not sure what I can use to replicate this
|
Re: Cisco PIX VPN Connect from N900
I have not heard of this "Clean Access Agent", what does it do, and how is it different from regular Cisco VPN client agent?
|
Re: Cisco PIX VPN Connect from N900
To prevent the disconnects add --dpd-idle=0 to your vpnc commandline. That disables dead peer detection & leaves you connected indefinitely.
|
Re: Cisco PIX VPN Connect from N900
Thank you for the info. In order to make this useful we would need to edit the VPNC GUI program to change the string.
Does anyone know where in the filesystem the VPNC GUI program is? I've been looking around but cannot find it (it's not in /etc/vpnc) Thanks Quote:
|
Re: Cisco PIX VPN Connect from N900
I don't use the vpnc gui but you should be able to type "dpkg -l vpnc-gui" to see which files are owned by that package.
|
Re: Cisco PIX VPN Connect from N900
Stlpaul, can you please elaborate on the actual command line you add "--dpd-idle=0" to in order to keep from being disconnected?
Essentially I am looking for the complete command since I cannot seem to get it running without it disconnecting after a while. On the Vpnc web site I found the following two notes: # disconnecting does not work reliable with all supported targets (a work-around is to connect with incorrect password, and then again with correct password) # vpnc looses connection with some targets, even before the rekey-timer expires most probably due bugs with keepalive, dead-peer-detection or something else... |
Re: Cisco PIX VPN Connect from N900
does it work with IPSec 3DES
|
Re: Cisco PIX VPN Connect from N900
Sure, I use vpnc on my desktop machine as well as my N900, and I do exactly the same commands and setup the same way on both. I don't use the GUI, I just use xterm.
I created a file in /etc/vpnc/company.conf with my company's VPN settings. Here's what they are, the parts I changed are in bold font: Code:
IPSec gateway 123.123.123.1Code:
sudo vpnc --dpd-idle=0 companyCode:
sudo vpnc-disconnectAlso important to know that vpnc on N900 does not (for me) work when you are connected to gprs (cellular internet)... only on wlan (WiFi). To see all available command-line options type: Code:
vpnc --long-help |
Re: Cisco PIX VPN Connect from N900
stlpaul, thank you for your wonderfully complete response. I will try this out within the next day.
As a side note, in my previous tests I was able to connect to my Cisco VPN over both Wi-Fi and Cellular (Tmobile in the USA, using the Tmobile "VPN Data Plan" which provides a public IP directly to my N900). Of course the connection would drop soon thereafter, but that is a different issue which hopefully your last post will help the community address. |
Re: Cisco PIX VPN Connect from N900
Update:
It looks like the solution carefully provided by stlpaul is absolutely correct. I have used the "--dpd-idle=0" additional suffix and now I am staying connected, hopefully indefinately. I have run a ping and have successfully pinged up to ping sequence 1,100+, which tells me the connection is solid. In short, it seems my problem was over-reliance on a GUI VPN front end program for vpnc called vpngui, version 5.4.4. It seems the next step would be to somehow edit the vpnc-gui configuration to add the "--dpd-idle=0" additional suffix, which would complete this super setup. This may involve making changes to the source code for vpngui, version 5.4.4 to add the "--dpd-idle=0" additional suffix by default to every connection it makes. I am very new to Linux, but I would not shy away from recompiling vpngui, version 5.4.4 to make this change. Can anyone offer any advice on how we could make this small change to vpngui, version 5.4.4? Thank you very much |
Re: Cisco PIX VPN Connect from N900
How much do you pay for the T-Mobile VPN data plan? I haven't been able to get VPN to work over my $30 a month smartphone plan.
|
Re: Cisco PIX VPN Connect from N900
Since I've had Tmobile since the Voicestream days (10 years ago) the VPN data plan is $20/month... but they told me that if I make any drastic changes to my plan I will forfeit the cheap data plan and would have to get the normal more expensive data plan, like all new customers.
|
Re: Cisco PIX VPN Connect from N900
I'm glad I could help!
I'm using the $10 a month T-Mobile internet so maybe that's why VPN doesn't work for me. |
Re: Cisco PIX VPN Connect from N900
For those interested in setting aliases to run this script from xterm without doing tons of typing, in my case I had to perform a 'chmod' on the vpnc file in /opt/maemo/usr/sbin/ before my aliases would work.
cd /opt/maemo/usr/sbin/ chmod +x vpnc This should let you run your alias directly from the $ prompt. But i'm sure there are better ways to do this... |
Re: Cisco PIX VPN Connect from N900
Thank you for the explanation, right now, I can stay connect to my Uni-Cisco VPN using both cpngui or --idle things, but one problem that occur to me is I can connect to skype or anything that I have installed in my N900 such as a forecast or go to maemo to install a program, but I can't browse to web, or even download from maemo.org..
Is there any step that missed by me? so I can't browsing to internet? Here is when I use the --idle=0... sudo vpnc --dpd-idle=0 my_uni route : SIOCDELRT : no such process route : SIOCDELRT : no such process sending state in dbus : connected vpnc started in background (Pid : 1765)... is there any mistake? |
Re: Cisco PIX VPN Connect from N900
See this thread for some info:
http://talk.maemo.org/showthread.php?t=52046 When you are on the VPN the original N900 browser works if you install another program called vpncgui. Apparently the settings get reconfigured for the MicroB browser, but most other applications on your phone will not by default know the route through the VPN connection and will not work by default. This applies for things like Skype and the Application Manager. I do know know a solution for this problem. Hopefully someone can help. |
| All times are GMT. The time now is 16:58. |
vBulletin® Version 3.8.8