cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
leobg
Fanfold Paper
Posts: 164
Registered: ‎05-09-2009
Location: Canada
Views: 806
Message 1 of 8

IPsec VPN in Droid 2 Global

I am trying to configure VPN with our Cisco ASA with my new Droid 2 Global. I was refering to the following page: https://motorola-global-en-usa.custhelp.com/app/answers/detail/a_id/59152/~/droid---vpn-(virtual-pri...)

Quote
If the GW configuration is different, new templates can be created based on these four by modifying the algorithms and/or DH groups as explained in the documentation.

My D2G lists only AES templates, I don't see any 3DES as mentioned in the above page. It says templates can be defined as per documentation. How can I configure new templates? Where I can find the fore mentioned documentation?

leobg
Fanfold Paper
Posts: 164
Registered: ‎05-09-2009
Location: Canada
Views: 806
Message 2 of 8

Re: IPsec VPN in Droid 2 Global

Thanks to a fellow forum member here I got the documentation link: https://motorola-enterprise.custhelp.com/ci/fattach/get/252657/1291299291/redirect/1

Now it is time to see if we can mainstream the configuration templates to make it easy to deploy

leobg
Fanfold Paper
Posts: 164
Registered: ‎05-09-2009
Location: Canada
Views: 806
Message 3 of 8

Re: IPsec VPN in Droid 2 Global

Link to the documentation now found

keithfaber
What's DOS?
Posts: 44
Registered: ‎07-20-2010
Location: United States
Views: 806
Message 4 of 8

Re: IPsec VPN in Droid 2 Global

Has anyone sucessfully connected to a Cisco using group authentication? If you have would you please upload your template so I could learn how to connect to ours.

Not applicable
Posts: 0
Views: 806
Message 5 of 8

Re: IPsec VPN in Droid 2 Global

Keith,

The Group ID is called "ID" in the phone GUI and "key-identifier" in the configuration file. It is part of the ready configuration (it is chosen by the user instead of FQDN etc.), it is NOT part of the template.

Note - do not put pre shared key and/or username/password in template file.

Here is a configuration that uses key-identifier that was created using the preloaded template
PSK v1 (AES, xauth, aggressive):

version 1.0;

connection psk-v1-aes-sha1-ag-g2-xauth {
gateway-address 192.168.100.1;
internal-subnet 192.168.1.0/24;
pre-shared-key  {
   type string;
   value XXXXXXXXXXXXXXXX;
}
own-identity  {
   type key-identifier;
   value XXXXX;
}
username demouser1;
password XXXXXXXXXXX;
       host-authentication pre-shared;
       user-authentication;

       ike-parameters {
               version 1;
               aggressive-mode;
               encryption aes-cbc-128;
               integrity hmac-sha1-96;
               group modp-1024;
               life 86400;
       }
       ipsec-parameters {
               encryption aes-cbc-128;
               integrity hmac-sha1-96;
               anti-replay;
               life {
                       type seconds;
                       value 28800;
               }
       }
}

keithfaber wrote:

Has anyone sucessfully connected to a Cisco using group authentication? If you have would you please upload your template so I could learn how to connect to ours.

keithfaber
What's DOS?
Posts: 44
Registered: ‎07-20-2010
Location: United States
Views: 806
Message 6 of 8

Re: IPsec VPN in Droid 2 Global

What do you name the template so the phone can find it?

Not applicable
Posts: 0
Views: 806
Message 7 of 8

Re: IPsec VPN in Droid 2 Global

You can find in the guide that Leobg mentioned in previous post.

https://motorola-enterprise.custhelp.com/ci/fattach/get/252657/1291299291/redire ct/1

on page 6: Android connection templates

It is also possible to extend the set of available

templates by side-loading customized templates to the

following directory on SD card:

/sdcard/vpn/templates/

The template package filename must match the

following regular expression pattern:

[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[

a-fA-F0-9]{12}.txt

or in plain words:

"8 hex digits"-"4 hex digits"-"4 hex digits"-"4 hex

digits"-"12 hex digits".txt

for example: 6F38BF66-95AE-35E7-889E-0B55102901E7.TXT

keithfaber
What's DOS?
Posts: 44
Registered: ‎07-20-2010
Location: United States
Views: 806
Message 8 of 8

Re: IPsec VPN in Droid 2 Global

OK I finally got the phone to see the template. However it states that it is invalid.

The file my be corrupted by posting on the forum. Please send me template file to keithfaber@gmail.com.

This should not be this difficult. I wish there was a solution that works like the Cisco AnyConnect client on my PC. I can get this to go in 30 seconds. I have hours invested in this client & still no connection.

Thanks a bunch for your help. I would ask our IT guys to do this but they are useless and are more interested in grilling me about why I would want VPN on my phone.