|
|
|
09-23-2007, 01:18 PM
|
#1
|
BlackBerry Extraordinaire
Join Date: Dec 2006
Location: san francisco
Model: 8320
PIN: n/a
Carrier: t-mobile
Posts: 2,166
|
8320: VPN setup / usage?
Please Login to Remove!
So one exciting feature in this new 8320 is that we finally have something for VPN! If you go to Security -> VPN you can configure a connection. In my case I've plugged in all the details for a Cisco 3005 Concentrator (of which I admin at work, so I know all the mojo).
It appears this is Wireless only - so you then go into a wireless profile and at the bottom you can associate the VPN config you just made to the wireless profile. So far so good, right? But does anyone know how you actually use it?
If I start Wifi then go back into Security -> VPN and click "Log in" the device does a quick something then comes back almost immediately with "Error - communication link is down". I've checked everything I could, tried flipping settings, etc. yet still no love. My VPN server never gets hit, it's something dying before it even gets that far - but what?
Ideas welcome...
|
Offline
|
|
09-23-2007, 01:26 PM
|
#2
|
New Member
Join Date: Nov 2005
Model: 7290
Carrier: Tmobile
Posts: 5
|
Go into Options - Wi-Fi Connections. Press menu button, select Wi-Fi Diagnostics. This will show information on what is happening. You can change the display mode to advanced to show even more info by pressing menu key within the diags screen. There is also the ability to ping, dns lookup and site survey all within Wi-Fi diagnostics.
|
Offline
|
|
09-23-2007, 01:40 PM
|
#3
|
BlackBerry Extraordinaire
Join Date: Dec 2006
Location: san francisco
Model: 8320
PIN: n/a
Carrier: t-mobile
Posts: 2,166
|
Lots of good stuff in there, but all the VPN junk is blank. Hrrmmm, I'll have to keep beating on it using the Advanced view until something changes, at least that's a start. thanks!
In the Help on the device there is a statement "Ensure you have a BES email associated", I wonder if it only works in this instance? If so, man that bites.
|
Offline
|
|
09-23-2007, 01:52 PM
|
#4
|
New Member
Join Date: Nov 2005
Model: 7290
Carrier: Tmobile
Posts: 5
|
After you get connected to your AP, can you ping any internet host?
Can you ping the VPN concentrator?
If both yes, make sure your AP has VPN pass-through on and/or you allow ports 4500 & 500. Those are ports the VPN client uses.
Finally, check and double-check all the settings one single wrong setting (cipher, hash, IKE group, etc) will fail.
|
Offline
|
|
09-24-2007, 10:17 PM
|
#5
|
Thumbs Must Hurt
Join Date: Sep 2004
Model: 8700
Carrier: T-mo
Posts: 162
|
Go to the BlackBerry Technical Solution Center and search for vpn.. It's configured in the BES..
|
Offline
|
|
09-24-2007, 10:22 PM
|
#6
|
BlackBerry Extraordinaire
Join Date: Dec 2006
Location: san francisco
Model: 8320
PIN: n/a
Carrier: t-mobile
Posts: 2,166
|
Quote:
Originally Posted by patrickh
Go to the BlackBerry Technical Solution Center and search for vpn.. It's configured in the BES..
|
yeah, that's pretty much the conclusion I'm coming to - no BES, no love. (I'm a BIS user) In both the 8820 and 8320 docs they specifically list "email account on BES" as a prerequisite, which I don't have (or need); I just need VPN over WiFi so that I can get to the corporate intranet websites. No matter what I bang on I get nothing leaving the device at all, it loops and fails internally with 'error comm link down' still.
man, sometimes the decisions big companies make...Nokia is no different, getting a shared (not policy) based VPN running on their devices is like pulling teeth, I just gave up after awhile. These folks (RIM, Nokia) are just leaving us non-"we spent billions of dollars on your OTHER stuff" people out in the cold.
le sigh.
|
Offline
|
|
09-24-2007, 10:25 PM
|
#7
|
BlackBerry Extraordinaire
Join Date: Dec 2006
Location: san francisco
Model: 8320
PIN: n/a
Carrier: t-mobile
Posts: 2,166
|
Quote:
Originally Posted by getmetty
After you get connected to your AP, can you ping any internet host?
Can you ping the VPN concentrator?
If both yes, make sure your AP has VPN pass-through on and/or you allow ports 4500 & 500. Those are ports the VPN client uses.
Finally, check and double-check all the settings one single wrong setting (cipher, hash, IKE group, etc) will fail.
|
Sorry missed this - all that stuff is fine (I'm a systems guy, network admin and whatever else they throw at me by trade), it's nothing as simple or easy as a bad setup or whatnot. As per the previous reply I just made, I think it's a non-BES thing and I'm SOL.
|
Offline
|
|
09-25-2007, 06:57 AM
|
#8
|
Thumbs Must Hurt
Join Date: Sep 2004
Model: 8700
Carrier: T-mo
Posts: 162
|
I thought you can download a personal version of the BES for free.. (1-seat)..
|
Offline
|
|
09-25-2007, 01:16 PM
|
#9
|
BlackBerry Extraordinaire
Join Date: Dec 2006
Location: san francisco
Model: 8320
PIN: n/a
Carrier: t-mobile
Posts: 2,166
|
Quote:
Originally Posted by patrickh
I thought you can download a personal version of the BES for free.. (1-seat)..
|
...that runs on Windows. We also don't use Exchange for email, instead we use standards compliant IMAP/S and SMTP/S within our company. It's been a bit of an uphill battle using a BlackBerry with a corporate that doesn't use Exchange/Domino, VPN is just the latest roadblock.
The main reasons for VPN have no email connection in my world - instead it's to query firewalled LDAP servers (via web forms) and stuff like that.
|
Offline
|
|
09-28-2007, 10:16 AM
|
#10
|
BlackBerry Genius
Join Date: Aug 2006
Model: hdawg
PIN: port3101.org
Carrier: hdawg
Posts: 6,632
|
Quote:
Originally Posted by rivviepop
...that runs on Windows. We also don't use Exchange for email, instead we use standards compliant IMAP/S and SMTP/S within our company. It's been a bit of an uphill battle using a BlackBerry with a corporate that doesn't use Exchange/Domino, VPN is just the latest roadblock.
The main reasons for VPN have no email connection in my world - instead it's to query firewalled LDAP servers (via web forms) and stuff like that.
|
Ahhh ... technology standards getting in the middle of business process. Gotta love it.
|
Offline
|
|
10-22-2007, 12:49 PM
|
#11
|
New Member
Join Date: Oct 2007
Location: Portland Oregon
Model: 8800
PIN: N/A
Carrier: cingular
Posts: 5
|
Has anyone got this to work? I have all the pieces in place. Do a packet capture of the wireless network when trying to connect the VPN and no joy. tThe unit never even trys to talk to the Cisco firewall.
|
Offline
|
|
10-22-2007, 12:51 PM
|
#12
|
New Member
Join Date: Oct 2007
Model: 8900
PIN: N/A
Carrier: Wataniya
Posts: 4
|
Quote:
Originally Posted by Rotney
Has anyone got this to work? I have all the pieces in place. Do a packet capture of the wireless network when trying to connect the VPN and no joy. tThe unit never even trys to talk to the Cisco firewall.
|
I have not gotten it to work yet, but I have had it on a back burner a bit. I am going to setup a new group in my concentrator, and start from there. If I can get it to work I will post it up.
|
Offline
|
|
10-22-2007, 12:55 PM
|
#13
|
BlackBerry Extraordinaire
Join Date: Dec 2006
Location: san francisco
Model: 8320
PIN: n/a
Carrier: t-mobile
Posts: 2,166
|
Quote:
Originally Posted by Rotney
Has anyone got this to work? I have all the pieces in place. Do a packet capture of the wireless network when trying to connect the VPN and no joy. tThe unit never even trys to talk to the Cisco firewall.
|
Not here either, I keep crossing my fingers every OS update will make it work (downloading the new .180 now) but the simple fact seems to be you need to be BES connected according to all the RIM docs. It's also kind of strange that it's WiFi-only, it doesn't make sense you can't run the VPN over a Mobile Network where you're bound to be half of the time.
I get a sneaking suspicion that this VPN is not intended for general use (as much as we want it to be), and is somehow only designed to work with a WiFi access point's configuration. :(
|
Offline
|
|
10-22-2007, 01:02 PM
|
#14
|
New Member
Join Date: Oct 2007
Location: Portland Oregon
Model: 8800
PIN: N/A
Carrier: cingular
Posts: 5
|
Quote:
Originally Posted by rivviepop
Not here either, I keep crossing my fingers every OS update will make it work (downloading the new .180 now) but the simple fact seems to be you need to be BES connected according to all the RIM docs. It's also kind of strange that it's WiFi-only, it doesn't make sense you can't run the VPN over a Mobile Network where you're bound to be half of the time.
I get a sneaking suspicion that this VPN is not intended for general use (as much as we want it to be), and is somehow only designed to work with a WiFi access point's configuration. :(
|
I have the BES connected and configured and I still can't make it work. I am wondering if it is a marketing concept just to get prople to buy new units?
|
Offline
|
|
10-22-2007, 01:09 PM
|
#15
|
BlackBerry Extraordinaire
Join Date: Dec 2006
Location: san francisco
Model: 8320
PIN: n/a
Carrier: t-mobile
Posts: 2,166
|
Quote:
Originally Posted by Rotney
I have the BES connected and configured and I still can't make it work. I am wondering if it is a marketing concept just to get prople to buy new units?
|
I just finished browsing the "Wifi Implementation Guide" that someone linked in a 8320 VPN thread in the subforum, and numerous places in that document they specifically say things like "if you have a WiFi that requires a VPN to access it" and of course has all the setup stuff about BES. To me this means they're saying "our VPN is specifically for tunneling over a random WiFi connection to the BES server for security" and not a general VPN into a corporate network. That's at least how I read it...
I'm kinda wondering if I install the MDS runtimes on my BIS device will it somehow make things work. A complete long shot, but.... well, it's not working now so what's the harm in trying...
|
Offline
|
|
10-22-2007, 02:31 PM
|
#16
|
Talking BlackBerry Encyclopedia
Join Date: Sep 2006
Location: SF CA
Model: 8320
Carrier: tmob
Posts: 204
|
My conclusions about this VPN here
|
Offline
|
|
10-23-2007, 02:46 PM
|
#17
|
New Member
Join Date: Oct 2007
Location: Portland Oregon
Model: 8800
PIN: N/A
Carrier: cingular
Posts: 5
|
Quote:
Originally Posted by dwc
My conclusions about this VPN here
|
Okay, I just got off the phone with BB support and they confirmed DWC's conclusions. VPN is designed for the internal wireless to the corperate network only and not accross the internet. A BES server is required to make it connect. I hope this helps. Thier documentation is very lacking. It took 3emails and 45 minutes on the phone to confirm this.
|
Offline
|
|
10-23-2007, 03:26 PM
|
#18
|
Thumbs Must Hurt
Join Date: May 2006
Model: 8320
Carrier: T-Mobile
Posts: 65
|
Are you sure that it is in the office only? What about a WiFi connection from home? I don't know of any reason why that wouldn't work.
|
Offline
|
|
10-23-2007, 03:37 PM
|
#19
|
BlackBerry Extraordinaire
Join Date: Dec 2006
Location: san francisco
Model: 8320
PIN: n/a
Carrier: t-mobile
Posts: 2,166
|
Quote:
Originally Posted by harveyjc_2001
Are you sure that it is in the office only? What about a WiFi connection from home? I don't know of any reason why that wouldn't work.
|
Are you saying you have it working from a wifi connection at home? If so, please feed us the details.
Everyone on the thread has been trying and we can all vouch for the fact it only works with a BES account for corporate WiFi to the server. This is the way RIM has designed it to work, and not as a generic VPN connection (which we all badly want).
|
Offline
|
|
10-23-2007, 05:23 PM
|
#20
|
New Member
Join Date: Oct 2007
Location: Portland Oregon
Model: 8800
PIN: N/A
Carrier: cingular
Posts: 5
|
Quote:
Originally Posted by harveyjc_2001
Are you sure that it is in the office only? What about a WiFi connection from home? I don't know of any reason why that wouldn't work.
|
If you have a BES server at home on the same network as the Wi-Fi it could possibly work. I was dealing with my network at the office.
|
Offline
|
|
|
|