[rivviepop]

So one exciting feature in this new 8320 is that we finally have something for VPN! If you go to Security -> VPN you can configure a connection. In my case I've plugged in all the details for a Cisco 3005 Concentrator (of which I admin at work, so I know all the mojo).

It appears this is Wireless only - so you then go into a wireless profile and at the bottom you can associate the VPN config you just made to the wireless profile. So far so good, right? But does anyone know how you actually use it?

If I start Wifi then go back into Security -> VPN and click "Log in" the device does a quick something then comes back almost immediately with "Error - communication link is down". I've checked everything I could, tried flipping settings, etc. yet still no love. My VPN server never gets hit, it's something dying before it even gets that far - but what?

Ideas welcome...

[getmetty]

Go into Options - Wi-Fi Connections. Press menu button, select Wi-Fi Diagnostics. This will show information on what is happening. You can change the display mode to advanced to show even more info by pressing menu key within the diags screen. There is also the ability to ping, dns lookup and site survey all within Wi-Fi diagnostics.

[rivviepop]

Lots of good stuff in there, but all the VPN junk is blank. Hrrmmm, I'll have to keep beating on it using the Advanced view until something changes, at least that's a start. thanks!

In the Help on the device there is a statement "Ensure you have a BES email associated", I wonder if it only works in this instance? If so, man that bites.

[getmetty]

After you get connected to your AP, can you ping any internet host?

Can you ping the VPN concentrator?

If both yes, make sure your AP has VPN pass-through on and/or you allow ports 4500 & 500. Those are ports the VPN client uses.

Finally, check and double-check all the settings one single wrong setting (cipher, hash, IKE group, etc) will fail.

[patrickh]

Go to the BlackBerry Technical Solution Center and search for vpn.. It's configured in the BES..

[rivviepop]

Quote:

Originally Posted by patrickh

Go to the BlackBerry Technical Solution Center and search for vpn.. It's configured in the BES..

yeah, that's pretty much the conclusion I'm coming to - no BES, no love. (I'm a BIS user) In both the 8820 and 8320 docs they specifically list "email account on BES" as a prerequisite, which I don't have (or need); I just need VPN over WiFi so that I can get to the corporate intranet websites. No matter what I bang on I get nothing leaving the device at all, it loops and fails internally with 'error comm link down' still.

man, sometimes the decisions big companies make...Nokia is no different, getting a shared (not policy) based VPN running on their devices is like pulling teeth, I just gave up after awhile. These folks (RIM, Nokia) are just leaving us non-"we spent billions of dollars on your OTHER stuff" people out in the cold.

le sigh.

[rivviepop]

Quote:

Originally Posted by getmetty

After you get connected to your AP, can you ping any internet host?

Can you ping the VPN concentrator?

If both yes, make sure your AP has VPN pass-through on and/or you allow ports 4500 & 500. Those are ports the VPN client uses.

Finally, check and double-check all the settings one single wrong setting (cipher, hash, IKE group, etc) will fail.

Sorry missed this - all that stuff is fine (I'm a systems guy, network admin and whatever else they throw at me by trade), it's nothing as simple or easy as a bad setup or whatnot. As per the previous reply I just made, I think it's a non-BES thing and I'm SOL.

[patrickh]

I thought you can download a personal version of the BES for free.. (1-seat)..

[rivviepop]

Quote:

Originally Posted by patrickh

I thought you can download a personal version of the BES for free.. (1-seat)..

...that runs on Windows. We also don't use Exchange for email, instead we use standards compliant IMAP/S and SMTP/S within our company. It's been a bit of an uphill battle using a BlackBerry with a corporate that doesn't use Exchange/Domino, VPN is just the latest roadblock.

The main reasons for VPN have no email connection in my world - instead it's to query firewalled LDAP servers (via web forms) and stuff like that.

[hdawg]

Quote:

Originally Posted by rivviepop

...that runs on Windows. We also don't use Exchange for email, instead we use standards compliant IMAP/S and SMTP/S within our company. It's been a bit of an uphill battle using a BlackBerry with a corporate that doesn't use Exchange/Domino, VPN is just the latest roadblock.

The main reasons for VPN have no email connection in my world - instead it's to query firewalled LDAP servers (via web forms) and stuff like that.

Ahhh ... technology standards getting in the middle of business process. Gotta love it.

[Rotney]

Has anyone got this to work? I have all the pieces in place. Do a packet capture of the wireless network when trying to connect the VPN and no joy. tThe unit never even trys to talk to the Cisco firewall.

[Minagera]

Quote:

Originally Posted by Rotney

Has anyone got this to work? I have all the pieces in place. Do a packet capture of the wireless network when trying to connect the VPN and no joy. tThe unit never even trys to talk to the Cisco firewall.

I have not gotten it to work yet, but I have had it on a back burner a bit. I am going to setup a new group in my concentrator, and start from there. If I can get it to work I will post it up.

[rivviepop]

Quote:

Originally Posted by Rotney

Has anyone got this to work? I have all the pieces in place. Do a packet capture of the wireless network when trying to connect the VPN and no joy. tThe unit never even trys to talk to the Cisco firewall.

Not here either, I keep crossing my fingers every OS update will make it work (downloading the new .180 now) but the simple fact seems to be you need to be BES connected according to all the RIM docs. It's also kind of strange that it's WiFi-only, it doesn't make sense you can't run the VPN over a Mobile Network where you're bound to be half of the time.

I get a sneaking suspicion that this VPN is not intended for general use (as much as we want it to be), and is somehow only designed to work with a WiFi access point's configuration. :(

[Rotney]

Quote:

Originally Posted by rivviepop

Not here either, I keep crossing my fingers every OS update will make it work (downloading the new .180 now) but the simple fact seems to be you need to be BES connected according to all the RIM docs. It's also kind of strange that it's WiFi-only, it doesn't make sense you can't run the VPN over a Mobile Network where you're bound to be half of the time.

I get a sneaking suspicion that this VPN is not intended for general use (as much as we want it to be), and is somehow only designed to work with a WiFi access point's configuration. :(

I have the BES connected and configured and I still can't make it work. I am wondering if it is a marketing concept just to get prople to buy new units?

[rivviepop]

Quote:

Originally Posted by Rotney

I have the BES connected and configured and I still can't make it work. I am wondering if it is a marketing concept just to get prople to buy new units?

I just finished browsing the "Wifi Implementation Guide" that someone linked in a 8320 VPN thread in the subforum, and numerous places in that document they specifically say things like "if you have a WiFi that requires a VPN to access it" and of course has all the setup stuff about BES. To me this means they're saying "our VPN is specifically for tunneling over a random WiFi connection to the BES server for security" and not a general VPN into a corporate network. That's at least how I read it...

I'm kinda wondering if I install the MDS runtimes on my BIS device will it somehow make things work. A complete long shot, but.... well, it's not working now so what's the harm in trying...

[dwc]

My conclusions about this VPN here

[Rotney]

Quote:

Originally Posted by dwc

My conclusions about this VPN here

Okay, I just got off the phone with BB support and they confirmed DWC's conclusions. VPN is designed for the internal wireless to the corperate network only and not accross the internet. A BES server is required to make it connect. I hope this helps. Thier documentation is very lacking. It took 3emails and 45 minutes on the phone to confirm this.

[harveyjc_2001]

Are you sure that it is in the office only? What about a WiFi connection from home? I don't know of any reason why that wouldn't work.

[rivviepop]

Quote:

Originally Posted by harveyjc_2001

Are you sure that it is in the office only? What about a WiFi connection from home? I don't know of any reason why that wouldn't work.

Are you saying you have it working from a wifi connection at home? If so, please feed us the details.

Everyone on the thread has been trying and we can all vouch for the fact it only works with a BES account for corporate WiFi to the server. This is the way RIM has designed it to work, and not as a generic VPN connection (which we all badly want).

[Rotney]

Quote:

Originally Posted by harveyjc_2001

Are you sure that it is in the office only? What about a WiFi connection from home? I don't know of any reason why that wouldn't work.

If you have a BES server at home on the same network as the Wi-Fi it could possibly work. I was dealing with my network at the office.