While I was looking for a *working* VPN client solution to work with a Cisco concentrator, I found a couple of potential solutions:

1. Bluefire VPN client (http://www.bluefiresecurity.com/)

2. AnthaVPN (http://www.anthavpn.com/webmaker/portal/wmlink_360)

Both claim to work with the Cisco concentrator (3000 series to be precise). Before I go ahead and install either/both on my MDA Pro (with Imate ROM), I was wondering if anyone had any good/bad things to say about the software?

Any help would be appreciated.

here's an update:

I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.

I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:

39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!

Anyone got any suggestions on how to get around this?

here's an update:

I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.

I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:

39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!

Anyone got any suggestions on how to get around this?


Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none

here's an update:

I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.

I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:

39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!

Anyone got any suggestions on how to get around this?


Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none

Did you try the VPN client from APANI
There is a trial version for CISCO VPN 3000 Series for PDA and Mac
http://www.apani.com/vpnclients.html

Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none

I tried that already, didn't work. It may just be issues with the configuration on the concentrator. I'm going to play with it this weekend to see if I get anywhere. Thanks for the reply, nonetheless.

Did you try the VPN client from APANI
There is a trial version for CISCO VPN 3000 Series for PDA and Mac
http://www.apani.com/vpnclients.html

I filled out an eval request yesterday with Apani and got the instructions to download the client this morning. I'll install it over the weekend to see if it works "out of the box". Thanks for the suggestion, dude!

It appears that Apani doesn't really support the universal. Got the following from one of their support reps. Back to the drawing board, I guess.


The Client does not support the use of Windows Mobile 5. We currently
support Windows Mobile 2003 only.


Sincerely,
Janet
Apani Networks
support@apani.com
714-674-1700

be careful when installing Bluefire... It is a mess if you install it on the SD card..

it's a nuisance to uninstall it... all advice i got from "Bluefire support" was to try a hard reset.... most helpfull

(apparently this problem is well explained in their "product documentation"... but no solution has been found.. yet

Have a working environment against a CISCO-PIX with NCP
http://www.ncp.de/english/services/testsoftware/index_entry.html

=) Georg

I got the BlueFire client to work finally! I had to enable the PFS (Perfect Forward Secracy) on the concentrator along with the encryption set to 1024 bits on my group profile.

After I got past that, I got the DirectPush client to work with my exchange server! Now I can confidently say this phone has been worth it for me!

FYI - I just came across this openVPN port for windows mobile and thought it might be of interest for some of you guys:

http://www.ziggurat29.com/OVPNPPCAlpha/OVPNPPCAlpha.htm

Its still in the alpha stage and is continually being worked on by the author, David G. Lemley, III

I am in the same boat - need to use IPsec VPN to connect to our corporate Exchange server.

I am testing BlueFire 2.3.0 client for more than a week now. Overall it is very good - it does its job done. But after running it extensively for a week I discovered several issues with it, mostly cosmetic, but they are really annoying. Especially, if you want to have Direct Push. Those issues are:

1. "Save credentials for auto-reauthentication" does not work - you have to enter your password every time you connect.
2. It does not reconnect on its own, if it looses the connection (i.e. EDGE/GPRS goes down temporarily)
3. Detection of disconnect is not very reliable - sometimes when you loose signal and GPRS connection wants to disconnect, it cannot do it because of VPN still thinks it is connected and prevents GPRS from reconnecting.
4. Extensive use of on-screen push-buttons instead of soft-keys. And soft-keys are mapped to rarely used functions, like About - poor interface design. It woldn't be so bad, if the VPN client was not requiring user interaction to reconnect and authenticate...
5. After several minutes of standby, it brings its window on top of Today screen, kinda like letting user know that he better check his tunnel/connection, because it could be already disconnected... :) In most cases it is not true, because the unit wakes half the way up every several minutes to check email or sent a heat-beat packet, which keeps connection up (this only applies to GPRS/EDGE connection and not WiFi, unfortunatelly). But sometimes the VPN tunnel becomes dead, and you have to click "Disconnect", "Connect" and enter your password again.

Ok, that is my impression about BlueFire VPN client. Now the question is - is there any better IPsec client for PPC (WM5), which allows you to have Direct Push email over IPsec all day long without your intervention to check the connection status and reconnect manually?

Thanks for your time.

Im also trying to connect to our corporate network using a vpn client.
with my laptop i usually do this with the cisco vpn client and a very simple configuration.

My target is doing the same with the universal.
I tried Bluefire VPN, and AnthaVPN.
Eventhough i tried a lot of times, i couldn't make a connection with bluefire
With Antha, the results were better. I could connect , but after installing it, wifi stop working, and the active sync, sometimes doesnt recognize the device ( i saw in this forum somebody with exactly the same problem).

Is there anybody that use Antha in Universal without problems?

I checked the official web of Antha, and universal is not supported.

Do you know any other vpn software that works with Cisco?

Thanks