27-28
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 27 Configuring IPSec and ISAKMP
Supporting the Nokia VPN Client
Be aware that if you enter the clear configure crypto command without arguments, you remove the
entire crypto configuration, including all certificates.
For more information, see the clear configure crypto command in the Cisco Security Appliance
Command Reference.
Supporting the Nokia VPN Client
The security appliance supports connections from Nokia VPN Clients on Nokia 92xx Communicator
series phones using the Challenge/Response for Authenticated Cryptographic Keys (CRACK) protocol.
CRACK is ideal for mobile IPSec-enabled clients that use legacy authentication techniques instead of
digital certificates. It provides mutual authentication when the client uses a legacy based secret-key
authentication technique such as RADIUS and the gateway uses public-key authentication.
The Nokia back-end services must be in place to support both Nokia clients and the CRACK protocol.
This requirement includes the Nokia Security Services Manager (NSSM) and Nokia databases as shown
in Figure 27-5.
Figure 27-5 Nokia 92xx Communicator Service Requirement
To support the Nokia VPN Client, perform the following step on the security appliance:
• Enable CRACK authentication using the crypto isakmp policy priority authentication command
with the crack keyword in global configuration mode. For example:
hostname(config)# crypto isakmp policy 2
132777
Nokia SSM
Web server
Internet
Operator
mobile
network
Telecommuters
SSM server
and database
SSM
enrollment
gateway
SSM
management
station
RADIUS or
LDAP server
SAP
database
Corporate
E-mail
Corporate
Web services
Windows Clients/
Laptop Policy
Mobile Devices/
Mobile Devices
Policy
DMZ
Firewall/
VPN
gateway
Remote Access
To Next Page
Loading...
