Supporting The Nokia Vpn Client - Cisco FirePOWER ASA 5500 series Configuration Manual

Supporting the Nokia VPN Client

Be aware that if you enter the clear configure crypto command without arguments, you remove the
entire crypto configuration, including all certificates.
For more information, see the clear configure crypto command in the Cisco Security Appliance
Command Reference.
Supporting the Nokia VPN Client
The security appliance supports connections from Nokia VPN Clients on Nokia 92xx Communicator
series phones using the Challenge/Response for Authenticated Cryptographic Keys (CRACK) protocol.
CRACK is ideal for mobile IPSec-enabled clients that use legacy authentication techniques instead of
digital certificates. It provides mutual authentication when the client uses a legacy based secret-key
authentication technique such as RADIUS and the gateway uses public-key authentication.
The Nokia back-end services must be in place to support both Nokia clients and the CRACK protocol.
This requirement includes the Nokia Security Services Manager (NSSM) and Nokia databases as shown
in Figure
Figure 27-5
Remote Access
Windows Clients/
Laptop Policy
To support the Nokia VPN Client, perform the following step on the security appliance:
•
Cisco Security Appliance Command Line Configuration Guide
27-28
27-5.
Nokia 92xx Communicator Service Requirement
Internet
Operator
mobile
network
Mobile Devices/
Mobile Devices
Policy
Telecommuters
Enable CRACK authentication using the crypto isakmp policy priority authentication command
with the crack keyword in global configuration mode. For example:
hostname(config)# crypto isakmp policy 2
DMZ
Firewall/
and database
VPN
gateway
management
Nokia SSM
Web server
Web services
Chapter 27 Configuring IPSec and ISAKMP
SSM server
SSM
enrollment
gateway
SSM
station
RADIUS or
LDAP server
SAP
database
Corporate
E-mail
Corporate
OL-10088-01