PERSONAL CRYPTO ISAKMP - General Question

Similar Questions

• A general question to the community

  I have a general question to the forum community. I noticed that many contributors have more than 100,000 points. I'm a contributor forum for several years, I consider myself to be a casual user and offer contributions to daily or occasionally and then my answer is chosen as the solution. Not that it's really important to me because I love just to help others. However, unless a person is right in front of their computer constantly on the communities of Apple I for the life of me see how a person could possibly reach more than 100 000 points. Y at - it a secret that I don't know?

  No, I think you worked which is the secret.

  TT2

• Can you have several strategies of crypto isakmp on a router?

  I have a router 1841 as a hub for several IPSec tunnels. I have a single ISAKMP policy that looks like this:

  crypto ISAKMP policy 1

  BA 3des

  preshared authentication

  Group 2

  isakmp encryption key * address x.x.x.x

  isakmp encryption key * address y.y.y.y

  isakmp encryption key * address z.z.z.z

  I want to start using AES as the encryption ISAKMP protocol, but I can't be there to change the other ends of all other tunnels. Can I create an another crypto isakmp strategy 2 and just put the pre-shared key for new connections in this one while I'm migration?

  Thank you

  Chris

  Chris

  You can have several strategies of isakmp on your router. The router will run through them in order until it finds a match. If you just need to add a new policy for isakmp with a number of different sequence, for example.

  crypto ISAKMP policy 2

  BA aes

  AUTH pre-shared

  Group 2

  This will not affect your original isakmp policy.

  Not sure what you mean by putting the pre-shared 'under' the isakmp policy. The key is not related to any person isakmp policy - you can see that the configuration you specify above.

  All you need to do to switch is to configure isakmp on your router 1841 strategy and then move the remote as and when you can. Those that you changed uses AES, you have not yet changed that will continue to use 3DES.

  HTH

  Jon

• clear crypto isakmp tunnel not coming back is not upward

  Hello world

  In the lab, I was testing IPSEC between 2 routers.

  It was working fine

  I ran the command

  clear crypto isakmp on one side and ping the router nei but tunnel won't uo.

  I then ran command even on the other side and did the ping to router nei still no tunnel shows here

  On both sides, I see

  1811w #sh crypto isakmp his

  IPv4 Crypto ISAKMP Security Association

  DST CBC conn-State id

  IPv6 Crypto ISAKMP Security Association

  Buth IPSEC phase shows active

  1811w # sh crypto ipsec his

  Interface: FastEthernet0

  Tag crypto map: VPN_MAP, local addr 192.168.99.1

  protégé of the vrf: (none)

  local ident (addr, mask, prot, port): (192.168.0.0/255.255.0.0/0/0)

  Remote ident (addr, mask, prot, port): (192.168.99.0/255.255.255.0/0/0)

  current_peer 192.168.99.2 port 500

  LICENCE, flags is {origin_is_acl},

  #pkts program: 3765, #pkts encrypt: 3765, #pkts digest: 3765

  #pkts decaps: 3764, #pkts decrypt: 3764, #pkts check: 3764

  compressed #pkts: 0, unzipped #pkts: 0

  #pkts uncompressed: 0, #pkts compr. has failed: 0

  #pkts not unpacked: 0, #pkts decompress failed: 0

  Errors in #send 2, #recv 0 errors

  local crypto endpt. : 192.168.99.1, remote Start crypto. : 192.168.99.2

  Path mtu 1500, mtu 1500 ip, ip mtu IDB FastEthernet0

  current outbound SPI: 0x90EC4FE9 (2431406057)

  PFS (Y/N): N, Diffie-Hellman group: no

  SAS of the esp on arrival:

  SPI: 0xB5A39DEF (3047398895)

  transform: esp - esp-sha-hmac.

  running parameters = {Tunnel}

  Conn ID: 181, flow_id: VPN:181 on board, sibling_flags 80000046, crypto card: VPN_MAP

  calendar of his: service life remaining (k/s) key: (4429521/2247)

  Size IV: 8 bytes

  support for replay detection: Y

  Status: ACTIVE

  the arrival ah sas:

  SAS of the CFP on arrival:

  outgoing esp sas:

  SPI: 0x90EC4FE9 (2431406057)

  transform: esp - esp-sha-hmac.

  running parameters = {Tunnel}

  Conn ID: 182, flow_id: VPN:182 on board, sibling_flags 80000046, crypto card: VPN_MAP

  calendar of his: service life remaining (k/s) key: (4429521/2247)

  Size IV: 8 bytes

  support for replay detection: Y

  Status: ACTIVE

  outgoing ah sas:

  outgoing CFP sas:

  If anyone can please let me know that what's happening seems to phase 1 is declining and ipsec is implemented?

  Thank you

  Mahesh

  In the implementation of IOS of Ikev1, Phase I and Phase II can live and die separately.

  By Issueing clear crypto isakmp, you disabled the phase I. Phase II will remain until expiry and wil recreate a new Phase I when we have to generate a new key.

  See the session encryption will show the session as UP-NO-IKE, which is a normal state

  On ASA, however, the implementation is slightly different because it uses CCM [continuous channel Mode]. In this case, if the phase I is going to be deleted. We delete as wel the phase II. [And vice versa - if the last P2 should be deleted, we naturally remove the P1 as well.]

  I hope that this answer to your question.

  Merry Christmas.

  Olivier

• Camileo load problem (solved) and a general question!

  Hi all!

  First of all, I was going to ask for help as to why the Camileo S10 wasn't supported (the orange light was not blinking) and I had seen a few people with similar problems.
  The solution?

  Give the contacts of the battery clean.
  The sticker of insulation that comes on it must leave some kind of residue on it, and just avoid the charges. [Now it blinks far fortunately:]

  So my general question was, is it possible/desirable to use the camera on the network?
  Instead of constantly drain and recharge the battery during long shoots, I prefer to leave it plugged!

  Thank you very much in advance!

  Paul

  Hello

  I think that the handling of the battery is always the same, regardless of what product it is
  From time to time the battery must be recalibrated.

  This means that the battery should be completely discharged and then after you need to load it again until the battery could reach 100%

  I do this with all my batteries; laptop battery, laptop battery and battery of digi cam.

• Order General questioning of IEC 60870-5-104

  Dear all,

  I use the NI Communications toolkit to create slave IEC 60870-5-104 (station controlled).

  I use s/w of Triangel microworks part and use it as the master for the same. I am able to send and receive the bulk of orders with the examples provided with the Toolkit to "C:\Program NIUninstaller Instruments\LabVIEW 2012\examples\IEC60870-5,

  I am not able to find a way to capture the "questioning general command" from the server.

   

  Can someone help me how to proceed with this.

  Thank you.

  Hi Frabto,

  The development team has had some great insights below. I have bad informed you (sorry!) behavior, that the command general question should be processed automatically in the communication stack.

  First the order of query sent to control the station may request the complete(station interrogation) or a subset (group interview) of all the data points on the control station. NEITHER 60870-5 to the command station supports the command when the control station receives an order of questioning of the station, it will reply with all the values of the data points. If the Group interrogation command, it will reply with the values of the data points that belong to the group. Users are not able to detect whether the query command is received or not, is automatically handled inside the battery, it allows users of the VI called "Set Group.vi" inside the VI polymorphic "set Property.vi" to set a point to be one of the 16 groups and you can see the usage with the example 'Interrogate information in Group.vi objects' in the folder of the example 60870-5.

  You shouldn't need to do anything to respond to a command of the interrogation. The station will automatically answer. I hope that I did not cause you too much confusion on this point.

• Some General Questions of CVI - how does the compiler

  Hello

  I work with CVI 9.1 for more then a year during this time i ' v noticed a couple things, I would like to help me to understand.

  1. Work with several C files:
  • When I'm writing a software that uses lets say C files and files of 10 H 10: Main.c Main.h File1.c File1.h Panels.h Panels.uir and so on... I'm implementation of the function in the c file and its deceleration of writing in the file h, i ' v noticed that sometimes I get msgs of the compiler on the conflicts, maybe there's a way I know not just for the CVI?
  • Works correctly with the file UIR for example lets take the files written above, if I have sign - HAND and control led1 and I want to do SetCtrlVal in the Main.c I can implement as this SetCtelVal(MAIN,MAIN_LED1,1); but when I go to file1.c and try to do it, I get the error message that main_led1 is not a control value (I included the Panels.h) this problem happens to me a lot is there a solution? or maybe I am doing something wrong...
  • What is the best way to implement bollean var (true false) for the software? is it possible to add this var always?
  • decelerations of incompatible type: allows you to take the Fmt function for example when I'm trying to use it in another file, I get the decelerations of incompatible type with the names of the files...
  • General question: lets say I want to include in my project and I want to use its features in main.c and file1.c, I included in two files? or there is a way to include it in a single file only?

  2. to access the buttons

  • lets say that I have buttons and I am pressing on it after pressing the button I have a loop for 10 min, I want to create a button give up, but I can't press anything because the keys are "locked out" is there a way besides multi threading to implement this?

  Wow! A very broad set of issues!

  A quick response.

  • Works correctly with the file UIR for example lets take the files written above, if I have sign - HAND and control led1 and I want to do SetCtrlVal in the Main.c I can implement as this SetCtelVal(MAIN,MAIN_LED1,1); but when I go to file1.c and try to do it, I get the error message that main_led1 is not a control value (I included the Panels.h) this problem happens to me a lot is there a solution? or maybe I am doing something wrong...

  There is a basic error in your statement: the first (SetCtrlVal) parameter must be the handle Panel, which is the reference to the object in memory that is created when you call LoadPanel (). Using the name of constant sign is not correct: it may work if you're lucky and you have the Panel handle with the same value as the name of the constant, but this certainly isn't the correct way to address on a panel controls.

  Even if I don't understand the error that you declare: I expect 'the control is not of the type expected by the function' or an error of inconsistent data type (like passing an int to double check) or...

  Remember that each function that processes objects on a Panel must be aware of the handful of Panel, then either you pass to the function as a parameter, or store it in a global variable.

  • decelerations of incompatible type: allows you to take the Fmt function for example when I'm trying to use it in another file, I get the decelerations of incompatible type with the names of the files...

  I normally leave CVI #including the necessary system files: when I use certain functions like Fmt in a source file and compile ICB warns me to add the relevant include file, and it does it correctly. Operating in this way I never had problems with formatting and the I/o library functions. You can rebuild the inclusion list by removing all #includes in yous source files and compilation of the project, this should correct errors

  • General question: lets say I want to include in my project and I want to use its features in main.c and file1.c, I included in two files? or there is a way to include it in a single file only?

  You must include the file containing the definitions of the functions in all source files that use. Or you can create a general include file with all included in your project and include only this one in all of your source files

  • lets say that I have buttons and I am pressing on it after pressing the button I have a loop for 10 min, I want to create a button give up, but I can't press anything because the keys are "locked out" is there a way besides multi threading to implement this?

  It is a general rule that animates the CVI environment: during the execution of a loop inside a function (a reminder of command or another function) the system does not handle the user interface events, so that your buttons appear locked. This can be solved by adding a call repeated (ProcessSystemEvents) inside the loop: this way of all UI events are monitored and managed by the system.

  You must use this method with caution: before entering the loop, you must disable all the controls that can be used during operation (normally only the Quit button should stay active) otherwise, you can enter a situation in which other callbacks are executed during the loop that might interfere with it.

  In such a case, do not put a reminder in the stop button and the use of a global variable I have normally create a toggle button Stop and manipulate it in this way:

  While (1) {}

  ....

  ProcessStemsEvents ();

  GetCtrlVal (panelHandle, PANEL_STOP, &stop);)

  If {(stop)

  ... gracefully out of the function

  break;

  }

  }

  This argument has been discussed several times in the forums: do a search for ProcessSystemEvents returns a large number of discussions you can read

  • What is the best way to implement bollean var (true false) for the software? is it possible to add this var always?

  CVI is not a native boolean value. I used to use an int and test weather it is zero or not

  • When I'm writing a software that uses lets say C files and files of 10 H 10: Main.c Main.h File1.c File1.h Panels.h Panels.uir and so on... I'm implementation of the function in the c file and its deceleration of writing in the file h, i ' v noticed that sometimes I get msgs of the compiler on the conflicts, maybe there's a way I know not just for the CVI?

  I do not understand what you describe: could you add some piece of code allowing to penetrate this situation and report exactly the message the compiler warns?

• Router Cisco 1941 - crypto isakmp policy command missing - IPSEC VPN

  Hi all

  I was looking around and I can't find the command 'crypto isakmp policy' on this router Cisco 1941.  I wanted to just a regular Lan IPSEC to surprise and Lan installation tunnel, the command isn't here.  Have I not IOS bad? I thought that a picture of K9 would do the trick.

  Any suggestions are appreciated

  That's what I get:

  Router (config) #crypto?
  CA Certification Authority
  main activities key long-term
  public key PKI components

  SEE THE WORM

  Cisco IOS software, software C1900 (C1900-UNIVERSALK9-M), Version 15.0 (1) M2, VERSION of the SOFTWARE (fc2)
  Technical support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2010 by Cisco Systems, Inc.
  Updated Thursday, March 10, 10 22:27 by prod_rel_team

  ROM: System Bootstrap, Version 15.0 M6 (1r), RELEASE SOFTWARE (fc1)

  The availability of router is 52 minutes
  System returned to ROM by reload at 02:43:40 UTC Thursday, April 21, 2011
  System image file is "flash0:c1900 - universalk9-mz.» Spa. 150 - 1.M2.bin.
  Last reload type: normal charging
  Reload last reason: reload command

  This product contains cryptographic features...

  Cisco CISCO1941/K9 (revision 1.0) with 487424K / 36864K bytes of memory.
  Card processor ID FTX142281F4
  2 gigabit Ethernet interfaces
  2 interfaces Serial (sync/async)
  Configuration of DRAM is 64 bits wide with disabled parity.
  255K bytes of non-volatile configuration memory.
  254464K bytes of system CompactFlash ATA 0 (read/write)

  License info:

  License IDU:

  -------------------------------------------------
  Device SN # PID
  -------------------------------------------------
  * 0 FTX142281F4 CISCO1941/K9

  Technology for the Module package license information: "c1900".

  ----------------------------------------------------------------
  Technology-technology-package technology
  Course Type next reboot
  -----------------------------------------------------------------
  IPBase ipbasek9 ipbasek9 Permanent
  security, none none none
  given none none none

  Configuration register is 0 x 2102

  You need get the license of security feature to configure the IPSec VPN.

  Currently, you have 'none' for the security feature:

  ----------------------------------------------------------------
  Technology-technology-package technology
  Course Type next reboot
  -----------------------------------------------------------------
  IPBase ipbasek9 ipbasek9 Permanent
  security, none none none
  given none none none

  Here is the information about the licenses on router 1900 series:

  http://www.Cisco.com/en/us/partner/docs/routers/access/1900/hardware/installation/guide/Software_Licenses.html

• "no nat-traversal crypto isakmp" after restart

  Hello

  With the version of the Software ASA 8.0, we noticed that whenever restart us tha device, the configuration line:

  No encryption isakmp nat-traversal

  appears in the configuration.

  It is very annoying, because this NAT - T obviously does not work.

  Any of you noticed that too?

  Ideas?

  Thank you very much.

  Marco Pizzi.

  Hi Marco,.

  This is a bug in the version of the ASA 8.x software and there are workarounds:

  CSCsj52581 Details of bug

  No inconsistent configuration of nat-traversal isakmp crypto after reboot

  Symptom:

  After a restart of the ASA at the global order "no isakmp encryption".

  NAT-traversal.

  appears in the running-config even it is not available in the

  startup-config.

  Conditions:

  None

  Steps to reproduce:

  BSNs-ASA5505-1 (config) # nat-traversal crypto isakmp

  BSNs-ASA5505-1 (config) # copy run start

  BSNs-ASA5505-1 (config) # sh run all | NAT Inc

  Crypto isakmp nat-traversal 20

  BSNs-ASA5505-1 (config) # sh start | NAT Inc

  BSNs-ASA5505-1 (config) #.

  After reloading of the ASA:

  BSNs-asa5505-1 # sh run all | NAT Inc

  No encryption isakmp nat-traversal

  BSNs-asa5505-1 # sh start | NAT Inc

  asa5505-BSNs-1 #.

  Workaround solution:

  (1) use a default value, for example, "crypto isakmp nat-traversal 21.

  (2) to activate the "crypto isakmp nat-traversal" after the restart of the ASA if you

  You can use the default value. The default value is: crypto isakmp

  NAT-traversal 20

  Radim

• No crypto isakmp ccm

  Can someone tell me or point me to the right direction to find out, what is / was the subject of the order "crypto isakmp ccm. ?

  I need to explain to a customer, and I can't find any information on this subject. I checked every reference command 12.x and I didn't find a thing.

  I've seen many examples of configs with "no crypto isakmp ccm", but nowhere can I find an explanation on this subject,

  Concerning

  Ariel,

  CCM stands for Protocol of CCM (CCMP).

  The message 'no ccm isakmp crypto' is not

  of all fear, because it's just letting you know that you have not implemented the Optional Protocol of the CCM (CCMP).

  CCMP is a data security protocol that handles authentication and encryption package. Privacy, CCMP uses AES in counter mode. For authentication and integrity, the CCMP uses Cipher Block Chaining Message Authentication Code (CBC - MAC). In the IEEE 802.11i standard, CCMP uses a 128-bit key. The block size is 128 bits. The size of the CBC - MAC is

  8 bytes and the size of Nuncio is 48 bits. There are two bytes of overhead IEEE 802.11. CBC - MAC, the Nuncio and the overload of IEEE 802.11 enlarge the CCMP 16 bytes only one unencrypted IEEE 802.11 packet

  package. Although somewhat slow, the biggest package is not a bad exchange for increased security.

  CCMP protects some of the fields that are not encrypted. Additional parts of the IEEE 802.11 frame get protected are known as additional authentication (AAD) data. AAD includes source and destination packages and protects against attacks from re-reading of the packages to different destinations.

  Let me know if it helps.

  Kind regards

  Arul

• Order the crypto isakmp his poster 2 VPN

  Hi all!

  Why my router shows me 2 VPN? Is this normal?

  R1 #show crypto isakmp his

  IPv4 Crypto ISAKMP Security Association
  DST CBC conn-State id
  10.10.0.5 10.10.0.2 QM_IDLE 1870 ACTIVE
  10.10.0.2 10.10.0.5 QM_IDLE 1871 ACTIVE

  For clarity, this shows that you have two sessions of IKE.

  The situation can occur when:

  1) both sides start IKE session at the same time.

  (2) when one side initiates a generation of new key IKE SA (every 24 hours by default).

  Most of the time is not a problem.

  Check if your IPsec security associations are upward and do not beat.

  Which allows to "consignment crypto session" is probably a good way to get visibility.

• General questions about errors in eventvwr

  Greetings.

  I have a general question about some failed modules are stored in the Windows Event Viewer.

  An error leading to the crashes some applications that I've seen several times now when supporting computer problems is something like this:
  (Windows error reporting) Fault bucket, Type 0, name of the event: PCA2, (...) P1: application.exe, (...)

  I wonder what this 'PCA2. Which is a kind of module Windows handles tasks such as allocating memory or smth. Like this? What could be the cause of these errors (physical memory problems / corrupt swap file / insufficient rights?)

  Same Question for the application falls down because of "kernelbase.dll" as in:
  (Application error) Failing application: application.exe, Version: 0.0.0.0, (...) Failed module: KERNELBASE.dll, Version: 6.1.7601.18015, (...) Path of the failing module: C:\Windows\syswow64\KERNELBASE.dll (...)

  What is the .dll file and what could possibly cause kernelbase.dll Fault?

  The application can be a bit buggy, but I wonder what could possibly cause these accidents and if there is a way to fix these problems - or what dev did wrong.

  The two errors occur mainly on x 64 systems - especially Windows 7/vista

  Kind regards

  With application errors, the application is called everything first and the module he collaborated with is named second. Normally you should try to reinstall the application if you see not to repeat the mistakes. If this does not work, you go to the forum on the application to see if other users see the same error. There may be a bug in the application.

  The observer of the Application event log contains Information reports (event ID: 1001) for errors where the details were sent to Microsoft for review. You will find that there are corresponding to the event ID: 1000 reports errors, either in the system or Application logs. These reports are also included in the center of the Action. Center type action in the area of research above the Start button and press ENTER. Click on the arrow pointing downwards to the right of Maintenance, and then click view reliability history. The errors reported are the Red orbs with a white cross. You can search for solutions to problems, but occasionally you get a significant response from Microsoft.

  I can't tell you what it means PCA2. Google did not find a significant result. The reports themselves are not unintelligible, although I have never tried to understand the meaning of a particular report. I have extracted what, in my view, is a starting point of two reports:
  Event name: PCA2 = P1: motherboard_utility_onoffchargesetup.exe P2: 4.65.0.0

  Event name: PCA2 = P1: setup.exe P2: 11.0.0.28844

  You have the app in the boredom and the version of the file. These details have been extracted a file of information system to a computer with a card mother Gigabyte. So, you see I have a starting point, if I wanted to determine the cause of a failure.

  I will say before you go dive deep into each event ID: 1001 report that many are not easy to even begin to understand. However, they can provide useful clues.

  KERNELBASE.dll is likely to be the module with which the application works. You need to focus on the application.  KERNELBASE is probably preceded by P3 or P4 in the report?

  General remarks on the event viewer:
  http://www.gerryscomputertips.co.UK/syserrors5.htm

• ASA 5505 - crypto isakmp nat-traversal is missing?

  I can't understand it. I have an ASA5505 at home that I use for VPN access. Sometimes when I connect I can't ping anything. I check the config and it shows:

  No encryption isakmp nat-traversal

  I have configured "crypto isakmp nat-traversal" so many times before, and somehow it is still deleted. Seems to happen at random, as well as when the device is restarted. (Yes, the config has been saved). I would say that what is happening at least 2 - 3 times a week.

  Any ideas? I am running the 8.0.2 version code.

  This is a bug. Set the value on something other than the default value of 20. This will fix the problem.

  Cryto isakmp nat-traversal 21

• invalid-spi-recovery crypto isakmp command worked well in the case of DMVPN

  Hello

  I did the Setup for Hub/spoke in th DMVPN case and it worked fine. But after reloading Hub and I saw an output of error below, well I added the command invalid-spi-recovery isakmp crypto in the Hub & spokes:

  * 7 Oct 03:10:03.175: CRYPTO-4-RECVD_PKT_INV_SPI %: decaps: rec would be package IPSEC a bad spi to destaddr = 150.1.1.1, prot = 50, spi = 0 x 72662541 (1919296833), port = 150.3.1.3

  * 7 Oct 03:10:03.175: CRYPTO-4-RECVD_PKT_INV_SPI %: decaps: rec would be package IPSEC a bad spi to destaddr = 150.1.1.1, prot = 50, spi = 0 x 72662541 (1919296833), port = 150.2.1.2

  Note: spoke1 IP address: 150.2.1.2/spoke2's IP address:150.3.1.3/Hub's IP address: 150.1.1.1

  My temporary solution for the same problem, I need to erase SPI by manually and it worked fine again.

  Everyone has the same problem, please let me know

  Kind regards

  TRAN

  Hello

  There is a common misconception of what the invalid-spi-recovery crypto isakmp command does. Even without this command IOS already performs a kind of recovery invalid SPI feature by sending a DELETION notify for the SA has received send peer If she already has an IKE SA with this peer. Still once, this happens regardless of whether the order invalid-spi-recovery crypto isakmp is enabled or not.

  With the order of isakmp crypto invalid-spi-recovery , he tries to regulate the condition where a router receives the IPSec traffic with invalid SPI and

  It doesn't have an IKE SA with this peer. In this case, it will try to put in place a new IKE session with the peer and then send a DELETION notification on the newly created HIS IKE. However, this command does not work in all configurations of crypto. Are the only configurations that this command works cryptographic instantiated, for example, Asit, and peer static maps from static cryptographic cards where the peer is defined explicitly. Here is a summary of commonly used configurations of crypto and know if invalid spi recovery works with this configuration or not:

  Crypto config	Not valid-spi-recovery?
  Static crypto map	YES
  Dynamic crypto map	NO.
  P2P GRE with TP	YES
  using love TP w / static PNDH mapping	YES
  using love TP w / dynamic PNDH mapping	NO.
  ASIT	YES
  EzVPN client	N/A

  For help with your scenario, you can enable DPD (isakmp crypto keepalive) on the shelf to help the recovery tunnel.

  Thank you

  Wen

• Smartphone Newbie question blackBerry - general question on the synchronization of e-mail

  Hello

  I have a general question about the synchronization of e-mail and BlackBerry smart phones.  Y at - it none of the devices that enable E-mail synchronization with Microsoft Exchange 2007 system not requiring BlackBerry Enterprise server?

  Thank you; Sorry if this has been asked before but I was unable to find it in the forums, documentation, etc.  Guess what I found for this kind of environment, you will use a BlackBerry Enterprise solution, but I can't assume.

  Thanks again.

  The short answer is no - BB using a different methodology than the use of WM. BB Push, WM uses (for most) sweater. As a result, the long answer...

  BB uses a server solution - it's called the BlackBerry Internet Service (BIS) and it is hosted by your carrier. As an ENCORE, you create a BIS account, then create configurations for different emails, save your credentials for each e-mail account with necessary configuration items (as an ENCORE) (name of the server, the special ports, etc.). Then, BIS periodically checks your mail servers (about every 15 minutes) for any changes on the server that are required on the BB - only, so it generates traffic to your BB to expel these changes. If there is nothing that need to come to the HH, there is no traffic on the network of the carrier.

  WM, on the other hand, devices use (for the most part - there are exceptions) a technology pull... the device itself asks your e-mail servers for changes that need to come to the HH. This generates more traffic on the network of the carrier that the action of the poll itself generates traffic, even if there is nothing to come to the HH.

  Another distinction is the notion of synchronization - in the vernacular WM, it means that what makes your Inbox to the server mailbox and your lines of mailbox HH of the each other for everything (items old and new)... In the vernacular of BB, what is happening is the reconciliation of the new features and changes. But the old elements aren't coming for BB... only news of the moment of activation.

  Another distinction is just what reconcile to a BB - new, remove, read/unread, saved, etc. Which varies according to the messaging service... see this KB for more information:

  • KB05133 Features of the BlackBerry Internet Service email reconciliation

  Hope that helps!