The Application option is the most commonly used method of VPN client installation. Using this option, the end user will only have to specify user iden- tification and password in the client session initialization in order to connect to the VPN Router and access LAN resources. The Windows service option allows end users to connect to a VPN Router, and then they will need to log in to their Windows domain in order to access LAN resources. The Windows GINAoption is supported on Windows 2000 and Windows XP operating systems. GINA allows for an automatic Windows domain login ser- vice through a VPN tunnel. When using the GINA option, the user is not required to launch a client and log out of a local system in order to authenticate on the Windows domain. Once you have established a tunnel with the VPN client, the Windows domain login is established for the user via the tunnel. Figure 3-49: The Select Program Folder phase of the upgrade installation process Figure 3-50: The install and run phase of the upgrade installation process The Nortel VPN Router Software Overview 119 06_781274 ch03.qxp 6/21/06 10:07 PM Page 119 Click the Back button to return to the previous phase of the installation. Click Next to direct the InstallShield Wizard to accept the installation option that you have selected and to continue the installation process. Click Cancel to cancel the installation process. The next phase of the VPN client installation is the confirmation window. This is the final window that you will review prior to the installation of the VPN client. It contains details such as the program and the driver(s) that are being installed. If you need to review any of the options that you have selected, this window instructs you to click the Back button. Click the Back button to return to the previous phase of the installation. Click the Next button to direct the InstallShield Wizard to begin copying the installation files. Click the Cancel button to cancel the installation process. The next phase of the installation process is the Setup Status window. There is a percentage status bar that will keep you informed of the installation progress. Only one button is available during this phase: Cancel. If you select this button during the installation, the installation will be aborted. Once the VPN Client program has been installed, the next phase of the installation process is engaged. This phase is where the necessary drivers are loaded onto your PC. There are no buttons to select during this phase of the VPN client installation process. The next phase of the VPN client installation is simply a window that informs you that your program folders and icons are being created. There are no buttons to select during this phase. The next phase of the VPN client installation process is a window that will display the location that you specified you wanted the VPN client software to be loaded into, as well as the associated icons that are available. The icons you will see are the VPN client icon, the Readme.txt icon, and the VPN client unin- stall icon. In Windows 2000, you can access these icons from your Start menu as well. Figure 3-51 shows an example of the program window that you will see. The next window that you will see is a display window of the readme.txt file. You should read through this file as it details information about your VPN client software version. The readme.txt file displays Windows-specific information that may be important to you, depending on other applications you may be using. Although three buttons are displayed, only one is available (not grayed out). Once you have completed reading the information contained in this window, you will select the Next button to continue the installation process. Figure 3-52 shows an example of the readme.txt phase of the VPN client installation process. NOTE If you choose not to read the information in the readme.txt during the upgrade process, you can always refer to the readme.txt icon in Figure 3-51. It is the same information. 120 Chapter 3 06_781274 ch03.qxp 6/21/06 10:07 PM Page 120 Next is the final phase of the installation process. With VPN Client code ver- sion 6.01 and later, you are no longer required to reboot your PC for the appli- cation to work. You can optionally reboot, but it is no longer a requirement. The only button that is available to you during this phase is the Finish but- ton. Clicking Finish returns you to Windows. You are now ready to use your VPN client. Figure 3-53 shows an example of this window. Figure 3-51: The location specified for the upgrade installation process Figure 3-52: The readme.txt file phase of the upgrade installation process The Nortel VPN Router Software Overview 121 06_781274 ch03.qxp 6/21/06 10:07 PM Page 121 Figure 3-53: The “Installation complete” window of the upgrade installation process NOTE If you are installing over an existing VPN client, you will have to reboot your computer in order for the changes to take effect. Starting the VPN Client Once you have loaded the VPN client onto your PC, you are ready to start it for the first time. There are a few options that you will need in order to set up connection parameters within your VPN client. Most of the time, your net- work administrator will provide the necessary parameters to you, but there may be times where you need to ensure the correct parameters before you are able to use your client to create a user tunnel to a remote LAN. To start the VPN client for the first time if you are using a Window OS, select Start → Programs → Nortel Networks → Contivity VPN client. Figure 3-54 has an example of starting your client in this manner. NOTE The Start menu path may be different if you have chosen values other than default values when initially loading the VPN client. Another method in a Windows-based operating system environment to run your VPN client is to access the Start menu directory and to double-click the Contivity VPN Client icon. Figure 3-55 shows an example of running the VPN client from the directory in which is it located. 122 Chapter 3 06_781274 ch03.qxp 6/21/06 10:07 PM Page 122 After the initial configuration of your first connection profile, you will no longer be prompted with the Connection Wizard window when you start your VPN client. If you want to use the services of the Connection Wizard when set- ting up additional profiles, you can access the wizard by selecting File → Con- nection Wizard from the VPN client main window (see Figure 3-57). The Nortel VPN client contains a Connection Wizard that will assist you in setting up a connection. The Connection Wizard runs automatically when you start the Nortel VPN client application for the first time. If you are not an advanced user of the Nortel VPN client, we recommend that you allow the wizard to assist in setting up your first connection. Figure 3-56 shows an exam- ple of the Connection Wizard window. Figure 3-54: Starting the VPN client from the Start menu Figure 3-55: Starting the VPN client from a directory The Nortel VPN Router Software Overview 123 06_781274 ch03.qxp 6/21/06 10:07 PM Page 123 Figure 3-56: When starting the VPN client for the first time, you will see the Connection Wizard window. Figure 3-57: Accessing the Connection Wizard from the VPN client main window After you have been prompted about whether or not you want to run the Connection Wizard to establish your first connection, you will move on to the remainder of the initial start process. If you selected that you did not want to run the wizard, you will be directed immediately to the VPN client main window shown in Figure 3-58. NOTE If you opted not to run the Connection Wizard, you will have to establish your connection parameters manually. You can also run the Connection Wizard at any time by selecting File → Connection Wizard. 124 Chapter 3 06_781274 ch03.qxp 6/21/06 10:07 PM Page 124 The VPN Client Connection Wizard Process If you selected the option to run the Connection Wizard (either by initial setup, or selecting the Connection Wizard menu), you will be prompted with a series of setup options. The options that you are prompted for are required and must be filled out completely to establish your connection. The first phase of the Connection Wizard setup is the New Connection Pro- file (see Figure 3-59). The new connection profile will be the profile that is used by you (the end user) to identify the connection profile on your PC. There are two fields of information in the connection profile window. The first is required and it identifies the name of the connection profile. For exam- ple, if you want to set up a connection profile to your corporate LAN, you may want to name the connection profile “Work.” If you are setting up a connection profile to a remote office for a business partner named “Pal-partners,” you may want to name the connection profile “Pal.” Figure 3-58: If you opted to not run the Connection Wizard, you will receive this window. Figure 3-59: The New Connection Profile dialog box The Nortel VPN Router Software Overview 125 06_781274 ch03.qxp 6/21/06 10:07 PM Page 125 The second field that is available in the New Connection Profile dialog box is a description of the profile. This is an optional field and it can assist you in defining the connection profile. For example, if you are setting up a connection profile to your corporate LAN, you may want to describe the connection pro- file as “Main corporate LAN.” If you are setting up a connection profile to a remote office for a business partner named “Pal-partners,” you may want to enter the description “Invoice checking.” No matter what names you use to identify the connection in the New Con- nection Profile dialog box, these names are there to assist you (the end user) in locating and utilizing a connection. In the next dialog box, you choose the authentication type for the connection that you are creating (see Figure 3-60). You have three different options to select, and the one you choose depends on the type that has been configured by the network administrator. The first option is for username and password authentication. The second option is for either hardware or software token card authentication. The final option is for a digital certificate or smart card. Select the authentication type and click Next. The other button options are Back (to return to the previous menu) and Cancel (which cancels the connec- tion setup). The remaining steps of the connection setup depend upon the authentica- tion type that is being used. In the following section, we discuss the remaining steps of the connection setup based upon the chosen authentication type. Selecting Username and Password Authentication Type If you chose username and password authentication, you will now receive a window asking you to identify the username and password that is to be used for you to be authenticated upon connection to the VPN Router (see Figure 3-61). You will enter the username and password that were provided to you by you network administrator. All characters are case sensitive, so it is important that you enter this information correctly. A “Save the Password” button is available to save the password so you do not have to enter it each time. NOTE If this is a custom install provided by your network administrator, then the administrator may have removed the option to save the password. This is done for security reasons and will require that you enter the password each time you connect to the VPN Router. Once you have entered the username and password, you have an option to continue (Next), cancel (Cancel), or to return to the previous menu (Back). In the ensuing window shown in Figure 3-62, you are asked if you have group ID and password authentication information or not. This information 126 Chapter 3 06_781274 ch03.qxp 6/21/06 10:07 PM Page 126 is provided by the network administrator and is determined by the needs of the LAN. Figure 3-60: The Authentication Type dialog box Figure 3-61: The User Identification dialog box Figure 3-62: The Group Authentication Information dialog box The Nortel VPN Router Software Overview 127 06_781274 ch03.qxp 6/21/06 10:07 PM Page 127 Select whether or not you have the Group ID and password authentication information and then click Next. The other button options are Back (to return to the previous menu) and Cancel (which cancels the connection setup). No Group ID and Group Password If you are not using Group ID and password authentication, you are now asked to provide the IP address or host name that you will be connecting to (see Fig- ure 3-63). This is the public interface of your VPN Router. Enter the IP address or the host name and then click Next. The other button options are Back (to return to the previous menu) and Cancel, which cancels the connection setup. With Group ID and Group Password If you are using Group ID and password authentication, you are now asked to provide the Group ID and the Group password (see Figure 3-64). Enter the Group ID and the Group Password and then click Next. The other button options are Back (to return to the previous menu) and Cancel (which cancels the connection setup). In the next window (see Figure 3-65), enter the IP address or the host name and then click Next. The other button options are Back (to return to the previ- ous menu) and Cancel, which cancels the connection setup. Finally, you choose whether or not you want to create a dial-up connection that will be used to initiate your VPN connection (see Figure 3-66). Choose whether or not you need to dialup (to an access provider) prior to initiating your VPN connection. Choose either Back, Next, or Cancel. The setup of the connection is now complete. You will receive a window informing you of this, and then you can select one of the option buttons to complete the configuration of your VPN connection. In Figure 3-67, you can see that by clicking Finish you are now be able to test your connection. Figure 3-63: The Destination dialog box 128 Chapter 3 06_781274 ch03.qxp 6/21/06 10:07 PM Page 128 [...]... are using (see Figure 3- 68) Select the appropriate Token card type and click the appropriate option button at the bottom of the window Next, you are prompted to enter the token card User ID, as well as Token group logon information (see Figure 3- 69) Enter the correct logon information and then select one of the buttons at the bottom of the window In the next window (see Figure 3- 70), enter the IP address... capability to apply its policies not only to the physical devices used throughout its infrastructure, but also to the traffic it allows to travel over its network infrastructure The use of mandatory tunneling for all traffic puts greater demands on the company network because of the need for more bandwidth to handle traffic destined for devices on its own network and additional traffic destined to devices... available to them utilizing the authentication process to set their permission level upon access The Nortel VPN Routers support the mentioned tunneling protocols However, Nortel provides a proprietary IPSec VPN Client Software for users connecting using this tunneling protocol to connect to Nortel VPN Routers This client software is supported on the following operating systems: ■■ Microsoft Windows ■■ McIntosh... attempting to construct a VPN Tunnel with, then the client PC IP address is masked by the NAT process To overcome this, VPN Routers use a function called NAT Traversal When enabled on a VPN Router, this function negotiates the port being used to establish and maintain a VPN tunnel connection NAT Table 192.168.1.7 Port 80 27.16 .32 .198 27 .34 .1 23. 13 14001 – Source 192.168.1.7 Destination 27.16 .33 2.196 Port... the VPN Router and the end-user work stations Now that we have discussed the software for the VPN Router, we will be discussing the technologies supported by this software In Chapter 4, we discuss VPN networking, including VPN tunneling protocols and technologies Nortel VPN routing deployment strategies are also discussed CHAPTER 4 The Nortel VPN Router in the Network This chapter discusses how a VPN. .. McIntosh ■■ Linux ■■ Palm handheld platforms Figure 4-5 shows an example of user tunnel connections Figure 4-5 contains examples of how PC-based clients are able to connect to a VPN Router over the Internet For the purpose of this example, it is assumed that all the PCs are using the Nortel VPN Client Software and using the IPSec tunneling protocol to connect to the main office VPN Router The users in... required to allow for a secure tunnel connection to the VPN Router Following are the most widely used secure connection types: ■ ■ Layer 2 Tunneling Protocol (L2TP) ■ ■ Point -to- Point Tunnel Protocol (PPTP) ■ ■ Layer 2 Forwarding protocol (L2F) ■ ■ IP Security (IPSec) 141 142 Chapter 4 PC-Based VPN Tunnels PCs running VPN tunneling software can make secure connections directly to VPN Routers These... or the host name and then click Next The other button options are Back (to return to the previous menu) and Cancel (which cancels the connection setup) Finally, you choose whether or not you want to create a dialup connection that will be used to initiate your VPN connection (see Figure 3- 71) Choose whether or not you need to dialup (to an access provider) prior to initiating your VPN connection Choose... The laptop of User 2 is configured the same as the laptop being used by User 1 It has a standard company software image using the same applications including use of the Nortel VPN client to access the company VPN Router using mandatory tunneling So, while the user of the desktop computer has full access to the Internet without company policies either regulating or monitoring that user’s ability to use... administered through the company Information Services (IS) department Many installations using the Nortel VPN Router make use of the Nortel VPN client to permit access to the company private LAN infrastructure with use of this client The client is capable of using various forms of authentication from simple username/password to more rigorous forms of authentication using tokens and certificates Chapter 10 . VPN networking, including VPN tunneling protocols and technologies. Nortel VPN routing deployment strategies are also discussed. 132 Chapter 3 06_781274 ch 03. qxp 6/21/06 10:07 PM Page 132 133 This. window. Figure 3- 54: Starting the VPN client from the Start menu Figure 3- 55: Starting the VPN client from a directory The Nortel VPN Router Software Overview 1 23 06_781274 ch 03. qxp 6/21/06 10:07. parameters to you, but there may be times where you need to ensure the correct parameters before you are able to use your client to create a user tunnel to a remote LAN. To start the VPN client for