NOTE Before installing any version of VPN Client software, ensure that you read the release notes that accompany the software. Failure to read the notes may cause you some pain later if you find that you are using an unsupported OS or OS configuration. To install the VPN Client, you will need to first copy the VPN Client exe- cutable file to a directory on your PC. The filename for the VPN Client will begin with “EAC,” which stands for Extranet Access Client. The net portion of the application name is the major and minor revision number. For example, if you are loading the version 6.01 software, the number to the left of the decimal is the major revision number and the number to the right would be the minor revision number. For example, the application filename for the Nortel VPN Client version 6.01 would be: EAC601.exe Once you have loaded the application software onto your computer, you will double-click the application software icon and it will launch the VPN Client installation wizard. Simply read through each of the windows during the install process and follow the instructions. Figure 10-2 is an example of the VPN Client installation wizard’s window that you will first see. In the next step of the installation process, the Nortel software License Agreement is provided to you. As with all software, the License Agreement is legally binding. Therefore, it is important that you read and understand the agreement prior to installing it on your PC. Figure 10-2: The Install Wizard’s Welcome screen The Nortel VPN Client 427 13_781274 ch10.qxp 6/22/06 12:12 AM Page 427 The License Agreement is presented in a window that has a scrollbar that allows you to scroll through the agreement from top to bottom. It informs you that you are giving consent to be bound by all of the information within the agreement. That is, it is a legal agreement between you and Nortel as to the intentions of the VPN Client software, and exactly how that software can be used. NOTE You can use the Nortel VPN Client only if you agree to the information contained within the License Agreement. The License Agreement will define what materials are approved for use within the VPN Client. These materials will include such things as the related documentation, the VPN Client, on-line help, and Nortel Web access. The License Agreement will define what authority the user has to use the VPN Client. It will list what is and is not allowed as far as sharing of informa- tion and will define licensing authority. It informs the user that Nortel owns the rights to the software and can enforce the rules that are outlined in the agreement. It also will list any warranty information and copyright informa- tion. Figure 10-3 shows an example of the VPN Client License Agreement window. Once you have read and accepted the License Agreement, you can begin installing the VPN Client software onto your PC. If you have not yet read the release notes, do so now. The installation of the VPN Client will write files onto your PC, and you want to ensure that there are no known compatibility issues with any other software that may be loaded on your PC. Figure 10-3: The Nortel VPN Client License Agreement 428 Chapter 10 13_781274 ch10.qxp 6/22/06 12:12 AM Page 428 If you are certain that you are ready to install the VPN Client software onto your PC, you will now continue with the installation. The next step is for you to choose the directory into which you would like to install the software. The VPN Client install wizard will default to the following directory (see Figure 10-4): C:\Program Files\Nortel Networks If you want to go with the default setting (recommended), you simply click Next to continue the installation process. If you want to select another direc- tory on your PC in which to install to, then you need to select the Browse but- ton in the installation wizard window. Clicking Browse will allow you the option to specify into which directory you would like to install your VPN Client software. Figure 10-5 shows an example of the directory specification window. Figure 10-4: The Choose Destination Location window Figure 10-5: Selecting a directory to install your software into The Nortel VPN Client 429 13_781274 ch10.qxp 6/22/06 12:12 AM Page 429 Select the directory that you would like your VPN Client to be installed into and then click OK. You will then be brought back to the installation screen and can now click Next. You will need to specify the program folder that you would like the VPN Client shortcut icons installed into. This will be the Start menu folder that you will use to locate the icon that you will be using in the Windows environment to launch the VPN Client. As you can see in Figure 10-6, the default directory that the icons will be loaded into is Program Files → Nortel Networks. NOTE You can specify an alternate directory to have these icons loaded. The VPN Client installation software will now ask you what type of service that you would like the VPN Client to support. Following are the choices that you have to select from: ■■ As a application (default choice) ■■ As a Windows default service ■■ As a Windows GINA service There is a warning message at the top of this installation window that informs you of the importance of reading and reviewing the VPN Client doc- umentation if you are selecting a service other than the default (an application) service. Figure 10-7 shows an example. The default choice is the most-often used choice and it requires that you launch the VPN Client to connect to your corporate LAN. Once connected, you will have access to the applications and services that you would normally have if you were physically connected to the corporate LAN. Figure 10-6: Selecting your icon folder 430 Chapter 10 13_781274 ch10.qxp 6/22/06 12:12 AM Page 430 Figure 10-7: The VPN Client install service choice window NOTE In this chapter it is assumed that the VPN Client installation that we are referring to is the default application service choice. If a reference is made to any of the other choices, it will be noted as such. The Windows service requires you to make a connection to the VPN Router, but before you are able to access LAN applications and services, you will be required to log onto the corporate domain. The Windows Graphical Identification and Authentication (GINA) service provides the user with secure login services. The Nortel GINA allows the user the ability to log on to the LAN domain prior to launching the VPN Client. The service that is chosen will be determined by your network administra- tor and is decided based on the environment in which the network resides. Most installations will simply be the default, but you can check with your net- work administrator if you are unsure. Next, you will be presented with a summary window that informs you that the installation process is about to begin. You will review what software and drivers will now be installed onto your PC. If you need to make any changes, you can click Back or Cancel here. Otherwise, you will click on Next. Fig- ure 10-8 shows an example. The installation process has now begun. The VPN Client installation appli- cation will load all necessary files for the correct and proper operation of the VPN Client. This process may take a few minutes. During this time, a status bar informs you of the progress of the installation. Occasionally, you will see a smaller window pop up that informs you some of the files that are being writ- ten to your PC and some of the files that are being adjusted. The Nortel VPN Client 431 13_781274 ch10.qxp 6/22/06 12:12 AM Page 431 Figure 10-8: Start Copying Files window The readme.txt file is presented in the next window. It is a help file that provides information to you about the VPN Client you are about to install. The following table of contents provides the topics that are contained within the readme.txt file. ■■ I. Introduction ■■ II. New Features ■■ III. Known Issues ■■ IV. Getting Help ■■ V. How to use Control Panel settings to prevent driver signing warning Messages from appearing NOTE Beginning with version 6.01, a reboot is no longer required when installing the VPN Client. It is recommended to reboot, but not required. Once the installation process is complete, a window appears, notifying you that it is done (see Figure 10-9). You can now use your VPN Client. Refer to all technical documentation prior to doing so to ensure that you comply with con- figuration recommendations. If you are unsure of any configuration or VPN connection parameters, contact you system administrator. If you are a system administrator and have a valid support contract with Nortel, you can find assistance and documentation on the Nortel support site (www.nortel.com). 432 Chapter 10 13_781274 ch10.qxp 6/22/06 12:12 AM Page 432 Figure 10-9: Client installation complete notification Using the Nortel VPN Client As with any other computer program, the only way to truly become proficient with a program is knowledge and experience. For most of us, reading and studying is the only way to obtain knowledge and learn the capabilities of the application. Putting the knowledge that you have learned to use is the only way that you gain experience in using the application. The Nortel VPN Client application is no different. It is one thing to understand how to enter a user- name and a password, but understanding some of the other tools available not only helps you in understanding what the program is doing, it can also assist in obtaining information in case you ever have problems. This section discusses the VPN Client as an application. Covered in this sec- tion are some of the tools and services that are available to you in a standard windows installation. The Nortel VPN Client is a standard Windows-based application and is as easy to use as any other Windows application. There are several different ways to launch the application, and most Windows users are already set in the way that they launch applications on their PCs. We will discuss one of the more common methods of launching applications. Once your Windows PC is up and running, you click the Start menu button on the Windows taskbar, and then go to the following directory: START → PROGRAMS → NORTEL NETWORKS → CONTIVITY VPN CLIENT. Click once on the Contivity VPN Client icon and your VPN Client applica- tion will now load (see Figure 10-10). The Nortel VPN Client 433 13_781274 ch10.qxp 6/22/06 12:12 AM Page 433 Status and Monitoring Chapter 3 discussed setting up a new VPN connection. Most often, the VPN connection information will be loaded into a corporate install, so to connect you would simply choose the site name that you want to connect to. Once con- nected, you will see a VPN icon in the Windows taskbar. If you place your mouse over the icon, it will inform you of your connection status. Figure 10-11 shows an example of the icon and the information window. In the example, you can see that there is an active connection. Not only does the information bubble inform you of that, but there is a green light in the icon. The green light will remain in the icon as long as there is an active connection. If you need to close your VPN connection, you can do so by using the icon in the taskbar. By right-clicking on your mouse, a window appears that will allow you to select an option to shut down and log off the VPN Client. If you double-click the VPN Client icon, the VPN Client Monitor window appears, and it contains status information about the VPN connection that you have established (see Figure 10-12). The VPN Client Monitor window can assist you in monitoring your VPN Router connection. It can also be helpful in troubleshooting when you have a bad connection or are unable to bring up a connection. Following is some of the information that you can read on the screen: ■■ Total Bytes received ■■ Total Bytes sent ■■ Total Frames received ■■ Total Frames sent ■■ Destination IP address ■■ The tunneled assigned IP address ■■ Compression type ■■ Security Key type ■■ Duration of the connection ■■ Optional configuration choices If you refer back to Figure 10-12, you can see the button options that are available to you on the right-hand side of the window. You can edit your pro- file, close the window, disconnect the session, and more. The VPN Client Mon- itor window is very helpful in obtaining quick and useful information about a current tunneled connection. 434 Chapter 10 13_781274 ch10.qxp 6/22/06 12:12 AM Page 434 Figure 10-10: Starting the Nortel VPN Client via the Start menu Figure 10-11: The VPN Client taskbar status icon Figure 10-12: The VPN Client Monitor window VPN Client Main Menu Items The VPN Client main menu interface is the window that comes up when you first start your VPN Client. Not only is this the main menu you will use to set up and launch your VPN connections, there are also a few Windows menu options that you should get to know. This section discusses some of the options that are available to you. Following are the main menu options: ■■ File ■■ Edit The Nortel VPN Client 435 13_781274 ch10.qxp 6/22/06 12:12 AM Page 435 ■■ Options ■■ Help The File Menu Option The File menu option provides you with menu items that you can select to help you set up your VPN Client. The following are submenu items that you can select within the File menu option: ■■ New ■■ Connection Wizard ■■ Save ■■ Delete ■■ Create Shortcut ■■ Exit Figure 10-13 shows an example of the File menu screen that is in the VPN Client main menu. The New menu item is used to set up a new VPN connection. It can be used in lieu of the Connection Wizard. The New menu item can be used only if you are sure of all the parameters needed to set up your new connection. The Connection Wizard is used to assist in setting up the VPN connection for the first time. It is a step-by-step assistant that can help you set up your connection. The Connection Wizard is helpful if you are unsure of any of the parameters needed for your VPN connection. The Save menu item is used to save a newly configured or modified con- nection. You do not have to use this unless you are setting up a connection, or are making changes to a connection. Figure 10-13: The File menu choices 436 Chapter 10 13_781274 ch10.qxp 6/22/06 12:12 AM Page 436 [...]... traffic to and from the VPN Client goes to the VPN Router and then is inspected and forwarded to its destination This includes all traffic to and from the client For example, if the VPN Client has an established VPN connection, and sends a request to connect to the Web site of a supplier, the request goes through the 451 452 Chapter 10 VPN tunnel, through the VPN Router, and is forwarded back to the... to/ from the VPN Router and then is inspected and forwarded to its destination All other traffic is sent over the Internet to the Internet host service, and then is forwarded to its public destination For example, if the VPN Client has an established VPN connection and sends a request to connect to the Web site of a supplier, the request no longer goes through the VPN tunnel Rather, it is directed to. .. customize the VPN Client to create icons, bitmaps (to change the user interface), and the customization of user profile parameters The VPN administrator also has the option of allowing users to install the software themselves, or they can push the software to the client for automatic installation The Nortel VPN Client User profile parameters are configurable and most administrators utilize the customization... LAN, the VPN Router will handle all of the routing to ensure that the end-user traffic reaches its destination However, all VPN security parameters are applied to the end-user traffic This causes the utilization of bandwidth where it really isn’t necessary and takes VPN resources to enforce, where they could be used to handle traffic destined to the LAN Refer to Figure 10-21 In a traditional VPN tunnel... connection is so important, the tools used to assist with maintaining and monitoring those connections is very important The ability to gather important information on the VPN Router side of the tunnel is very convenient to have However, there is a lot of Internet between the VPN Client The Nortel VPN Client and the VPN Router, so there is a need to have information pertaining to tunnel connections captured... service, which handles the request and subsequent data-flow activity You can see how this can resolve the problem of the additional VPN tunnel bandwidth, as well as VPN Router resources, because the VPN Router now only has to handle requests to/ from the private LAN VPN Client Internet Host Service Internet Figure 10-21: Traffic flow in a mandatory VPN tunnel Corporate LAN The Nortel VPN Client VPN Client... request to an alternate VPN Router You will be connected and will not even realize the main (or primary) VPN Router had gone down Figure 10-24 shows a graphical representation of VPN Client failover Nortel VPN Client failover is configured on the VPN Router, and it provides the VPN Client with a list of alternate VPN Routers to connect to if the main VPN Router is not reachable The Nortel VPN Client... databases and will send an acknowledgment to the VPN Client that it recognizes the change N OT E The VPN Client will make four attempts to notify the VPN Router of an address change If the VPN Client is not able to contact the VPN Router, then the tunnel will be brought down Security Banner The security banner is configured on the VPN Router and is displayed when a user attempts to make a VPN user tunnel... client node to forward that adverse data over the tunnel to the private LAN This does not mean that private data is forwarded from the VPN tunnel to the Internet, but an application can retrieve information, and then can process and send it to a public destination without the VPN Client user even being aware The Nortel VPN Router has safeguards in place that will help to alleviate the potential for such... parameters to the VPN Client, upon the establishment of a VPN user tunnel Once the VPN Client has received these configuration parameters, it will be instructed to monitor any changes to the IP address that it has been assigned The PC OS will report any changes of IP addresses to the VPN Client; the VPN Client will then report the changes to the VPN Router The router will make the appropriate security and routing . configuration. To install the VPN Client, you will need to first copy the VPN Client exe- cutable file to a directory on your PC. The filename for the VPN Client will begin with “EAC,” which stands for. you to select an option to shut down and log off the VPN Client. If you double-click the VPN Client icon, the VPN Client Monitor window appears, and it contains status information about the VPN. is for you to choose the directory into which you would like to install the software. The VPN Client install wizard will default to the following directory (see Figure 10-4): C:Program FilesNortel