Product Description, Installation and Software Activation

The universal IPsec Client

The software supports operating systems Mac OS X Leopard 10.5 (Intel) and Mac OS X Snow Leopard 10.6. Platforms based on PowerPC are not supported.

The NCP Secure Entry Client may be used in all kinds of VPN environments. It communicates on the basis of IPsec standards with the gateways of various producers and it is an alternative to the uniform IPsec Client technology.

For connection set up to the gateway, the client software uses the default connection to the internet. This connection has to be configured beforehand.

Further features facilitate access to the holistic remote access VPN solution:
* Compatibility with almost all common VPN gateways
* Integrated, intelligent personal firewall
* Extended authentication (XAUTH) support for authentication via USER ID / password and/or OTP
* Internet Key Exchange Config Mode (IKE CFG) for dynamic assignment of IP address, DNS server and domain name
* Dead Peer Detection (DPD) configuration at tunnel failover; user configurable timeouts for DPD cases in order to provide flexible control of restoration of the VPN tunnel
* Network Address Translation-Traversal (NAT-T) for communication between client and gateway via network components, which carry out NAT
* Use of digital certificates in a public key infrastructure (PKI)
* Graphical user interface

Client Monitor - graphical user interface

The graphical user interface of the client provides transparency for the user. It informs the user whether his computer is online and how long it has already been online. It informs him about the current data throughput and to which destination address he is connected.

Personal Firewall

The client possesses all relevant personal firewall features in order to comprehensively protect the computer from attacks from the internet or other LAN participants (Wi-Fi or LAN). The most important security mechanisms are IP-NAT and protocol filter. NAT (Network Address Translation) is a security standard for hiding individual IP addresses from the internet. NAT translates the displayed addresses in client addresses and vice versa. Incoming data packets are checked on the basis of elaborate filters and are examined for specific characteristics. If they do not comply, the data packets are refused. This means that the internet port of the computer is completely hidden and the set up of undesired connections is made impossible.

PKI Support

Access security to the computer and through that to the corporate network can be improved by using soft certificates (PKCS#12) or the PKCS#11 interface. In order to achieve this, the client supports an integration into a PKI (Public Key Infrastructure).

FIPS Certification

The IPsec Client has a cryptographic algorithm according to the FIPS standard. The embedded cryptographic module is validated according to FIPS 140-2 (certificate #1051).

FIPS compatibility is always given if the following algorithms are used for set up and encryption of the IPsec connection:
- DH Group: Group 2 or higher (DH starting from a length of 1024 Bit)
- Hash Algorithms: SHA1, SHA 256, SHA 384, or SHA 512 Bit
- Encryption Algorithms: AES with 128, 192 and 256 Bit or Triple DES

The respective modules can be configured in the IPsec Settings.

Software Installation

The software may only be installed on computers which run on the following operating systems: Mac OS X 10.5 Leopard (Intel) und Mac OS X 10.6 Snow Leopard.

If you wish to continue using the profiles, created with the trial version, save the configuration file "ncpphone.cfg". It is located at:
/Library/Application Support/NCP/Secure Client/

You receive the software with the disk image file "NCP_Secure_Entry_Mac_Client_v101_010.dmg".

Open the disk image file by double clicking it. The file contains the installing and uninstalling package.

After activating the installation program "NCP Secure Entry Client.pkg", the computer automatically starts an installation assistant, which leads you through configuration in a few steps only.

In order to copy the software to your hard disk, you have to have administrator rights. Please enter password and user ID of the administrator prior to copying.

After installation, start the monitor of NCP's Secure Entry Client from the program directory. This first step automatically opens the "Configuration Assistant".

The "Configuration Assistant" then creates a profile for an IPsec test connection and saves it in the profile settings. The program sets the following access data by default: VPN Protocol: IPsec; tunnel endpoint of the remote gateway: vpntest.ncp-e.com; XAUTH user ID and XAUTH password: "ncpIPsecnative"; DNS server address: 172.16.12.100; communication medium: LAN.

Software Activation

At the latest when the test phase has expired the software must be either activated or de-installed.

The time remaining until software activation, i.e. the validity period of the test version, is displayed in the message bar of the monitor next to the activation button.

In order to use a full version with no time limitations the software must be released in the activation dialog with the license key and the serial number that you have received.

With activation you accept the license conditions that you can view in the activation dialog after clicking on the appropriate button.

The activation dialog can be opened using the activation button in the message bar of the monitor, as well as using the the monitor menu "Help / License Data and Activation". The license data can be entered either online or offline using a wizard.

In the offline version, a file that is generated after entering the license key and serial number has to be sent to the NCP authentication server, and the activation key that will be displayed on the web site has to be recorded. This activation key can be entered in the licensing window of the Monitor menu at a later point in time.

In the online version, a wizard forwards the licensing data to the web server immediately after entry and in this way the software is released immediately.