The VPN Client lets a user connect to your business network and work as if they are in the office, but in a secure way.

The user can E-Mail, access files on your server and even print on local printer. The VPN client connects to the Collax Server using IPSec, but is faster and easier to use.

Operating systems           

Windows (32-bit): Windows 7, Windows Vista (x86), Windows XP, Windows 2000 Windows (64-bit): Windows 7, Windows Vista (x64), Windows XP 64

 

Security features              

The Enterprise Client supports all major IPsec standards in accordance with RFC

 

Personal Firewall              

Stateful Packet Inspection; IP-NAT (Network Address Translation); Friendly Net Detection (analysis of: current network address, IP address and MAC address of the DHCP server); secure hotspot logon; differentiated filter rules relative to: protocols, ports and addresses, LAN adapter protection, central administration with Client firewall configuration plug-in*

 

Virtual Private Net’ing      

IPsec (Layer 3 Tunneling), RFC-conformant; IPsec proposals can be determined through the IPsec gateway (IKE, IPsec Phase 2); Event log; communication only in the tunnel; MTU size fragmentation and reassembly, DPD, NAT-Traversal (NAT-T); IPsec modes: tunnel mode, transport mode

 

Encryption                           

Symmetric processes: AES 128,192,256 bits; Blowfish 128,448 bits; Triple-DES 112,168 bits; dynamic processes for key exchange: RSA to 2048 bits; Diffie-Hellman Groups 1,2,5,14seamless rekeying (PFS); hash algorithms: SHA1, MD5

 

Authentication proc’s       

IKE (Aggressive mode and Main Mode), Quick Mode; XAUTH for extended user authentication; IKE config mode for dynamic assignment of a virtual address from the internal address pool (private IP); PFS; PAP, CHAP, MS CHAP V.2; IEEE 802.1x: EAP-MD5 (Extensible Authentication Protocol): Extended authentication relative to switches and access points (Layer 2); EAP-TLS (Extensible Authentication Protocol - Transport Layer Security): Extended authentication relative to switches and access points on the basis of certificates (Layer 2); support of certificates in a PKI: Soft certificates, smart cards, and USB tokens: Pre-shared secrets, one-time passwords, and challenge response systems; RSA SecurID ready.

 

Strong auth. PKI                 

X.509 v.3 Standard; Entrust Ready PKCS#11 interface for encryption tokens (USB and smart cards); smart card operating systems: TCOS 1.2 and 2.0; smart card reader interfaces: PC/SC, CT-API; PKCS#12 interface for private keys in soft certificates; PIN policy; administrative specification for PIN entry in any level of complexity; revocation: EPRL (End-entity Public-key Certificate Revocation List, formerly CRL), CARL (Certification Authority Revocation List, formerly ARL), OCSP. CMP* (Certificate Management Protocol),

 

Endpoint Security              

Endpoint Policy Enforcement*

 

Networking features        

LAN emulation: Ethernet adapter with NDIS interface

 

Network protocols            

IP

 

Dialers                                  

NCP Secure Dialer, Microsoft RAS Dialer (for ISP dial-in via dial-in script) connection manager for international dial-in via GoRemote (formerly GRIC), UuNet, Infonet, MCI

 

IP address allocation       

DHCP (Dynamic Host Control Protocol), DNS: Dial-in to the central gateway with changing public IP addresses through IP address query via DNS server

 

Transmission media        

Stationary networks: analog telephone network, ISDN, xDSL, LAN wireless networks: WLAN, GSM (incl. HSCSD), GPRS, UMTS, HSDPA, Internet

 

Line management             

DPD with configurable time interval; Short Hold Mode; WLAN roaming (handover); channel bundling (dynamic in ISDN) with freely configurable threshold value; timeout (controlled by time and charges); budget manager

 

Data compression            

IPCOMP (lzs), deflate

 

Point-to-Point Protocols  

PPP over ISDN, PPP over GSM, PPP over PSTN, PPP over Ethernet; LCP, IPCP, MLP, CCP, PAP, CHAP, ECP

 

RFCs and Drafts                 

RFC 2401 –2409 (IPsec), RFC 3947 (NAT-T negotiations), RFC 3948 (UDP encapsulation), IP security architecture, ESP, HMAC-MD5-96, HMAC-SHA-1-96, ISAKMP/Oakley, IKE, XAUTH, IKECFG, DPD, NAT Traversal (NAT-T),UDP encapsulation, IPCOMP

 

GUI                                         

Multilingual (German, English, French); intuitive operation; configuration, connection management and monitoring, connection statistics, log-files, trace tool for error diagnosis; traffic light icon for display of connection status; integrated support of Mobile Connect Cards (PCMCIA); password protected configuration management and profile management, configuration parameter lock