Guide to the Use of VPN in Case of Not Centrally Managed Computers

Guide to the use of VPN in case of not centrally managed computers

Table of content

The purpose of the VPN access

Installation of the VPN client

Checking the presence of the VPN client on the computer.

Usage of the client with SecureID

Notes about the VPN client

In case of problems you should check the following

The purpose of the VPN access

The purpose of the VPN access is to enable remote work. Using existing internet connection and the VPN clients software you can access intranet resources (mail, sps, intranet web sites, etc) using secure authentication and encryption.

Installation of the VPN client

Supported operating systems:

-Windows 2000 Professional 32-bit SP1-4

-Windows XP Home & Professional 32-bit, SP1-3

-Windows Vista 32-bit and 64-bit, SP1

-Windows 7 32-bit and 64-bit, Premium or Enterprise

Other requirements:

-For the installation use a user with administrative privileges.

-For the time of the installation disable any running security applications (firewall, antivirus etc.)

-If you are using a firewall on the client machine (or behind a an external firewall) allow at least the following traffic: destinations 81.183.240.150, 81.183.240.154, 84.2.38.242 ports: tcp: 443; 500; udp: 500; 4500; 18234

-It is strongly recommended that you uninstall any other VPN clients (Check Point or other vendor) before the installation. After the uninstallation reboot the computer even if the uninstaller doesn’t ask for it. This step is mandatory if there is another version of Check Point Endpoint Connect installed.

-

You can download the install package from

After starting the installer accept the license agreement and install the client to the default location.

After the installation reboot the computer.

If you are using any kind of security software (firewall, antivirus, host ips etc) make sure that the vpn client is added to the appropriate exception lists.

Checking the presence of the VPN client on the computer.

Check if the following group is present at the Start Menu / Programs: „Check Point / Check Point Endpoint Connect”. Check if there is an EPC icon (Padlock and small gray circle with a slash) in the lower right corner notification area..

You can also us the (start menu / run cmd.exe) ipconfig /allcommand to check if you have a virtual network adapter like this:

C:\>ipconfig /all

..

..

Ethernet adapter {x-x-x-x-x}:

Media State . . . . : Media disconnected

Description . . . . . : Check Point Virtual Network Adapter For Endpoint VPN Client - Packet Scheduler Miniport

Physical Address. .: x-x-x-x-x-x

..

..

Use thenet startcommand to check if the following service is running:

C:\>net start

These Windows services are started:

..

Check Point Endpoint Connect

..

C:\>

The installer contains the settings for the connection and the software is updated centrally.

Usage of the client with SecureID

Activate your internet connection then right click on the EPC icon and select connect to VPN to show the login screen. The client can only connect from the internet not from the Telekom intranet. If your machine has multiple connections you should disconnect all but the internet connection for the time of the VPN connection. Make sure that in the site menu the MT_tavmunka_SecurID is selected.

.

Usage of the client with Smart Card

Activate your internet connection then right click on the EPC icon and select connect to VPN to show the login screen. The client can only connect from the internet not from the Telekom intranet. If your machine has multiple connections you should disconnect all but the internet connection for the time of the VPN connection. Make sure that in the site menu the MT_tavmunka_SmartCard is selected.

.

In the „Certificate” menu select the certificate from the Smart Card. Check that the card is in the reader and start the connection.

.

Notes about the VPN client

If you are using a firewall on the client machine (or behind a an external firewall) allow at least the following traffic: destinations 81.183.240.150, 81.183.240.154, 84.2.38.242 ports: tcp: 443; 500; udp: 500; 4500; 18234

The predefined sites contain there gateways: h1n1, h1n2 and h1n3. From those client automatically chooses one. At the first connection to any gateway clients pops up a window similar to the one bellow:

When the VPN connection is active the client machine can only connect to the Telekom network and the internet using an internal Telekom proxy. To do this you must use the or address for your browser’s automatic proxy configuration scritpt. If you are using Internet Explorer you can do this at Tools/Internet Options/Connections/LAN Settings/Use Automatic configuration script.

In case of problems you should check the following

• Check if the client is properly installed and configured. (see above)
• That you have an active internet connection and it is functioning correctly.
• Review the logs of any security software used, to is if they are interfering with the VPN client..
• In certain cases it is possible to get a popup asking to insert your Smart Card even if it is already inserted or you don’t even use one. In this case you can click cancel to proceed (sometimes this has to be done multiple times).
• If you cannot use certain web sites or web applications check your proxy settings. (see above)
• If you need help you can contact Help Desk at+3640630030 undermenu 2.2.

1