ÿþ/* Generated with AuthorIT version 4.3.556  6/03/2007 3:42:19 p.m. */

Page=new Array();

Page[0]=new Array("ViPNet OFFICE Administration","",

"1077.htm");

Page[1]=new Array("Copyright © 1991-2006 Infotecs GmbH, Potsdam<br />All rights reserved","This document is part of the software distribution and is subject to the same terms and conditions as the software itself.","You may not copy, reproduce, translate or in any other form replicate this document by any means without the prior written consent of Infotecs GmbH.","ViPNet&#8482; is a registered trade mark of Infotecs JSC, Moscow, Russia.","All trademarks are the property of their respective owners.","Infotecs GmbH<br />Hebbelstraße 41<br />D-14469 Potsdam<br />Germany<br />Tel:	+49 (331) 817 03 76 (Germany)<br /> 	+44-(0) 20 787 17567 (UK)<br />Fax:	+49 (331) 817 03 77<br />Email:	support@infotecs.biz<br />Web:	http://www.infotecs.biz","Copyright",

"109.htm");

Page[2]=new Array("Today's businesses are increasingly confronted with complex communication and security problems. Local and remote users as well as numerous office branches need stable and secure ways to communicate with each other. ","In ViPNet OFFICE, several secure communication tools are integrated into the VPN client to optimize the productivity of the user. The software-based VPN in ViPNet OFFICE assures a secure and highly encrypted Virtual Private Network (VPN) that doesn't interfere with the existing network structure and doesn't decrease network performance. The implementation is fast and unobtrusive. ","The benefits of installing a VPN are to ensure the integrity of all data connections and to secure the network against malicious attacks from in and outside your own network (except TUNNEL). These security measures are deployed via software modules installed on all computers in the network (workstations as well as servers). These modules control the whole TCP/IP traffic by encrypting and/or filtering it. As a result, if any computer with ViPNet software (the computer may be outside the network or inside a protected network fragment) connects with another ViPNet computer, the connection becomes encrypted at once. The connection is isolated from any outside connections. This way, a virtual private network is created - a group of computers connected with each other over the Internet supporting extensive security for specific services or for the whole traffic. ","By using the term 'network', we mean all TCP/IP networks, including LANs, the Internet or other networks; independent of the technology a client uses to connect to a network. ViPNet technology is compatible with practically all Internet accesses (including xDSL, ISDN, GPRS and UMTS).","Usually, classic VPN solutions only focus on the security of the traffic between two LANs or between a LAN and a remote (mobile) user. Because of the full support of real client-to-client connections and the integration of a firewall and IDS system in each VPN object, ViPNet OFFICE secures the traffic between remote locations as well as the traffic between VPN users in the local network, eg, the internal, trusted network zone is often underestimated as a security treat.","The core of ViPNet software is the ViPNet driver. The main function of the ViPNet driver is to filter incoming and outgoing IP packets.","Each outgoing IP packet will be treated by one of the following rules:","IP packet is sent as is (ie. not encrypted)","IP packet is blocked","IP packet is encrypted and sent","IP packed is encrypted and forwarded.","Each incoming packet will be treated by one of the following rules:","IP packet is passed (filtering rules allow this passing for non-encrypted traffic)","IP packet is blocked (in accordance with specified filtering rules)","IP packet is decrypted (if the packet was encrypted) and passed to a corresponding application.","The ViPNet driver is placed above the third layer of the OSI model (network layer), allowing it to edit IP packets before they reach the higher TCP/IP and eventually, the application layer, ViPNet.","The ViPNet OFFICE solution secures the IP traffic of each application, without distracting the user from their usual workflow.","What is ViPNet OFFICE?",

"711.htm");

Page[3]=new Array("This manual is designed for network administrators responsible for installing ViPNet OFFICE.","To learn about the basic schemes of using ViPNet OFFICE software, refer to the document Schemes of Using ViPNet.","For more information about ViPNet OFFICE components such as ViPNet Manager, ViPNet Coordinator and ViPNet Client, refer to the specific manuals on these programs.","This document is separated into two main sections: administrator and user.","The administrator section includes the following information:","Installing ViPNet OFFICE","Creating and configuring the ViPNet network","Managing the ViPNet network","Configuring ViPNet Coordinator and ViPNet Client","Important Note: Where the user and configuration interfaces for ViPNet Coordinator and ViPNet Client are the same, the @ icon appears at the beginning of the topic to indicate the content relates to both applications.","The user section is intended for end-users who want to use the different communication tools integrated with ViPNet Client and partly ViPNet Coordinator. We recommend using these tools as they have proven to substantially increase the efficiency of internal communications.","Encrypted Instant Messaging","File Exchange","Business Mail","Calling external programs","Web Link service","Explore Network Place service","The suite also provides the following useful functions:","Connection and status checking of other ViPNet users","Computer locking","About this Document",

"704.htm");

Page[4]=new Array("The ViPNet OFFICE VPN solution consists of the following components (modules):","ViPNet OFFICE Installation Kit","ViPNet Manager","ViPNet Coordinator","ViPNet Client (this component is included in the ViPNet TUNNEL installation kit for the ViPNet administrator workstation only.)","ViPNet OFFICE Components",

"223.htm");

Page[5]=new Array("Typically, the ViPNet OFFICE Installation Kit is distributed in two ways:","as a zipped version from our online shop, or ","via a software CD-ROM.","Both sources provide you with setup.exe files for installing each component of ViPNet OFFICE as well as the ViPNet OFFICE Administrator Guide.","ViPNet OFFICE Installation Kit",

"705.htm");

Page[6]=new Array("ViPNet Manager is used to create the structure of your ViPNet network (linking servers and workstations) as well as key sets and passwords for each ViPNet network node. Key sets participate in establishing protected connections and are necessary for installing ViPNet Coordinator and ViPNet Client on ViPNet nodes. ","It is not necessary for the ViPNet Manager workstation to be constantly available on the network because the program is mainly used to create the initial structure of the network and key sets, and thereafter only occasionally as part of the network's ongoing maintenance. To establish connections with other ViPNet nodes and to be able to send out key sets in the process of administering the network, ViPNet Client must also be installed on ViPNet Manager workstation (this node is identified in ViPNet Manager by the @ icon).","ViPNet Manager also allows you to retrieve configuration backups and remotely update the ViPNet network with ViPNet software updates.","ViPNet Manager",

"225.htm");

Page[7]=new Array("Any computer with ViPNet Coordinator installed has a central communication function in the ViPNet network.","One of its most important purposes is acting as an IP addresses server. This means, that each client connecting to a coordinator, submits its IP address to the coordinator and receives the addresses of other network nodes online at the time. When a coordinator receives information about other clients from other coordinators, it will broadcast that information to clients connected to it. If a coordinator does not receive information from a client within six minutes, it will consider the client offline and will broadcast that information to other connected network nodes.","After clients receive information about each other from their coordinators, they start communicating directly with each other. This rule is applied to all ViPNet online services and is not applied to ViPNet offline services such as Business Mail and File Exchange. All data and system packets of these services are routed through the coordinator. This results in the coordinator also acting as a mail server. An incoming data or system packet will be routed by the coordinator according to existing routing tables.","Another function of ViPNet Coordinator is the ViPNet firewall function for encrypted connections. This allows:","ViPNet clients (they work on the LAN through a coordinator) to function using one IP address","the tunneling of traffic from insecure computers or computers on the periphery of the LAN to other VPN objects. (The coordinator can act as a tunnel server only if there is no need to secure the communication or provide user authentication inside a LAN.)","the re-routing of encrypted traffic from ViPNet clients to the IP address of their own coordinator (with substitution of MAC address) and firewalls of other types.","ViPNet Coordinator can also act in the capacity of a classic firewall that applies specified rules of filtration and a security policy for unsecured traffic.","If a client works through a coordinator that is carrying out the substitution of addresses (NAT) for encrypted traffic, all encrypted traffic is automatically routed through that coordinator. The coordinator will not handle non-encrypted traffic; this traffic will be treated according to the configuration of the underlying operating system of the client and routing rules specified in LAN for open traffic.","If there are two or more network adapters set up on a coordinator, you can apply individual filtering rules to each adapter. This way, the coordinator can be used to separate a network into several segments.","ViPNet Coordinator can be installed on a typical workstation but we recommend installing it on servers (for example, 'stand alone' or SMTP, web, file, database) where administrator access rights are required. If you use one of these server types, you don't need to install coordinator on a separate computer. This allows you to use your existing capital outlay to configure your ViPNet network.","The main window of ViPNet Coordinator software is ViPNet Coordinator [Monitor]. From this window you can configure and manage the working coordinator.","ViPNet Coordinator",

"226.htm");

Page[8]=new Array("ViPNet Client has to be installed on each computer participating in the ViPNet network. ","Due to its easy installation process, its automatic detection of network settings, its pre-defined security levels and intuitive user interface, ViPNet Client can be used by inexperienced users.","ViPNet Client includes:","an integrated personal firewall with an IDS (Intruder Detection System) and Applications Control functions","a TCP/IP encipherer","a set of very useful integrated communication applications and other service functions.","Note: The above list also applies to ViPNet Coordinator.","One of the most important features of ViPNet Client is its full control of traffic during the computer start-up process. This control is accomplished by the direct collaboration between the ViPNet driver and the drivers of the network adapters. Windows only uses one service during its start-up process; this process is taken control by ViPNet Client, which secures the system from the start. The ViPNet logon procedure, including the application and key initialization, occurs before the windows logon (ie. before any other Windows services start).","As a result, the ViPNet driver is first to get control under the TCP/IP stack. The driver provides its readiness to encrypt and filter traffic before initializing the network adapters' drivers. This ensures a secure connection with the domain-controller, the control of applications running on the computer, and the blocking of unwanted packets from the outside. At the moment the operating system starts, ViPNet also checks its own check sums, warranting the integrity of software, key sets and the applications for which network activity is allowed.","ViPNet Client can be installed on most Windows computers regardless of it being a desktop, remote/mobile laptop or a server to secure their traffic.","The main window of the client is ViPNet Client [Monitor]. From this window you can configure and manage the client.","ViPNet Client",

"227.htm");

Page[9]=new Array("ViPNet OFFICE includes the following tools to help you manage the flow of information within your company. These tools enable the quick and safe exchange of data between VPN participants.","Chat/Conference (Encrypted Instant Messaging)","Encrypted Instant Messaging exchanges messages between VPN participants in real time (on-line). This service may be compared with tools like ICQ, MSN Messenger and AOL Instant Messenger, however the advantage of Encrypted Instant Messaging is that it encrypts messages in real time.","Business Mail","Business Mail is an email client that implements advanced authentication and verification mechanisms. The sending, receiving and opening of emails is documented, and can be seen by the sender in the status window. The user interface of Business Mail is very similar to the interfaces used in other email clients.","File Exchange","File Exchange allows ViPNet users to exchange files in a secure, quick and convenient way without the need of writing additional text. The function is integrated into the Microsoft Windows shell, so it is possible to right-click on any file and select to send it to one or several ViPNet Clients.","External Programs","ViPNet supports different communication programs like MS NetMeeting, VoxPhone, Internet Phone, Compaq Insight Manager, Microsoft Portrait and Radmin Viewer, and in doing so, ensures all the traffic via those tools is encrypted. You can use any other communication program as long as you ensure that all participating parties have the program installed.","Web link","The Web Link service gives you access to the web-resources of a computer located in the private (with installed ViPNet software) or public network (without ViPNet software). For ViPNet users such access is carried out in protected mode.","Explore Network Place","The Explore Network Place service allow you to explore the accessible network resources on computers in the private (with installed ViPNet software) or public (without ViPNet software) networks. For ViPNet users in the private network, a connection is carried out in protected mode.","Check User Connection &amp; Status","ViPNet Client [Monitor] and ViPNet Coordinator [Monitor] allow you to view the current connection and status of each ViPNet user in the private network. ","Computer locking","The computer locking function allows a ViPNet user to forbid access to all their desktop applications and/or to block all incoming and outgoing IP traffic.","ViPNet CryptoExtension","ViPNet CryptoExtension provides cryptographic protection (digital signature and encrypting) for messages formed and sent from Microsoft Office Outlook and/or Outlook Express. ViPNet CryptoExtension can only be used on client machines.","ViPNet OFFICE Services",

"228.htm");

Page[10]=new Array("ViPNet OFFICE can be deployed over any network running Microsoft Windows, Linux/FreeBSD or Solaris operating systems.","Installing ViPNet OFFICE can be done via the ViPNet OFFICE Installation Kit (kit size: 29MB).","The following are the minimum requirements a computer ViPNet is installed on should have:","Product Specifications",

"229.htm");

Page[11]=new Array("ViPNet Manager should be installed on one computer uniquely identified as the ViPNet administrator workstation. Because the files created by ViPNet Manager are highly confidential, the system should only accessible to a dedicated administrator. ","To install ViPNet Manager, the computer must have:","Operating system: Microsoft Windows 98SE/ME/2000/XP/2003 Server","Minimum RAM: 64 MB RAM (128 recommended)","Minimum free disk space: 40 MB (100 recommended)","Minimum Processor (CPU): Pentium II","ViPNet Manager",

"230.htm");

Page[12]=new Array("ViPNet Coordinator can be installed on the machines belonging to any dedicated coordinators.","To install VipNet Coordinator, each computer must have:","Operating system: Microsoft Windows 2000/XP/2003 Server/Linux/Solaris","Minimum RAM: 128 MB RAM (256 recommended)","Minimum free disc space: 100 MB (1 GB recommended)","Minimum Processor (CPU): Pentium II","A minimum of one network adapter.","Note: No any other firewalls should be installed on the computer.","ViPNet Coordinator",

"231.htm");

Page[13]=new Array("ViPNet Client can be installed on all client machines.","To install VipNet Client, each computer must have:","Operating system: Microsoft Windows 98SE/ME/2000/XP/2003 Server/Linux","Minimum RAM: 128 MB RAM (256 recommended)","Minimum free disc space: 40 MB (100 recommended)","Minimum Processor (CPU): Pentium II","A network adapter.","Note: No any other firewalls should be installed on the computer.","ViPNet Client",

"232.htm");

Page[14]=new Array("We recommend you follow these steps to work with ViPNet OFFICE:","ViPNet OFFICE Building Scenario",

"707.htm");

Page[15]=new Array("In most cases, a logical ViPNet structure (the distribution of clients and their connections to respective coordinators) corresponds to the structure of the network itself. According to the existing security policy, a coordinator can be used for the following functions:","IP Addresses Server. The coordinator can be used for the registration of active clients and for notifying clients about the current IP addresses of other clients.","VPN Gateway. If the coordinator is installed at the gateway of a LAN, it is used by mobile and remote ViPNet clients as a VPN gateway (IP address server). At the same time, the coordinator acts as a firewall, filtering both encrypted and non-encrypted traffic.","VPN NAT Server. In this case, several ViPNet clients in a LAN work through the IP address of one coordinator. This use of the coordinator provides the secure protection of the LAN segment. It also allows you to unite your ViPNet network with another (already deployed) VPN system, if a gateway of this VPN is connected to one of the network adapters of the coordinator.","Tunneling Server. The coordinator can be used to establish a secure channel (tunnel) to secure the traffic between different local networks.","Both the coordinator and client can be used to secure the traffic of a specific service (or all services) of a server (ie. domain controller, SMTP/FTP/web/database server).","To determine your company's most logical ViPNet network, we encourage the ViPNet administrator to answer the following questions.","What kind of a logical VPN structure would fit best into our network?","How many clients/servers and LAN segments need to be secured?","How should the clients be best distributed among the coordinators?","Do you need to install the coordinator(s) on a separate computer or is it possible to use existing servers/workstations?","How do the integrated firewalls need to be configured once the ViPNet network is set up (ie. if default traffic from acknowledged users is not blocked by ViPNet, you should create rules for services where no ViPNet software is/can be installed).","The following question list will also help you record the required information:","What number of VPN nodes are needed?","Per location:","What number of servers have to connect to the VPN?","What are the operating systems of these servers?","What are the existing security solutions (firewalls, antivirus software, others)?","What is the traffic between the locations/servers/workstations (services, protocols, port numbers)?","What type of IP address is used on each server (public or private)?","How does access to the servers/gateways take place from the outside (behind a firewall and/or proxy etc.?). If yes, what is the exact configuration?","Which applications will be used through the VPN (databases, CRM/CMS/ERP systems, etc.)?","Desired secure connections (who with who?):","Between the locations?","Between the VPN clients themselves?","Obtain Necessary Information",

"708.htm");

Page[16]=new Array("ViPNet OFFICE is a set of components used to create your own virtual private network (VPN) based on the ViPNet technology.","Installing ViPNet OFFICE can be done either from ViPNet-CD, or by downloading ViPNet OFFICE installation kit from the demo page of our site:http://www.infotecs.biz/demo.htm.","To install ViPNet OFFICE correctly, you should follow the following order when installing the components (it is recommended to print these instructions and use them during installation).","Installation",

"233.htm");

Page[17]=new Array("To create your dedicated ViPNet Manager's workstation, you must install ViPNet Manager first and then ViPNet Client.","Create ViPNet Manager's Workstation",

"234.htm");

Page[18]=new Array("To install ViPNet Manager: ","Close any applications you have open.","Start the ViPNet OFFICE installation software by inserting the ViPNet OFFICE CD into the computer's CD drive or by double-clicking the downloaded application executable.","The ViPNet OFFICE components setup screen appears:","Click First Stage. Creating ViPNet network Manager's workstation. (ViPNet Manager and ViPNet Client setup).","Click the Setup ViPNet Manager button. The ViPNet Manager Setup Wizard automatically appears:","Click Next to continue. The License screen appears:","Read through the license agreement and, if you are happy with the terms, select the I Agree option and click Next.","Type your name and organization. Click Next to continue.","To select a different install location, click the Browse button. Otherwise, click Next to continue. If the following message appears, click Yes.","The Start Menu Options screen appears:","Click Next to continue.","Review your install settings and click Install.","Click Finish. If you are asked to restart your machine, click Yes.","Before you install ViPNet Client, you must use ViPNet Manager to create your ViPNet network structure &amp; key sets for your ViPNet nodes.","After you have created the key sets, write down the user password for the ViPNet Manager's workstation. You can find user passwords for client network nodes on the Keys tab of ViPNet Manager.","Install ViPNet Manager",

"235.htm");

Page[19]=new Array("To install ViPNet Client on the ViPNet manager's workstation, you need:","ViPNet OFFICE installation software.","A key set (.dst file) for the client nominated as the official ViPNet manager.","The ViPNet user password for the official ViPNet manager. You can find the user password for the client on the Keys tab of ViPNet Manager.","To install ViPNet Client: ","Close any applications you have open.","Start the ViPNet OFFICE installation software by inserting the ViPNet OFFICE CD into the computer's CD drive or by double-clicking the downloaded application executable.","The ViPNet OFFICE Setup screen appears:","If you have created key sets using ViPNet Manager (ie. you have a .dst file with the key set for the ViPNet Manager's workstation), select the I do have a dst-file with a key set for ViPNet Manager Workstation check box.","Click the Setup ViPNet Client button. The ViPNet Client Setup Wizard automatically appears:","Click Next to continue. The License screen appears:","Read through the license agreement and, if you are happy with the terms, select the I Agree option and click Next.","Type your name and organization. Click Next to continue.","To select a different install location, click the Browse button. Otherwise, click Next to continue. If the following message appears, click Yes.","The Setup mode screen appears:","Click Next to continue. The Start Menu Options screen appears:","Click Next to continue.","Review your install settings and click Install.","Click Finish. If you are asked to restart your machine, click No.","Open Windows Explorer and browse to the folder containing the key set for the VipNet Manager's Workstation (the folder will be named after the client network node and will be located in the \\NCC\\KEYS subfolder of the ViPNet Manager installation folder).","Double-click the .dst file. The following message appears:","Click Continue.","Click Continue to install the key set.","Click OK and restart the computer.","When ViPNet Client starts, type the ViPNet user password of this ViPNet Manager workstation. A message appears confirming that key sets were received for the client. Click OK to continue.","After ViPNet Client is successfully installed, you need to configure ViPNet Client on the ViPNet Manager workstation.","Install ViPNet Client",

"237.htm");

Page[20]=new Array("To install ViPNet Coordinator on the computers of ViPNet coordinators, you need:","ViPNet OFFICE installation software.","Key sets (.dst files) for all coordinators. You can copy the .dst files from the Keys tab of each coordinator in ViPNet Manager.","ViPNet user passwords for all coordinators. You can find the user password on the Keys tab of each coordinator in ViPNet Manager.","To install ViPNet OFFICE on the computer that will be used as a ViPNet coordinator:","Close any applications you have open.","Start the ViPNet OFFICE installation software by inserting the ViPNet OFFICE CD into the computer's CD drive or by double-clicking the downloaded application executable.","The ViPNet OFFICE components setup screen appears:","Click Second Stage. ViPNet network servers (coordinators) components setup (ViPNet Coordinator setup).","If you have created key sets using ViPNet Manager (ie. you have a .dst file with for the coordinator on this computer), select the I do have a dst-file with a key set for ViPNet Coordinator on this computer check box.","Click the Setup ViPNet Coordinator button. The ViPNet Coordinator Setup Wizard automatically appears:","Click Next to continue. The License screen appears:","Read through the license agreement and, if you are happy with the terms, select the I Agree option and click Next.","Type your name and organization. Click Next to continue.","To select a different install location, click the Browse button. Otherwise, click Next to continue. If the following message appears, click Yes.","The Setup mode screen appears:","Click Next to continue. The Start Menu Options screen appears:","Click Next to continue.","Review your install settings and click Install.","Click OK.","Click Finish. If you are asked to restart your machine, click No.","Open Windows Explorer and browse to the folder containing the key set for the coordinator on this computer. Note: The folder is likely to have been copied from the ViPNet Manager's workstation onto some form of media, eg, floppy, USB-flash or CD.","Double-click the .dst file. The following message appears:","Click Continue.","Click Continue to install the key set.","Click OK and restart the computer.","When ViPNet Coordinator starts, type the ViPNet user password of the coordinator on this computer.","ViPNet Coordinator Settings","After ViPNet Coordinator is successfully installed, you need to configure ViPNet Coordinator.","Install ViPNet Coordinator",

"240.htm");

Page[21]=new Array("To install ViPNet Client on the computers of ViPNet clients, you need:","ViPNet OFFICE installation software.","Key sets (.dst files) for all clients. You can copy the .dst files from the Keys tab of each client in ViPNet Manager.","ViPNet user passwords for all clients. You can find the user password on the Keys tab of each client in ViPNet Manager.","To install ViPNet Client on client computers:","Close any applications you have open.","Start the ViPNet OFFICE installation software by inserting the ViPNet OFFICE CD into the computer's CD drive or by double-clicking the downloaded application executable.","The ViPNet OFFICE components setup screen appears:","Click Third Stage. ViPNet network clients setup (ViPNet Client setup).","If you have already created key sets using ViPNet Manager (ie. you have a .dst file with the key set for the ViPNet Manager's workstation), select the I have a dst file with the key set for the workstation on this computer check box.","Click the Setup ViPNet Client button. The ViPNet Client Setup Wizard automatically appears:","Click Next to continue. The License screen appears:","Read through the license agreement and, if you are happy with the terms, select the I Agree option and click Next.","Type your name and organization. Click Next to continue.","To select a different install location, click the Browse button. Otherwise, click Next to continue. If the following message appears, click Yes.","The Setup mode screen appears:","Click Next to continue. The Start Menu Options screen appears:","Click Next to continue.","Review your install settings and click Install.","Click Finish. If you are asked to restart your machine, click No.","Open Windows Explorer and browse to the folder containing the key set for the coordinator on this computer. Note: The folder is likely to have been copied from the ViPNet Manager's workstation onto some form of media, eg, floppy, USB-flash or CD.","Double-click the .dst file. The following message appears:","Click Continue.","Click Continue to install the key set.","After ViPNet Client is successfully installed, you need to configure ViPNet Client.","Install ViPNet Client",

"242.htm");

Page[22]=new Array("This chapter and the next two chapters describe how to create a working ViPNet network.","The typical process can be summarized in the following steps:","Create the initial ViPNet network structure using ViPNet Network Creation Wizard.","If you use this step to create key sets and then use those key sets for installing ViPNet software on network nodes, you will need to make manual settings within the software (such as setting IP addresses for coordinators and selecting IP addresses server) in order to set the connections between all nodes of the ViPNet network.","If you know the parameters of your ViPNet network, we recommend you do not create keys on this step but create them later via the ViPNet Manager interface. This means manual settings on each node won't be required.","Register the IP addresses or DNS names for coordinators. If required, register DNS names for clients as well.","Select the IP addresses server for the ViPNet Manager workstation. This step is required if you want to select another coordinator as the IP addresses server (not the coordinator on which the workstation is registered).","Configure network node connection settings for ViPNet nodes through a firewall. Required if local network computers work with external networks through any firewall or other device with NAT.","Register the maximum number of connections, and the IP addresses of these connections, that can be tunneled by the coordinator simultaneously. This step may be required if coordinators carry out tunneling of connections and you know the IP addresses of these connections. This step should also be used if the number of simultaneously tunneled connections between coordinators needs to be redistributed (ViPNet Network Creation Wizard automatically distributes ViPNet network tunneled connections evenly between coordinators).","Specify aliases for users of ViPNet nodes. Required if ViPNet CryptoExtension for Outlook software is used on the ViPNet network nodes.","Specify a validity period for key sets. Required if you need to limit how long ViPNet software (client or coordinator) will work on some nodes.","Create keys sets. Required if you chose not to create them via the ViPNet Network Creation Wizard the first time you ran ViPNet Manager or you have made changes to the network structure.","Note: This chapter focuses specifically on how you create your initial ViPNet network structure. Other chapters cover how to configure your ViPNet network and how to manage your ViPNet network.","Creation: ViPNet Network",

"245.htm");

Page[23]=new Array("Note: With the release of ViPNet Manager version 1.2, the format of the ViPNet database changed. If you install ViPNet Manager version 1.2 (or higher) over an earlier version of ViPNet Manager, it will ask you (as you start the application) to convert your old ViPNet database to new format. You should accept the upgrade.","To start ViPNet Manager:","Either:","Click the Start button on your Windows taskbar and select All Programs &gt; ViPNet &gt; Manager &gt; ViPNet Manager (Note: This path could have been changed during installation), or","Double-click the @ icon on the desktop (this only displays if it was selected during installation).","If the ViPNet Manager administrator password is not yet specified, the following dialog box appears: ","Type your administrator password and click OK.","If you are starting ViPNet Manager for the first time, the ViPNet Network Creation Wizard appears so you can create the ViPNet network structure. To create the network using the wizard, refer to the Create ViPNet Network Structure.","The ViPNet Manager administrator password window appears:","Type the administrator password and click OK. The ViPNet Manager window appears:","To close ViPNet Manager:","Select Network &gt; Exit, or ","Press Alt+F4, or ","Click @ in the top-right corner of the ViPNet Manager window.","Start ViPNet Manager",

"246.htm");

Page[24]=new Array("If you run ViPNet Manager for the first time, the ViPNet Network Creation Wizard appears:","To create the ViPNet network structure:","Click Next to continue.","Create ViPNet Network",

"248.htm");

Page[25]=new Array("The Automatic network structure creation window appears:","If you want to generate the network structure manually:","Remove the tick from the Create your network structure automatically option.","Click Next to continue. You will by-pass the Automatic network linking creation window and go directly to Edit the structure.","Refer to the Edit Network Structure procedure.","If you want to generate the network structure automatically, using the limits of your license as a guide:","Keep the Create your network structure automatically option ticked.","By default, automatically generating the structure is controlled by the following rules:","The number of coordinators and clients equals the number allowed by the license. (Information about your license appears on the right of the window.)","The prefix for a coordinator's name is 'Coordinator' and the prefix for a client's name is 'Client'.","You can enter whatever suits your needs in these fields with the following limitations:","The number of coordinators is no less than one and no more than allowed by the license.","The number of clients may be zero but cannot exceed the number allowed by the license.","The maximum length of a prefix is 40 characters.","Note: ViPNet Manager is automatically created and registered on the first coordinator, even when there is no client registered on this coordinator or the license agreement allows coordinators and tunneled connection only.","If necessary, change the default values.","Click Next to continue.","",

"250.htm");

Page[26]=new Array("The Automatic network linking creation window appears:","Note: This window appears only if the number of clients allowed by the license is more than zero. It will not appear for ViPNet Tunnel.","Select a type of link using the following descriptions:","Link all nodes with each other (default mode). All network nodes will have protected links with each other.","Link all clients belonging to the same coordinator. Each client will have protected links with their own coordinator and all other clients of the same coordinator. At the same time, all coordinators will be connected with each other.","Link all clients with its coordinator only. Each client will have a protected link with only their own coordinator. At the same time, all coordinators will be connected with each other.","Click Next to continue.","The process of network generation displays in the following window:","Click Next to continue.","Define Links",

"251.htm");

Page[27]=new Array("The Edit the structure window appears:","This window allows you to manually generate your network structure or edit your automatically generated structure. When you reach the limits of your license, the warning text Maximum number of nodes allowed by license reached appears in the window.","The name of each automatically generated coordinator follows the format: &lt;Coordinator prefix&gt; &lt;X&gt;, where X is the number of the coordinator starting with 1.","The name of each automatically generated client follows the format: &lt;Client prefix&gt; &lt;X&gt; &lt;Y&gt;, where X is the number of the associated coordinator, and Y is the number of the client on this coordinator.","The first client of the first coordinator is automatically nominated the ViPNet Manager (identified by the @ icon).","To add a coordinator:","Select Entire ViPNet Network and click the Add button, or","Right-click Entire ViPNet Network and select Add Coordinator from the pop-up menu, or","Press the Insert key on your keyboard.","To add a client:","Select a coordinator and click the Add button, or","Right-click a coordinator and select Add Client from the pop-up menu, or","Press the Insert key on your keyboard.","The Links dialog box appears:","Select a type of link and press OK.","Select a type of link using the following descriptions:","Link all nodes with each other (default mode). All network nodes will have protected links with each other.","Link all clients belonging to the same coordinator. Each client will have protected links with their own coordinator and all other clients of the same coordinator. At the same time, all coordinators will be connected with each other.","Link all clients with its coordinator only. Each client will have a protected link with only their own coordinator. At the same time, all coordinators will be connected with each other.","The new node appears in the tree. Its name is based on the same naming rules used when automatically creating the network structure (see above).","To change the name of a network node (coordinator or client):","Select the node and click the Rename button, or","Right-click the node and select Rename from the pop-up menu, or","Press the F2 key on your keyboard.","Note: Each name must be unique within the network. If a name exists, you will be asked to type another one.","To delete any network node:","Select the node and click the Remove button, or","Right-click the node and select Remove from the pop-up menu, or","Press the Del key on your keyboard.","A message appears asking you to confirm you want to delete this network node. Click Yes.","To make another client the official ViPNet Manager, right-click their network node and select Set as Network Control Center from the pop-up menu.","To move a client from one coordinator to another:","Click the client node and drag it away from its current position.","Drop the client node over the new coordinator node.","To delete the network structure:","Click the Clear the structure button. The following message appears:","Click Yes.","To save your network structure, click the Next button.","Note: If tunneled connections are allowed in the license, they are automatically distributed evenly between all the coordinators.","Edit Network Structure",

"252.htm");

Page[28]=new Array("The Edit links window appears:","To add a link:","Click a node under the Select node header.","Under the Select links header, click the empty check box beside the node you want to link to.","To remove a link: ","Click a node under the Select node header.","Under the Select links header, click the ticked check box beside the node you want to remove the link to.","Note: You cannot remove mandatory links (links between coordinators, and links between coordinators and their clients).","Note: If you don't want a client to be visible as a manager in other ViPNet programs (eg, Monitor, Business Mail), you should remove the links between the manager (identified by the @ icon) and the other nodes.","Click Next to continue.","Edit Links",

"253.htm");

Page[29]=new Array("The Random password options window appears:","Each network node (client and coordinator) has its own user password. The user password is generated using the first x (number of) characters from each word of a randomly generated password phrase.","Use the following field descriptions to define the length and language of your user passwords:","Dictionary. Select the language that will be used to create user passwords. The currently available options are English or Russian.","Words in a password phrase. Select how many words a password phrase will contain. If you choose 3 or 4, one phrase will be generated. If you choose 6 or 8, two password phrases will be formed.","Letters used from each word. Select the number of characters that will be taken from the start of each word in a password phrase and used to create the user password.","Password length. This field calculates how many characters a user password will contain.","Click Next to continue.","Define Password Criteria",

"254.htm");

Page[30]=new Array("The Finishing the Network Creation Wizard window appears:","If you don't want to create key sets now, remove the tick beside Create key sets as soon as the Network Creation Wizard has finished.","Note: If you use this step to create key sets and then use those key sets for installing ViPNet software on network nodes, you will need to make manual settings within the software (such as setting IP addresses for coordinators and selecting IP addresses server) in order to set the connections between all nodes of the ViPNet network.","If you know the parameters of your ViPNet network, we recommend you do not create keys on this step but create them later via the ViPNet Manager interface. This means manual settings on each node won't be required.","Click Finish.","If you chose to create key sets now, the Digital Roulette (random number generator) appears:","Follow the instructions described in the window.","The following message appears:","Click OK. The Certificate Request window appears:","By default, the Administrator is the owner of the root certificate and the certificate is given a validity period of five years. You can change these details and others via the Subject and Validity tabs.","Click OK to continue. A window appears that shows the generation of the key sets. When the process is finished, the following message appears:","All created key sets files, user passwords and administrator passwords are put into the \\NCC\\KEYS subfolder of the ViPNet Manager installation folder. Key sets are saved in files with a .dst extension and these files are put in folders named after the network nodes. ViPNet user passwords are saved in the ViPNet.txt file (passwords list). Administrator passwords are saved in the ViPNet_a.txt file.","Click OK. A window displaying the contents of the KEYS subfolder opens. ","For future use, create a backup copy of the \\NCC\\Keys subfolder on a separate media (eg, floppy, USB-flash or CD). The key set information is then easily accessible when installing software on client and coordinator computers. Note: Make sure the media can be used by those computers.","After you close the KEYS window, the ViPNet Manager interface automatically opens.","Click the client network node for the ViPNet Manager's workstation and from the Keys tab, write down the user password.","Finish Network Creation",

"255.htm");

Page[31]=new Array("This chapter explains how to configure your newly created ViPNet network structure. It shows you how to use ViPNet Manager to specify:","IP addresses for coordinators","DNS names for network nodes","the IP addresses server for clients","IP addresses for clients","firewall settings","the maximum number of tunneled connections and IP addresses for each coordinator","aliases","a period of validity for keys.","We recommend you make all the necessary settings in ViPNet Manager to avoid having to make additional manual settings on each network node.","This chapter also covers how to change your existing network structure.","While configuring or changing your ViPNet network, ViPNet Manager traces conflict situations that arise from these settings and takes note of any incomplete data. Insufficient data is identified with the @ icon. Conflicting data is identified with the @ icon.","Note: If you ever change your ViPNet network, you need to recreate key sets and send those key updates to network nodes affected by the change.","Configuration: ViPNet Network",

"752.htm");

Page[32]=new Array("The main window of ViPNet Manager consists of a network tree, a top-leveled menu, and a toolbar.","If you select Entire ViPNet Network, you can see information about:","the entire network (the number of configured network nodes (coordinators, clients, and total network nodes), and ","the active license (the number of coordinators and clients, the number of tunneled connections, and the serial number of the program (if the product (OFFICE or TUNNEL) is registered).","If you select a network node, you can see corresponding properties about that node:","The properties are grouped under the following tabs: ","Tab","Purpose","Keys","This tab allows you to view the user password and key set for a node.","Links","This tab allows you to set links for the selected node.","IP Addresses","This tab allows you to set IP addresses for the selected node. For a client, the tab also allows you to choose its IP addresses server.","DNS Names","This tab allows you to set DNS names for the selected node.","Aliases","This tab allows you to set aliases for ViPNet users of a node.","Firewall","This tab allows you to make firewall settings for coordinators and clients.","Client Firewall <br />(for coordinator only)","This tab allows you to make firewall settings for all clients using the selected coordinator as its IP addresses server.","Tunnel <br />(for coordinator only) ","This tab allows you to set IP addresses for tunneling by this coordinator.","Note: The @ icon identifies the client who is the official ViPNet Manager. The @ and @ icons on tabs and nodes indicate where there is incomplete data or conflicting data.","ViPNet Manager Interface",

"750.htm");

Page[33]=new Array("If key sets have already been created, the password and password phrase for the selected user are displayed in the Keys tab. The location (file path) of the key set file is also shown if the key set is current (ie. there haven't been any changes to the user's network node configuration).","By default, the time frame (validity period) the ViPNet software will work on this network node, is unlimited.","To copy the key set file to a network location, click the Copy to... button.","To open the folder containing the key set file, click the Open folder... button.","To set a validity period for the key set:","Tick the check box beside Keys will be active until.","Select a date from the drop-down calendar. By default, today's date displays. Note: You cannot select an earlier date than today's. If this period expires, the ViPNet software installed on this node will stop working.","Note: If the ViPNet Manager license has a limited validity period, it is impossible to set a validity period for a key set outside that license period. For more information about license duration, select Help &gt; About from the menu bar.","Keys",

"271.htm");

Page[34]=new Array("IP addresses for coordinators set the links between ViPNet network nodes without having to do manual settings on those nodes. Instead of IP addresses (or in addition to them), you can specify DNS names.","If you don't specify IP addresses or DNS names in ViPNet Manager, you need to specify them manually after installing ViPNet software. That means you need to set IP addresses or DNS names for a coordinator on each client, (for which this coordinator is either an IP addresses server or firewall), and then on each coordinator connected with that coordinator.","You can get IP addresses for coordinators from your organization's network administrator.","To add an IP address for a coordinator:","Select the coordinator and click the IP addresses tab.","Click the Add button. The IP address window appears:","Type an IP address and click OK. The specified IP address automatically appears in the IP addresses list for this coordinator.","Note: You can add any number of IP addresses for a coordinator. IP addresses must be unique and must be the same as addresses of tunneled connections. If any IP address already exists, ViPNet Manager will ask you to choose another one.","To edit a coordinator's IP address:","Click the IP address in the list and click Edit. The IP address window appears. ","Change the IP address and click OK.","To delete a coordinator's IP address:","Click the IP address in the list and click Remove. A message will appear asking you to confirm that you want to delete this IP address. Click Yes.","IP Addresses (for Coordinators)",

"261.htm");

Page[35]=new Array("Usually you don't need to specify IP addresses for clients.","IP addresses and other settings for each client will become known to each other after their connection to the ViPNet network from their own IP addresses server.","By specifying a coordinator as an IP addresses server in ViPNet Manager, this coordinator will automatically be selected as the IP addresses server after installing ViPNet software on the client.","Note: The IP addresses server of a coordinator is automatically the default for all its associated clients. Therefore, you only need to change the settings if a client IP addresses server is different from the default.","To specify another (not the default) coordinator as the IP addresses server for a client:","Select the client and click the IP addresses tab.","Click the arrow beside IP addresses server and select another coordinator from the drop-down list. ","Note: The list only contains those coordinators with which a link has been specified.","To set a specific IP address for the client:","Click the Add button. The IP address window appears:","Type an IP address and click OK. The specified IP address automatically appears in the IP addresses list for this client.","To edit a client's IP address:","Click the IP address in the list and click Edit. The IP address window appears. ","Change the IP address and click OK.","To delete a client's IP address:","Click the IP address in the list and click Remove. A message will appear asking you to confirm that you want to delete this IP address. Click Yes.","IP Addresses (for Clients)",

"262.htm");

Page[36]=new Array("ViPNet technology allows you to use the DNS service to source the IP addresses of servers (protected computers) used for different network purposes (eg, web browser, ftp).","If you don't specify DNS names in ViPNet Manager, you need to specify them manually in the ViPNet software on each network node.","You can get DNS names for ViPNet network nodes from your organization's network administrator.","For more information on DNS names, refer to Using DNS and WINS Services in the ViPNet Network.","To specify a DNS name for a node: ","Select the node and click the DNS names tab.","Tick the Use DNS names check box.","Click the Add button. The DNS name dialog box appears: ","Type a DNS name and click OK. The specified DNS name automatically appears in the DNS name list for this node.","Note: You can add any number of DNS names for a node. DNS names must be unique. If any DNS name already exists, ViPNet Manager will ask you to choose another one.","To edit a node's DNS name:","Click the DNS name in the list and click Edit. The IP address window appears. ","Change the DNS name and click OK.","To delete a node's DNS name:","Click the DNS name in the list and click Remove. A message will appear asking you to confirm that you want to delete this DNS name. Click Yes.","DNS Names",

"263.htm");

Page[37]=new Array("Aliases are required if you plan to use the ViPNet CryptoExtension for Outlook plug-in within your ViPNet network. This plug-in provides cryptographic protection for messages sent from Microsoft Office Outlook or Outlook Express.","Aliases are the email addresses of those users who can receive encrypted messages.","To add an alias:","Select the node and click the Aliases tab.","Click the Add button. The User Alias dialog box appears:","Type an alias. Note: The length is limited to 245 symbols. ","Click OK. The alias automatically appears in the alias list for this node. ","Note: You can add any number of aliases for each node. The aliases, however, must be unique. If an alias already exists, ViPNet Manager will ask you to choose another. You can have identical aliases for different users.","To change an alias:","Click the alias in the list and click Rename. The User Alias dialog box appears. ","Change the alias name and click OK.","To delete an alias:","Click the alias in the list and click Remove. A message will appear asking you to confirm that you want to delete the alias. Click Yes.","Aliases",

"270.htm");

Page[38]=new Array("If computers on your local network work with an external network through a firewall or another device with Network Address Translation (ie. internal addresses of the local network are translated into addresses that are accessible from the external network), we recommend you make firewall settings in ViPNet Manager. These settings provide the connections between ViPNet nodes and the external network without any manual settings on the ViPNet nodes themselves.","For information about firewall parameters, see your system administrator.","By default, ViPNet coordinators interact with the external network directly (without using any firewall) and ViPNet clients use a connection to the external network via the ViPNet coordinator which acts as their IP addresses server.","This section describes the types of connections available in ViPNet and how to use them for different network nodes.","Firewall (for Coordinator)",

"264.htm");

Page[39]=new Array("ViPNet network nodes can connect with an external network directly or they can work through a firewall or other device with NAT (including, ViPNet Coordinator).","The IP addresses server notifies its own network nodes about the status (such as current IP addresses and connection ways) of other nodes in order to interact with them.","ViPNet network nodes can be located inside any local network that supports the IP protocol. Ways of connecting can be anything from Ethernet, PPPoE (ie. xDSL) and Dial-Up, to mobile access types like GPRS/UMTS GPRS/UMTS, Wireless LAN, and WiFi hot spot. ViPNet automatically detects the transfer protocols in the network layer. Two IP protocols are used for the encapsulation of encrypted IP traffic to create a VPN connection. They are IP/241 and IP/UDP.","Connections between network nodes that are able to receive broadcasts from each other (through their local IP addresses) and between which there are no NAT systems, are automatically established through the more economical IP/241 protocol, which does not have a 12-byte UDP-Header. In this case, after encrypting, the source packet is encapsulated into the IP packet with the 241 number of protocol.","If network nodes are inaccessible to each other directly by real address (ie. there is NAT system between them, including ViPNet Coordinator), the UDP protocol, which provides the easy passing of IP packets though any NAT device, is automatically used. In this case, after encrypting, the source packet is encapsulated into the UDP packet with the specified number of the destination port (55777 by default).","To create a secure connection between network nodes anywhere on the network, you make settings in ViPNet Manager for ViPNet software (Client or Coordinator). The settings depend on the type of connection to the external network:","Direct connection to the external network (no firewall). In this case, firewall settings are not required.","Connection through a coordinator that provides NAT for ViPNet nodes (firewall type is Coordinator).","Connection through a firewall (NAT) where static rules of address translation are possible (firewall type is With static address translation).","Connection through a firewall (NAT) where static rules of address translation are difficult or impossible (firewall type is With dynamic address translation).","When connecting to the network, client nodes inform their coordinators, and coordinator nodes inform other coordinators, about their addresses and ways to access these addresses.","When connecting to the network and while operating, client nodes receive from their coordinators, and coordinator nodes receive from other coordinators, the address information of other nodes and ways to access these addresses.","If a network node has an IP address, which can be reached by applying general routing rules for interaction with other nodes (for example, the node has its local Internet address as its public Internet address), it is enough to send out the IP address of this node to other nodes. In this case, connection type 1 is sufficient.","If a network node has a private IP address, which is not reachable by applying general routing rules for interaction with other nodes (for example, there is firewall or NAT device between local and external networks), the node has to give more information about itself. To provide continuous access to this node, additional information about current addresses and access ports through the NAT device is required. In this case, one of the other three connection types (2, 3 or 4) has to be used.","Connection 2 can be chosen on the coordinator if you want to protect any internal segment of the local network where ViPNet Coordinator is installed as the firewall for ViPNet clients of this local network.","Connection 2 can be chosen on the client if ViPNet Coordinator is installed in the internal network as a firewall for ViPNet clients of this local work. ViPNet Coordinator can work or not work through other firewall (or NAT devices).","Connection 3 can be chosen on the coordinator if there is a firewall (or other NAT device) with the ability to set static rules of addresses translation installed on the border of the local network. These rules allow the interaction with a specific internal address of the local network by UDP protocol and a specified port.","Connection 3 can be chosen on the client if there is no ViPNet Coordinator in the local network, but on the border of the local network there is firewall (or other NAT device) with the ability to set static rules of addresses translation. ","Connection 4 can be chosen on the coordinator if there is a firewall (or other NAT device) installed on the border of the local network but setting rules static rules of address translation is difficult or impossible. This situation is typical for elemental network devices like DSL, using as Router, or Wireless routers, GPRS network, and other providers, giving private addresses.","Connection 4 can be chosen on the client if there is no ViPNet Coordinator in the local network, but on the border of the local network there is firewall (or other NAT device) where setting static rules static rules of address translation is difficult or impossible. Connection 4 is universal and can be used in any case.","Note: If network nodes are in one local network and can exchange broadcasts, interaction between nodes is realized directly by IP address of node, regardless of connection type.","About ViPNet Connections",

"265.htm");

Page[40]=new Array("This connection option is suitable if you need to protect the IP traffic of a local network segment. In this scenario, there would be a ViPNet coordinator with a firewall for ViPNet clients of this local network on the border of the local network. In this case, you need to install the second ViPNet coordinator on the border of the local network segment. The first ViPNet coordinator (closer to Internet) has to be chosen as the firewall for the second ViPNet coordinator.","Such a connection of coordinators is called a cascade connection. As a result, the automatic routing of encrypted traffic from the internal segment of the local network to the local and global network will be achieved.","To configure a coordinator's connection via another coordinator acting as a firewall:","Select the coordinator node and click the Firewall tab.","Ensure there is a tick in the Use firewall check box. ","Select Coordinator from the Firewall type drop-down box.","Select the IP address of the network interface that connects to the firewall from the IP address of network interface connected to the firewall drop-down list box. If you cannot specify the exact IP address and want to do it manually on the coordinator node itself, select Chosen on the network node.","Note: To display a list of IP addresses, you should have previously specified them via the IP addresses tab.","Select the coordinator that will act as a firewall from the Coordinator acting as firewall drop-down list box. Note: You can choose a coordinator connected to this coordinator.","Select the relationship between the coordinator you are setting and the coordinator that will act as firewall from the Positional relationship between network node and coordinator drop-down list box.","Note: This list box displays if firewall settings have been made for the coordinator acting as a firewall.","If you want the network configuration you are creating to work correctly, you must choose In the same local network (the same routing), otherwise the coordinator acting as the firewall must not use a firewall.","Coordinator Connection via Another Coordinator",

"940.htm");

Page[41]=new Array("This connection option is suitable if you need to protect the IP traffic of nodes in the local network, and there is a firewall or NAT device on the border of the local network that won't let you easily set static rules of address translation. In this case, we recommended you install ViPNet Coordinator and set the parameters of connection (via a firewall with dynamic address translation) on one of the network interfaces of this coordinator. After that, you should set all the ViPNet clients on your local network to work through this coordinator.","A connection via a firewall with dynamic address translation is the universal connection and can be used practically in any case. However, the main purpose of this connection is to provide a secure, two-sided link with nodes working through NAT devices that make it difficult or impossible to set static rules of address translation (including the absence of user rights). This situation is typical for elemental network devices like DSL or wireless routers, or when Internet Connection Sharing (ICS) is used. It is also often impossible to configure the NAT devices of mobile phone providers (eg, GPRS, UMTS networks), home networks and other providers giving private addresses.","All NAT devices pass UDP traffic using the automatic creation of so-called dynamic NAT rules. These rules are created on the assumption that parameters of outgoing packets pass through the NAT device. If the parameters correspond to the parameters of a dynamic rule, the packets are passed for some time. A specific amount of time after the last outgoing packet, the dynamic rule is erased and incoming packets are blocked by the NAT device. This means, the external source cannot initiate a connection with a network node working through a NAT device, without receiving outgoing traffic first.","To overcome this problem, you must use the With dynamic address translation firewall type. Furthermore, a ViPNet coordinator, always accessible, must be located in external network. Let's call this coordinator the coordinator for incoming traffic. For a client, the coordinator for incoming traffic is its IP addresses server. The coordinator for incoming traffic can be reached directly or via a firewall with static addresses translation. The coordinator for incoming traffic shouldn't work through the same firewall as the client.","A network node working through a NAT device will periodically send UDP packets to its coordinator for incoming traffic. By default, the sending period is every 25 seconds. This allows any external network node to send IP packets to the network node via the coordinator for incoming traffic. In response, the network node will always send reply outgoing IP packets directly to the external node, by-passing the coordinator for incoming traffic. ","After receiving the first IP packet, the external network node will transfer all IP traffic to the network node working through a NAT device. In such a way, direct UDP traffic exchange between ViPNet nodes is created. Such a technology provides uninterrupted access to ViPNet nodes working through NAT devices (because dynamic rules cannot be deleted on the NAT device). At the same time, it creates a high speed of encrypted traffic exchange, since such an exchange uses coordinators for incoming traffic when initializing only and then all traffic exchange is done directly between ViPNet nodes.","To configure a coordinator's connection via a firewall (NAT) where static rules of address translation are difficult or impossible:","Select the coordinator node and click the Firewall tab.","Ensure there is a tick in the Use firewall check box.","Select With dynamic address translation from the Firewall type drop-down box.","Select the IP address of the network interface that connects to the firewall from the IP address of network interface connected to the firewall drop-down list box. If you cannot specify the exact IP address and want to do it manually on the coordinator node itself, select Chosen on the network node.","Note: To display a list of IP addresses, you should have previously specified them via the IP addresses tab.","If you know the IP addresses of the external interface of the firewall (and they are not changed dynamically):","Click the Add button in the External firewall IP addresses section of the screen. ","The IP address window appears:","Type an IP address and click OK. Note: IP addresses must be unique. If an IP address already exists, the program will warn you.","Select the coordinator that will pass traffic through the firewall from the Coordinator for incoming traffic drop-down box.","Note: This coordinator must be located in a network external to the coordinator you are setting (ie. they must be separated by firewall). The coordinator for incoming traffic must be accessible (directly or through a firewall with static address translation) and mustn't work through the same firewall as the coordinator you are setting. You can choose a coordinator that is connected with this coordinator.","If you want the network configuration you are creating to work correctly, the coordinator for incoming traffic should not work through a firewall with dynamic address translation or another coordinator.","If the Positional relationship between network node and coordinator drop-down list box displays, you have chosen a coordinator for incoming traffic that works through a firewall with dynamic address translation or another coordinator. Either:","Select another coordinator from the Coordinator for incoming traffic drop-down box, or","If you want to create a special configuration, leave the default value In the same local network (the same routing).","Specify how often the coordinator for incoming traffic will pass incoming traffic through the firewall from the Coordinator polling period field. The default is 25 seconds. The poll period mustn't be much more than the session timeout for the dynamic rule on the NAT device. Different NAT devices have different session timeouts, but usually the session timeout is no less than 30 seconds.","If you want all connections with other network nodes to be done only through the coordinator for incoming traffic (ie. the technology described above won't be used), tick the Entire VPN traffic with external nodes to be directed through coordinator check box. Note: Due to increased traffic, the speed of data exchange can slow down. Otherwise, you can achieve more stable connections in the ViPNet network.","Coordinator Connection via Firewall with Dynamic NAT",

"941.htm");

Page[42]=new Array("This connection option is suitable if you need to protect the IP traffic of nodes in the local network, and there is a firewall or NAT device on the border of the local network that allows you to set static rules of address translation. In this case, we recommended you install ViPNet Coordinator and set the parameters of connection via the firewall on one of network interfaces of this coordinator. After that, you should set all ViPNet clients on your local network to work through this coordinator.","To configure a coordinator's connection via a firewall (NAT) where static rules of address translation are possible:","Select the coordinator node and click the Firewall tab.","Ensure there is a tick in the Use firewall check box.","Select With static address translation from the Firewall type drop-down box.","Select the IP address of the network interface that connects to the firewall from the IP address of network interface connected to the firewall drop-down list box. If you cannot specify the exact IP address and want to do it manually on the coordinator node itself, select Chosen on the network node.","Note: To display a list of IP addresses, you should have previously specified them via the IP addresses tab.","If you know the IP addresses of the external interface of the firewall (and they are not changed dynamically):","Click the Add button in the External firewall IP addresses section of the screen. ","The IP address window appears:","Type an IP address and click OK. Note: IP addresses must be unique. If an IP address already exists, the program will warn you. If you add an address from the private range of addresses, the program will warn you.","IP packets from external nodes, intended for this coordinator, will be sent to these addresses. ","To fix an external IP address for accessing this coordinator through the firewall, click the Fix an external IP address check box and select the IP address from the drop-down list. Note: The first address from the list of external addresses automatically displays.","If an IP address is not specified, the IP address is registered by the external parameters of the IP packet. If an IP address is specified, external network nodes will send packets for this coordinator to the specified address, regardless of the address substituted in the external parameters of the packet.","We recommend you select this option only if the firewall has several external addresses and you need to route incoming packets through a specific address, regardless of the firewall address from which a packet left.","If necessary, change the port number in the UDP access port text box. By default, it is 55777. This port number is specified on the firewall to give external nodes access to this coordinator.  Changing the default value is required if several ViPNet nodes will work directly through one firewall or NAT device (ie. a connection through a firewall with static address translation will be set on each node). In this case, port numbers for these nodes must be different.","Coordinator Connection via Firewall with Static NAT",

"942.htm");

Page[43]=new Array("If ViPNet clients with the same IP addresses server use the same type of connection to the external network, you can do general firewall settings on their IP addresses server.","For ViPNet clients that use a type of connection differing from the type specified on their IP addresses server, you need to do individual settings for each client in the Firewall tab.","For information on connection types, read About ViPNet Connections.","To set firewall parameters for clients with the same IP addresses server:","Select the coordinator that is the IP addresses server for the client group and click the Client firewall tab.","If clients connect with the external network directly (without using a firewall), remove the tick from the Use firewall check box.","If you want to select a connection type after installing ViPNet Client, select Will be set manually from the Firewall type drop-down list box.","If clients connect with the external network through a ViPNet Coordinator:","Select Coordinator from the Firewall type drop-down box.","If necessary, change the coordinator from the Coordinator acting as firewall drop-down list box. By default, the coordinator you are setting is shown.","Select the relationship between the client group and coordinator from the Positional relationship between VPN clients and coordinator drop-down list box.","If clients connect with the external network through a firewall with static address translation, select With static address translation from the Firewall type drop-down list box.","If clients connect with the external network through a firewall where it's impossible to set static rules of address translation:","Select With dynamic address translation from the Firewall type drop-down box.","Specify how often the coordinator for incoming traffic will pass incoming traffic through the firewall from the IP addresses server polling period field. The default is 25 seconds.","If you want all connections with other network nodes to be done only through the coordinator, tick the Entire VPN traffic with external nodes is directed through IP addresses server check box. Note: Due to increased traffic, the speed of data exchange can slow down. Otherwise, you can get more stable connections in the ViPNet network.","Client Firewall (for Coordinator)",

"267.htm");

Page[44]=new Array("The firewall settings you make for clients depend on their type of connection to the global network.","If ViPNet clients with the same IP addresses server use the same type of connection to the external network, you can do general firewall settings on their IP addresses server. For the clients themselves, select Assigned on the IP addresses server from the Firewall type drop-down list box.","For clients that use a different type of connection from that specified on their IP addresses server, you can make individual settings in the client's Firewall tab. For information on connection types, read About ViPNet Connections.","If the client connects with external network directly, ie. without using a firewall, remove the tick from the Use firewall check box.","If you want to select a connection type after installing ViPNet Client, choose Will be set manually from the Firewall type drop-down list box.","To make any other type of individual firewall settings for a client, refer to Client Connection via Coordinator, Client Connection via Firewall with Dynamic NAT, or Client Connection via Firewall with Static NAT.","Firewall (for Clients)",

"268.htm");

Page[45]=new Array("If ViPNet Coordinator is installed on the border of your local network, we recommend you select it for nodes of the local network to enable data exchange with nodes in other networks. Data exchange will be realized through this coordinator and on behalf of its address.","The coordinator firewall type provides routing function with NAT for encrypted packets (IP and MAC addresses are translated). The automatic routing of encrypted packets to the coordinator is realized without changing the TCP/IP Windows's network settings. As a result, the coordinator will not handle non-encrypted traffic; this traffic will be treated according to the configuration of the underlying operating system of the client and routing rules specified in LAN for open traffic.","Immediately after installing ViPNet, the working operation of your network can continue. By minimizing of the settings required on computers after installation, the administration of a large local network becomes much simpler.","To configure a client's connection via a coordinator:","Select the client node and click the Firewall tab.","Ensure there is a tick in the Use firewall check box. ","Select Coordinator from the Firewall type drop-down box.","Select the coordinator that will act as a firewall from the Coordinator acting as firewall drop-down list box. By default, this is the coordinator on which this client is registered.","Select the relationship between the client you are setting and the coordinator that will act as firewall from the Positional relationship between network node and coordinator drop-down list box.","Note: This list box displays if firewall settings have been made for the coordinator acting as a firewall.","If you want the network configuration you are creating to work correctly, you must choose In the same local network (the same routing), otherwise the coordinator acting as the firewall must not use a firewall.","Client Connection via Coordinator",

"959.htm");

Page[46]=new Array("This connection option is suitable if there is no ViPNet Coordinator in the local network or clients cannot use a coordinator as a firewall. It also applies where there is a firewall or NAT device on the border of the local network that won't let you easily set static rules of address translation.","For learn more about this technology, read Coordinator Connection via Firewall with Dynamic NAT.","To configure a client's connection via a firewall (NAT) where static rules of address translation are difficult or impossible:","Select the client node and click the Firewall tab.","Ensure there is a tick in the Use firewall check box.","Select With dynamic address translation from the Firewall type drop-down box.","If you know the IP addresses of the external interface of the firewall (and they are not changed dynamically):","Click the Add button in the External firewall IP addresses section of the screen. ","The IP address window appears:","Type an IP address and click OK. Note: IP addresses must be unique. If an IP address already exists, the program will warn you. If you add an address from the private range of addresses, the program will warn you.","By using the With dynamic address translation firewall type (see Coordinator Connection via Firewall with Dynamic NAT for a description of that technology), the coordinator of incoming traffic for the client is its IP addresses server.","If you want the network configuration you are creating to work correctly, the IP addresses server must not work through a firewall with dynamic address translation or another other coordinator.","Select the relationship between the client you are setting and the coordinator acting as its IP addresses server from the Positional relationship between network node and coordinator drop-down list box.","Note: This list box displays if the coordinator acting as the client's IP addresses server (see IP addresses tab) is using a firewall with dynamic address translation or another coordinator.","If you want the network configuration you are creating to work correctly, you must choose In the same local network (the same routing).","Specify how often the coordinator for incoming traffic will pass incoming traffic through the firewall from the Coordinator polling period field. The default is 25 seconds. The poll period mustn't be much more than the session timeout for the dynamic rule on the NAT device. Different NAT devices have different session timeouts, but usually the session timeout is no less than 30 seconds.","If you want all connections with other network nodes to be done only through the coordinator for incoming traffic (ie. the technology described in Coordinator Connection via Firewall with Dynamic NAT won't be used), tick the Entire VPN traffic with external nodes to be directed through IP addresses server check box. Note: Due to increased traffic, the speed of data exchange can slow down. Otherwise, you can achieve more stable connections in the ViPNet network.","Client Connection via Firewall with Dynamic NAT",

"960.htm");

Page[47]=new Array("This connection option is suitable if there is no ViPNet coordinator in the local network or clients cannot use a coordinator as a firewall. It also applies where there is a firewall or NAT device on the border of the local network that allows you to set static rules of address translation.","To configure a client's connection via a firewall (NAT) where static rules of address translation are possible:","Select the client node and click the Firewall tab.","Ensure there is a tick in the Use firewall check box.","Select With static address translation from the Firewall type drop-down box.","If you know the IP addresses of the external interface of the firewall (and they are not changed dynamically):","Click the Add button in the External firewall IP addresses section of the screen. ","The IP address window appears:","Type an IP address and click OK. Note: IP addresses must be unique. If an IP address already exists, the program will warn you. Because external addresses are specified from permissible addresses of the Internet, if you add an impossible address, the program will warn you.","IP packets from external nodes, intended for this client, will be sent to these addresses.","To fix an external IP address for accessing this client through the firewall, click the Fix an external IP address check box and select the IP address from the drop-down list. Note: The first address from the list of external addresses automatically displays.","If an IP address is not specified, the IP address is registered by the external parameters of the IP packet. If an IP address is specified, external network nodes will send packets for this client to the specified address, regardless of the address substituted in the external parameters of the packet.","We recommend you select this option only if the firewall has several external addresses and you need to route incoming packets through a specific address, regardless of the firewall address from which a packet left.","If necessary, change the port number in the UDP access port text box. By default, it is 55777. This port number is specified on the firewall to give external nodes access to this client. ","Client Connection via Firewall with Static NAT",

"961.htm");

Page[48]=new Array("If there is no need for traffic encryption within the local network or it's impossible to install ViPNet on any network devices, you can configure a coordinator to only tunnel (encrypt) the traffic between local area networks.","If coordinators must do tunneled connections (there is permission in the license), you need to specify the IP addresses for those connections that can be tunneled. In addition, you can specify the maximum number of connections that can be tunneled by a coordinator simultaneously.","Specifying the IP addresses for tunneling via ViPNet Manager minimizes the manual settings you need to do via the ViPNet software on each network node. If settings aren't specified in ViPNet Manager, then after installing ViPNet software on each node of the network, you must complete those settings for each coordinator and every client registered on that coordinator.","You can get IP addresses from your organization's network administrator.","Note: ViPNet Network Creation Wizard automatically distributes tunneled connections in equal parts between all coordinators.","To add the IP address or IP address range of a tunneled connection for a coordinator:","Select the coordinator and click the Tunnel tab.","Click the Add button. The IP address or range dialog box appears:","Click the radio button beside the IP address option you want to use.","Type a single IP address or an IP address range. Note: All IP addresses must be unique. If any IP address (or range) already exists, ViPNet Manager will ask you to choose another one.","Click OK. The specified IP address automatically appears in the IP address list for this coordinator.","Note: Even though you can add any number of IP addresses (or ranges) for a coordinator, you should not exceed the number specified in the Maximum total number of concurrently tunneled connections drop-down field. This prevents tunneled connections from being blocked when the ViPNet software is running.","To edit the IP address of a tunneled connection:","Click the IP address in the list and click Edit. The IP address or range window appears. ","Change the IP address or IP address range and click OK.","To delete the IP address of a tunneled connection:","Click the IP address in the list and click Remove. A message will appear asking you to confirm that you want to delete this IP address or IP address range. Click Yes.","From the Maximum total number of concurrently tunneled connections drop-down field, type or select the maximum number of connections that can be tunneled by this coordinator concurrently. This number, when added to the number of tunneled connections already assigned to other coordinators, must not exceed the limit imposed by the license (see the license summary under the License restrictions header). If you specify a number that brings the total number of tunneled connections assigned to coordinators in your network higher than the license restriction, the warning icon @ appears.","Tunnel (for Coordinator only)",

"269.htm");

Page[49]=new Array("During your configuration of the ViPNet network, ViPNet Manager traces where there is insufficient data or conflict between configuration data.","Insufficient data is identified with the @ icon. Conflicting data is identified with the @ icon.","If there are conflicts in the system, the ViPNet network will work incorrectly or not at all, and you won't be able to create key sets.","To display detailed information about a particular conflict or piece of incomplete data:","Click the tab displaying the @ or @ icon.","Click the @ or @ icon on the page.","The Conflict data or Insufficient data window appears:","To fix the problem, click each Elimination methods hyperlink. The hyperlink will take you to the specific dialog box for that configuration parameter.","Once you have made the change and returned to the Conflict data or Insufficient data window, click the Repeat verification button to see if you have fixed the problem.","To display the entire list of conflicting or insufficient data in your ViPNet network configuration:","Click @, or","Select Tools &gt; Verify network configuration from the menu bar.","The Conflict and insufficient data window appears:","Fix the problem using the Elimination methods hyperlinks, as described above.","Resolve Conflicting &amp; Insufficient Data",

"280.htm");

Page[50]=new Array("Occasionally you will need to change the network structure. Using ViPNet Manager, you can:","Add new network nodes","Change network nodes","Delete network nodes","Select another client as the official VipNet Manager manager","Move clients to another coordinator","Change links for created network nodes","Warning! Changes in the network structure require the key sets to be rebuilt.","Change Network Structure",

"272.htm");

Page[51]=new Array("Note: If the number of nodes has reached the limit of the active license, ViPNet Manager will not let you add more.","To add a coordinator to the network structure:","Click @, or","Right-click Entire ViPNet Network and select Add Coordinator from the pop-up menu, or","Press the Insert key on your keyboard.","To add a client to a particular coordinator:","Click @, or","Right-click the coordinator and select Add Client from the pop-up menu, or","Press the Insert key on your keyboard.","The Links dialog box appears:","Select a type of link and press OK.","Select a type of link using the following descriptions:","Link all nodes with each other (default mode). All network nodes will have protected links with each other.","Link all clients belonging to the same coordinator. Each client will have protected links with their own coordinator and all other clients of the same coordinator. At the same time, all coordinators will be connected with each other.","Link all clients with its coordinator only. Each client will have a protected link with only their own coordinator. At the same time, all coordinators will be connected with each other.","The new node appears in the tree. Its name is based on the same naming rules used when automatically creating the network structure.","Add Network Nodes",

"273.htm");

Page[52]=new Array("To change the linking behavior for a network node:","Select the network node and select Network &gt; Links from the menu bar. The Links dialog box appears:","Select a type of link using the following descriptions:","Link all nodes with each other (default mode). All network nodes will have protected links with each other.","Link all clients belonging to the same coordinator. Each client will have protected links with their own coordinator and all other clients of the same coordinator. At the same time, all coordinators will be connected with each other.","Link all clients with its coordinator only. Each client will have a protected link with only their own coordinator. At the same time, all coordinators will be connected with each other.","If you want to pre-determine the link type for all nodes you add in the future (coordinator or client):","Select the radio button beside the link type.","Tick the Apply for all new network nodes check box.","Click OK.","Set Link Type for Network Node",

"274.htm");

Page[53]=new Array("To change the name of a network node (coordinator or client):","Select the node and click @, or","Right-click the node and select Rename from the pop-up menu, or","Press the F2 key on your keyboard.","Note: Each name must be unique within the network. If a name exists, you will be asked to type another one.","Change Network Nodes",

"275.htm");

Page[54]=new Array("At initial network creation, the first client of the first coordinator is automatically given the role of manager.","To make another client the official ViPNet manager:","Right-click their network node and select Set as a Manager from the pop-up menu, or","Select Edit &gt; Set as a Manager from the menu bar.","Note: If ViPNet Manager client keys were already installed on the computer of the official ViPNet Manager, then after re-assigning the managerial role to another client, it is necessary to install new keys on the new machine.","Assign Another Client as Manager",

"276.htm");

Page[55]=new Array("To delete any network node:","Select the node and click @, or","Right-click the node and select Remove from the pop-up menu, or","Press the Del key on your keyboard.","A message appears asking you to confirm you want to delete this network node. Click Yes.","When deleting a client, its functions will be delegated to another client. If you deleted the dedicated ViPNet Manager, it is necessary to install new keys on the machine of the new official ViPNet Manager.","Warning! Deleting a coordinator deletes all the clients associated with it.","Delete Network Nodes",

"277.htm");

Page[56]=new Array("To move a client from one coordinator to another:","Click the client node and drag it away from its current position.","Drop the client node over the new coordinator node.","Move Client to Another Coordinator",

"278.htm");

Page[57]=new Array("To change the links of your existing network structure:","Select a network node and click the Links tab.","Tick the check boxes beside the nodes you want to link to.","Untick the check boxes beside the nodes you want to remove links to. Note: You cannot remove mandatory links (links between coordinators, and links between coordinators and their clients).","Change Links of Existing Network Nodes",

"279.htm");

Page[58]=new Array("To view or change the criteria used to create user passwords:","Select Tools &gt; Random password options from the menu bar.","The Random passwords options dialog box appears:","Each network node (client and coordinator) has its own user password. The user password is generated using the first x (number of) characters from each word of a randomly generated password phrase.","Use the following field descriptions to define the length and language of your user passwords:","Password phrase language. Select the language that will be used to create user passwords. The currently available options are English or Russian.","Words in password phrase. Select how many words a password phrase will contain. If you choose 3 or 4, one phrase will be generated. If you choose 6 or 8, two password phrases will be formed.","Letters used. Select the number of characters that will be taken from the start of each word in a password phrase and used to create the user password.","Password length. This field calculates how many characters a user password will contain.","Define Password Criteria",

"799.htm");

Page[59]=new Array("You need to create key sets (.dst files) for your network nodes if:","you chose not to create them via the ViPNet Network Creation Wizard the first time you ran ViPNet Manager.","you have made changes to the network structure.","To create key sets:","Check your configuration for any conflicting or insufficient data. Note: If you have any conflicts, the key sets creation won't run.","Check you are happy with the rules that will be used to create user passwords.","Either:","Click @, or","Select Tools &gt; Keys &gt; Create key sets from the menu bar.","Note: These options will be disabled if the network structure has not changed.","If there is conflicting or incomplete data in your network configuration, the Verification of ViPNet network configuration dialog box appears:","If there is conflicting data, you must resolve it before you create key sets. If there is just incomplete data, you can click the Skip button and continue to create key sets. However, after installing ViPNet software with such key sets, you will probably need to do some manual settings on each network node.","The Digital Roulette (random number generator) appears:","Follow the instructions described in the window. If key sets are being created for the first time, the following message about creating a root certificate for the ViPNet Manager administrator appears:","Click OK. The Certificate Request window appears:","By default, the Administrator is the owner of the root certificate and the certificate is given a validity period of five years. You can change these details and others via the Subject and Validity tabs.","Click OK to continue.","All created key sets files, user passwords and administrator passwords are put into the \\NCC\\KEYS subfolder of the ViPNet Manager installation folder. Key sets are saved in files with a .dst extension and these files are put in folders named after the network nodes. ViPNet user passwords are saved in the ViPNet.txt file (passwords list). Administrator passwords are saved in the ViPNet_a.txt file.","If you are re-creating key sets because you have just made changes to your network structure, the changed key set files are saved into the \\NCC\\CHANGED_KEYS subfolder.","The Key sets creation dialog box appears:","To send key sets:","now, click OK and send follow the send key process.","later, remove the tick from the Send key sets check box and click OK.","To open the folder that contains the key sets, select Tools &gt; Keys &gt; Key sets from the menu bar.","To open the folder that contains key sets that have changed and not yet been sent, select Tools &gt; Keys &gt; Key sets not sent from the menu bar.","For future use, create a backup copy of the \\NCC\\Keys subfolder on a separate media (eg, floppy, USB-flash or CD). The key set information is then easily accessible when installing software on client and coordinator computers. Note: Make sure the media can be used by those computers.","To display the location of a key set file for a selected network node as well as its unique password and password phrase, select the network node and click the Keys tab.","If this is the first time you have created key sets, write down the user password for the ViPNet Manager's workstation.","Create Key Sets",

"281.htm");

Page[60]=new Array("If the ViPNet network structure changes, new key sets will need to be sent to those network nodes affected by the changes.","Note: If key sets were created for the first time or ViPNet software has not been installed on the network nodes, you will need to install key sets manually (.dst files) on those nodes via media.","Note: If you have added new nodes to your ViPNet network, the ViPNet Client on the ViPNet Manager workstation must receive key set updates BEFORE you send updates to the other network nodes.","By default, key sets updates created on the ViPNet Manager workstation are automatically sent to ViPNet Client. However, if certain settings have been made in ViPNet Client, you will need to receive updates in accordance with the instructions specified in the ViPNet Client User Guide.","Before sending updates, make sure ViPNet Client is running, because sending updates is done by the transport module ViPNet MFTP, which is launched periodically by ViPNet Client.","To send key sets update to network nodes remotely:","Either: ","Click @, or","Select Tools &gt; Keys &gt; Send key sets from the menu bar.","If the ViPNet Manager's workstation has not been set up properly, a message describing the problem and solution will appear. Fix the problem and try to send key set updates again.","If updates created on the ViPNet Manager workstation have not yet been accepted by ViPNet Client, the following message appears:","To accept updates on the ViPNet Manager workstation, press Continue. Note: If you don't accept key set updates on the ViPNet Manager workstation, it will be impossible to send updates to new network nodes.","The Sending Key Sets window appears:","Ensure the check boxes are ticked for those network nodes you want to send key updates to. Note: By default, all the nodes are selected.","To filter out unwanted nodes, type some of the characters that appear in the desired nodes in the Find text box. Note: The characters can be numeric, giving you have the option of searching by the date the node was created or changed.","To specify a future date for the key set updates to take effect, use the drop-down arrows to select a new date and time. By default, today's date displays.","Click Send. MFTP launches and the sending process starts. If unsuccessful, an error message appears. If successful, a confirmation message appears.","Note: ViPNet Manager logs update request information in a text file, offmupdate.log, in the installation folder. To view the file, select Tools &gt; View update log from the menu bar.","Send Key Set Updates",

"284.htm");

Page[61]=new Array("ViPNet Manager allows you to send ViPNet Client and ViPNet Coordinator updates to ViPNet network nodes.","To request ViPNet software updates, contact Infotecs. After receiving your update files, you should copy them to a folder (with no subfolders).","Note. ViPNet software updates will only be possible if the current Windows users has administrator rights.","To install ViPNet software updates on network nodes remotely:","Either: ","Click @, or","Select Tools &gt; Update ViPNet software from the main bar.","If the ViPNet Manager's workstation has not been set up properly, a message describing the problem and solution will appear. Fix the problem and try to send key set updates again.","If the ViPNet Manager's workstation has been set up properly, the ViPNet software update wizard appears:","Click Next. The Update folder window appears:","To select a different install location, click the Browse button. Otherwise, click Next to continue. By default, this folder the is ViPNet Manager installation folder.","Note: If you choose another folder, this folder will display next time by default.","The Updates on network nodes window displays.","By default, all the network nodes are selected to receive software updates.","Remove the ticks from the nodes you do not want to receive software updates. Note: The Clear all button deselects every node and Select all selects them.","If you can't select a node(s), that means the key set for the ViPNet Manager workstation has not been updated. To solve this problem, click Cancel, create a new key set for the ViPNet Manager workstation and send the key set update.","To filter out unwanted nodes, type some of the characters that appear in the desired nodes in the Find text box. Note: The characters can be numeric, giving you have the option of searching by the date the node was created or changed. If you use the filter to display a particular client, the coordinator associated with a client will display as well. To clear your filter and return to the full network node list, click @.","Click Next to continue. The Effective time window appears:","If required, specify another date and time for when the sent ViPNet software update will become effective.","If you want users to view a message telling them they need to manually restart their computers before the software update is effective, leave the Automatically restart computers after software update check box blank.","If you want computers to automatically restart after the ViPNet software update, tick the Automatically restart computers after software update check box. This check box must be selected if you are sending software updates to coordinator computers where there are no operators or access to them is difficult.","Click Next. MFTP launches and the sending process starts. ViPNet Client will be sent to client workstations and ViPNet Coordinator to coordinator computers. If unsuccessful, an error message appears. If successful, a confirmation message appears.","Send ViPNet Software Update",

"285.htm");

Page[62]=new Array("ViPNet Manager allows you to return to previous configurations of the ViPNet network. You do this via backups created automatically by the program or manually by the ViPNet Manager administrator.","ViPNet Manager automatically (without your request) creates a backup copy of the current ViPNet network configuration when you:","close the program","recover a network configuration","clear a network structure","create a new network configuration.","In addition to the network configuration, a backup includes the current settings of the ViPNet Manager program itself.","Backups are saved in the \\Restore subfolder of the ViPNet Manager installation folder.","Create &amp; Recover Network Configuration Backups",

"286.htm");

Page[63]=new Array("Note: This procedure allows you to roll back to any previous version of your ViPNet Network configuration. If however, you only want to roll back to the very last configuration, you can click @ button on the ViPNet Manager interface.","To recover a previous configuration from backup:","Select Tools &gt; Restore Network Configuration from the menu bar.","The Restore ViPNet Manager Configuration wizard appears:","Select Restore ViPNet Manager configuration and click Next.","The Choose backup copy window appears:","It displays a list of all backups, whether created automatically or manually.","Backups created automatically have one of the following comments:","Created at finishing work","Created at network creation","Created at configuration recovery","Created at network removal","Backups are automatically sorted by date and time of creation. To change the sort order, click either the Creation date and time or Comment column headings.","Select the backup you want to recover and click Next.","If the administrator password in the configuration you want to recover differs from the current password, the Password window appears:","Type the password that was used when the backup was created and click Next. ","The recovery process starts. When it finishes, the following window appears:","To close the wizard, click Finish.","To initiate another backup operation, click Home.","Restore Network Configuration",

"287.htm");

Page[64]=new Array("To create a backup of the current ViPNet network configuration and ViPNet Manager program:","Select Tools &gt; Restore Network Configuration from the menu bar.","The Restore ViPNet Manager Configuration wizard appears:","Select Create a backup copy of the current configuration and click Next. ","The Backup Copy Creating window appears:","Type a comment that describes the configuration and click Next. Note: Writing a comment is not obligatory, but, if the backup is ever required, it will help you find the backup from the backup list. The maximum number of characters you can enter for a comment is 200.","Backups are saved in the \\Restore subfolder of the ViPNet Manager installation folder.","Note: If disk space is insufficient for creating a backup, a warning message will appear. In this case, you need to increase free disk space.","The backup process starts. When it finishes, the following window appears:","To close the wizard, click Finish.","To initiate another backup operation, click Home.","Create Current Network Configuration Backup",

"288.htm");

Page[65]=new Array("To delete a backup or change the comment attached to a backup: ","Select Tools &gt; Restore Network Configuration from the menu bar.","The Restore ViPNet Manager Configuration wizard appears:","Select Edit backup copies list and click Next. The Edit backup copies list window appears:","To remove unnecessary backups, select the line items (hold down Shift+left mouse key or Ctrl+left mouse key) and click the Remove button. When the confirmation message displays, select Yes.","To change a comment:","Select the line item and click the Edit comment button. ","Edit the selected text and press Enter on your keyboard.","Click Next to continue. The following window appears:","To close the wizard, click Finish.","To initiate another backup operation, click Home.","Change Backup List",

"289.htm");

Page[66]=new Array("Note: This backup operation is only available after you have recovered a configuration from backup, and if no other backup was created after this recovery.","To cancel the last configuration recovery:","Select Tools &gt; Restore Network Configuration from the menu bar.","The Restore ViPNet Manager Configuration wizard appears:","Click Undo the last restored configuration.","Click Next to continue.","The cancellation process starts. When it finishes, the following window appears:","To close the wizard, click Finish.","To initiate another backup operation, click Home.","Cancel Last Network Configuration Recovery",

"290.htm");

Page[67]=new Array("For a complete reset of the network:","Select Network &gt; Clear from the menu bar.","The Clear network message box appears:","Tick the Clear all network check box and click OK.","Note: By deleting the network, a backup copy of the current configuration will be created.","Clear Network",

"292.htm");

Page[68]=new Array("To create a new network:","Either:","Select Network &gt; Create from the menu bar, or ","Click the Entire ViPNet Network in the ViPNet network tree structure and click the Create Network button in the Properties section of the screen. ","The ViPNet Network Creation Wizard appears.","Use the ViPNet Network Creation Wizard to create a new network structure.","Note: If you press Cancel during the wizard, the previous network will be restored.","Create New Network",

"293.htm");

Page[69]=new Array("ViPNet Coordinator [Monitor] is the configuration and control center of ViPNet Coordinator.","Warning! Before starting ViPNet Coordinator, make sure there is no any other firewall installed on the computer. If there is, you should delete it. If you use Microsoft Windows XP, turn off the integrated Windows Firewall within the Network Connections settings (when using Service Pack 2, this option is switched on by default). Using ViPNet Coordinator and another firewall simultaneously may lead to conflicts between the programs and problems with network access.","If you log on to a domain, terminal or similar server, the process will fail if a coordinator or client is not (yet) installed on the domain-controller. All connection attempts from non-ViPNet objects to the computer will also fail. This happens because the integrated firewall denies all unprotected (non-encrypted) connections. To ensure network functionality during ViPNet setup, integrated firewalls on installed ViPNet network nodes should be configured accordingly.","Configuration: ViPNet Coordinator",

"294.htm");

Page[70]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","To start ViPNet Coordinator [Monitor]: ","Either:","Press the Start button on your Windows taskbar and select All Programs &gt; ViPNet &gt; Coordinator &gt; ViPNet Coordinator [Monitor] (Note: This path could have been changed during installation), or","Double-click the @ icon on the desktop (this only displays if it was selected during installation).","The following dialog box appears:","Type the password and click OK. The ViPNet Coordinator [Monitor] window appears:","The left part of the ViPNet Coordinator window contains configuration and administration functions. Information relating to the selected function displays in the right area of the screen.","By default, Private Network is selected. The right area of the screen shows all the ViPNet network nodes to which a connection was allowed during the creation of the network in ViPNet Manager.","Node names display in one of the following colors:","Color","Meaning","Grey","The network node is not yet set up or is offline","Blue","The local system","Red","Coordinators","Violet","Online clients","Note: Color codes can be changed by selecting Service &gt; Color from the menu bar.","The status of each node is identified by one of the following icons:","Icon","Node status","The local system (your node)","Offline network node","Online client","Online coordinator (if this icon appears on a client, this coordinator is the IP addresses server for that client)","Private Network is also used with the next three functions in the configuration list (Public Network, Blocked Connections and Security Levels) for the configuration of the integrated firewall.","The Settings section allows you to define a connection type for the network node.","The remaining elements are mainly used to view statistical information and to make further administrative changes.","Start ViPNet Coordinator [Monitor]",

"296.htm");

Page[71]=new Array("All ViPNet Coordinator [Monitor] settings depend on the necessary functionality of the coordinator and the settings specified in ViPNet Manager. If all necessary coordinator settings (IP addresses, firewall connection, addresses tunneling, using as IP addresses server) were specified in ViPNet Manager, you don't need to do any manual settings in ViPNet Coordinator, except security level settings on the coordinator network interfaces.","If necessary settings were not done in ViPNet Manager, you need to do manual settings in ViPNet Coordinator. We highly recommend you read about the routing of IP traffic on network nodes before continuing with the configuration of the coordinator. It describes the ViPNet communication technology.","To learn about the basic schemes of using ViPNet OFFICE software, refer to the document Schemes of Using ViPNet.","Recommendation: When configuring coordinators, we recommend you to set the security level to 4. If the coordinator has several network adapters, you should set the security level for each adapter. You can select the network adapter from the menu bar (Service &gt; Network Adapters).","After the connections between coordinators and clients are established and confirmed, you can start configuring the integrated firewall according to your security policy.","Configuration Overview",

"298.htm");

Page[72]=new Array("Note: If you made all necessary IP address or DNS name settings in ViPNet Manager, you don't need to enter the IP addresses or DNS names of other coordinators. What's more, if you did the necessary settings in ViPNet Manager, you don't need to select a communication type. If the coordinator works through a firewall on the border of the local network that allows you to set static rules of address translation, you should do additional settings on this firewall.","If more than one coordinator was created in ViPNet Manager, they need to be connected to each other first. To do this, the IP address of each coordinator needs to be entered in each coordinator. This can be the public IP addresses of coordinators directly connected to the Internet, or the IP addresses of the gateways or firewalls in the local area networks the coordinators use to connect to the Internet.","For more information on DNS names, refer to DNS and WINS Services.","To establish/confirm the connection between the coordinator and another coordinator:","Select Private Network and double-click the coordinator. The Access rule dialog box appears:","Click the IP addresses tab.","To add the IP address of another coordinator:","Click the Add button.","Type the IP address and click OK.","To add a DNS name of another coordinator:","Tick the Use DNS name check box.","Click the Add button. The DNS name dialog box appears:","Type the DNS name. Note: You can get DNS names for ViPNet network nodes from your organization's network administrator.","Click OK twice to save your settings.","To choose the connection type between the coordinators:","Select Settings on the main window.","Depending on the location of the coordinator, either activate (tick) or deactivate (leave blank) the Use Firewall check box. You can find out which options are applicable in the section on routing of IP traffic.","If the coordinator will also (or exclusively) be used for the purpose of tunneling unprotected systems from the local network, make the necessary tunneling settings.","To check the connection to the other coordinator:","Select Private Network on the main window.","Click the ViPNet coordinator from the right-hand side of the screen and either:","Click @,","Right-click and select Check Connection from the pop-up menu, or","Press the F5 key. ","If all your settings are correct, you will receive a message confirming the client connection with the coordinator is successful. If you don't receive this message, check your settings.","After the connections between coordinators and clients are established and confirmed, you can start configuring the integrated firewall according to your security policy.","Establish/Confirm Connection",

"1123.htm");

Page[73]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","To close ViPNet Coordinator [Monitor]:","To minimize the program to the system tray, either:","Click @ at the top right corner of the window, or ","Press Alt+F4.","To maximize the program again, click @ icon in your system tray.","To close the program, click Exit on the menu bar. When the following message box appears, click Yes.","Note: After closing ViPNet Coordinator [Monitor], the ViPNet driver remains active and continues filtering all IP traffic according to the rules set up in the integrated firewall. If you do not wish to be protected by ViPNet software while you work, you can switch the security level to level 5 and close ViPNet Monitor. In this mode encryption is turned off and all open traffic is allowed. You can achieve the same result during system startup by clicking the Cancel button in the password dialog box or by pressing the Esc key.","Close ViPNet Coordinator [Monitor]",

"297.htm");

Page[74]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","All ViPNet Coordinator [Monitor] settings depend on the necessary functionality of the coordinator and the settings specified in ViPNet Manager. If all necessary coordinator settings (IP addresses, firewall connection, addresses tunneling, using as IP addresses server) were specified in ViPNet Manager, you don't need to do any manual settings in ViPNet Coordinator, except security level settings on the coordinator network interfaces.","If the coordinator works through a firewall on the border of the local network that allows you to set static rules of address translation, you should do additional settings on this firewall.","If necessary settings were not done in ViPNet Manager, you need to do manual settings in ViPNet Coordinator.","To facilitate the communication with clients anywhere on the network, ViPNet Coordinator and ViPNet Client have the ability to switch between the following four connection types:","Direct connection with other nodes.","Connection with other ViPNet nodes through a local coordinator that provides NAT for traffic of this client.","Connection through a firewall/NAT system with NAT rules that can be modified.","Connection through a firewall/NAT system with NAT rules that cannot be modified. This connection type is used when ViPNet Client is working remotely through a GPRS/UMTS network and WiFi hot spot.","For more information on connection types, read About ViPNet Connections.","Routing of IP Traffic",

"311.htm");

Page[75]=new Array("This connection type has to be selected on the client if it has at least one IP address bound to it, which can be accessed directly (ie. public IP address). Network nodes set up like this always communicate with each other using the IP/241 protocol. The encrypted traffic from such clients to coordinators and other clients that work through coordinators is always encapsulated into IP/UDP packets.","Attention! A network node with this connection type, which works inside the LAN with a private address and accesses the Internet via a firewall/NAT system, won't be able to communicate with network nodes outside the LAN with its private system of IP addresses.","If a coordinator uses this connection type and is on the border between two network segments, it provides NAT services for all ViPNet connections in both directions. All IP packets, encapsulated into UDP packets, passing the coordinator, are forwarded from the address of the corresponding network adapter of the coordinator.","Furthermore, the coordinator can carry out the function of a tunneling server. In this case, the coordinator encrypts open traffic from its given LAN group (in general, any IP devices such as IP telephones, web cameras), then encapsulates the traffic into UDP and sends it to other ViPNet nodes or unprotected computers (IP devices) working through other accessible coordinators.","IP traffic from a workstation without ViPNet software is taken by the network adapter of a coordinator and can be tunneled (to be encrypted for sending later to any node). In this case, encrypted packets will be sent on behalf of the name of this adapter (NAT function for tunneling traffic).","To configure a coordinator's connection without using a firewall:","Click the Settings configuration link.","Ensure there is no tick in the Use Firewall check box.","For ViPNet Client you can additionally select an accessible coordinator as an IP addresses server from the IP addresses server drop-down list box:","Click the Apply to save your settings.","Connections without Firewall",

"312.htm");

Page[76]=new Array("If the coordinator functions as the gateway of a LAN and other clients connect to the network through this coordinator, the coordinator becomes a network node ('crypto-gateway') passing traffic to the outside from the nodes connected with it under its own name.","The option to select different coordinators as a firewall is a kind of a 'fail-safe' function; if a coordinator is unreachable, another can take its place.","If a client is set up to connect to the network through a coordinator, the client's encrypted traffic to and from nodes not accessible directly, will be forwarded by the coordinator. In this case, the coordinator plays the role of a router with NAT function (IP and MAC addresses of the client are translated).","The automatic routing of encrypted information to its coordinator occurs without the need to change the TCP/IP settings of the underlying operating system. The default gateway configuration stays the same after the ViPNet installation. This results in the unprotected network being unmodified, ie, work can be continued right after the installation of the ViPNet software.","In a large network that's divided into different segments by routers/switches, and where traffic is handled by IP addresses and protocols because of security policies, you can reduce the parameters of connection by using a coordinator. The administrator only has to complete settings for the UDP protocol, the local tunnelled addresses of the segment, and for the redirection of encrypted UDP traffic to the local address of the coordinator. (Refer to the diagram in Client Connection via Coordinator.)","If there is a need to secure the traffic of a specific segment of the network, a second coordinator can be placed at the border of this segment (refer to the diagram in Coordinator Connection via Another Coordinator). The first ViPNet coordinator (closer to Internet) has to be chosen as the firewall for the second ViPNet coordinator.","This results in the automatic routing of encrypted traffic from the inner segments to the local and global networks, when cascading several coordinators.","To configure a client's connection via a coordinator:","Ensure there is a tick in the Use Firewall check box. ","Select ViPNet coordinator from the Firewall type drop-down list box.","By default, the coordinator the client was assigned to in ViPNet Manager appears in the ViPNet coordinator list box. If required, you can select another coordinator from the list. Mobile ViPNet users, for example, may select other coordinators in different networks and instantly get access to all network resources.","Leave the IP addresses server untouched to ensure the list you receive from the IP address server is your complete list of allowed connections (a different coordinator may have incomplete information).","Click the Apply to save your settings.","To configure a coordinator's connection via another coordinator acting as a firewall:","Ensure there is a tick in the Use Firewall check box.","Select ViPNet coordinator from the Firewall type drop-down list box.","Note: A coordinator that works through another coordinator does not need an IP addresses server; it exchanges IP information with all other coordinators connected with it. This is the reason why the coordinator does not have the IP addresses server part in the Settings window.","Select the network adapter located on the same 'side' as this coordinator from the Network interface connected to Firewall drop-down list box.","Click the Apply to save your settings.","Connections via Coordinator",

"313.htm");

Page[77]=new Array("This connection type is universal and can be used in almost any case. The main purpose of this connection is to provide a secure, two-sided link with nodes working through NAT devices that make it difficult or impossible to set static rules of address translation (including the absence of user rights).","If you have several clients working through a NAT device, the set up of a coordinator with one or more network adapters can aid the concentration of encrypted traffic. The following settings need to be applied to the coordinator first:","One network adapter must have its Firewall type set to With dynamic NAT.","Another ViPNet coordinator with access by public IP address (directly or through a firewall providing the redirection of packets on this address), must be set as the ViPNet coordinator for incoming traffic for this coordinator.","The Windows gateway must be set to the IP address of the NAT device in the network properties.","After the installation of all clients (assuming they were registered on this coordinator in ViPNet Manager), you will find their Firewall type automatically set to (this) ViPNet coordinator. This ensures all client IP packets are forwarded to the NAT device through the coordinator with the coordinator's network adapter IP address.","If clients in the local network cannot work through a ViPNet coordinator, you should set the Firewall type to With dynamic NAT. The firewall or NAT device must be assigned, by default, as a gateway for the operating system of workstations where clients are installed.","If you work with a DSL modem and long packets can't be transmitted, you can decrease the MTU (Maximum Transmission Unit) value in the Advanced Settings window.","To ensure settings are made correctly, we recommend you read about using a connection via a firewall with dynamic address translation.","To configure a client's connection via a firewall (NAT) where static rules of address translation are difficult or impossible:","Ensure there is a tick in the Use Firewall check box.","Select With dynamic NAT from the Firewall type drop-down box.","From the IP addresses server drop-down list box, select the client's coordinator for incoming traffic. This coordinator can be accessible either directly or through a firewall with static address translation.","To keep the dynamic rule alive, the client periodically sends UDP packets to a corresponding coordinator for incoming traffic (IP addresses server). By default, the sending period is 25 seconds. If necessary, change this value. Note: The poll period mustn't be much more than the session timeout for the dynamic rule on the NAT device.","If you want all incoming and outgoing traffic to be routed through the coordinator for incoming traffic, tick the Direct all traffic with external hosts through IP addresses server check box. Note: Due to increased traffic, the speed of data exchange can slow down. Because of this, you should only enable this function in certain cases.","Click the Apply to save your settings.","To configure a coordinator's connection via a firewall (NAT) where static rules of address translation are difficult or impossible:","Ensure there is a tick in the Use Firewall check box.","Select With dynamic NAT from the Firewall type drop-down box.","From the ViPNet coordinator for incoming traffic drop-down list box, select the coordinator that will always be accessible.","From the Network interface connected to Firewall drop-down list box, select the network adapter located on the same side as the NAT device, through which the coordinator works.","If necessary, change how often the coordinator will pass incoming traffic through the firewall from the ViPNet coordinator poll period for providing traversal of incoming traffic through Firewall (seconds) text box. Note: The default value, 25 seconds, is sufficient for most NAT devices with dynamic rules.","If you want all incoming and outgoing traffic to be routed through the coordinator, tick the Direct all traffic with external hosts through ViPNet coordinator check box. Note: Due to increased traffic, the speed of data exchange can slow down. Because of this, you should only enable this function in certain cases.","Click the Apply to save your settings.","Connections via Firewall with Dynamic NAT",

"315.htm");

Page[78]=new Array("If a firewall supporting NAT protects the border of the local network, any connection with the outside network is realized through this firewall. ViPNet network nodes can also work through such a device.","If you need to locate several ViPNet clients in a network, you can use a coordinator with one or more network adapters. One of these adapters needs to use the With static NAT firewall type. In addition, the default gateway of the system the coordinator is installed on should use the firewall as the gateway. ","After the installation of all clients (assuming they were registered on this coordinator in ViPNet Manager), you will find their Firewall type automatically set to (this) ViPNet coordinator. This ensures all client IP packets are routed through the coordinator with the coordinator's IP address.","You only need to use the With static NAT firewall type on clients if there are no coordinators in the local network or clients cannot work through a ViPNet coordinator. If ViPNet Coordinator is installed in the internal network, you should work through this coordinator (ie. select ViPNet coordinator as the firewall type) and settings through the firewall (With static NAT) should be done on the coordinator. ","If clients in the local network cannot work through a ViPNet Coordinator (see diagram on Client Connection via Firewall with Static NAT), you should use the With static NAT firewall type for these clients. Note: The firewall or NAT device you use must be assigned by default as a gateway for the operation systems of the workstations where clients are installed.","Attention! To exchange encrypted traffic, each client must have its own UDP port number that differs from other clients. This is required to avoid port number conflicts.","You need to set up static rules on the firewall or NAT device to ensure it redirects encrypted ViPNet traffic correctly.","If you're using a coordinator, you need to:","Pass outbound UDP packets with the address and port used by the coordinator (by default, the port is 55777, however, it can be changed).","Redirect inbound UDP packets to the coordinator address.","If you're not using a coordinator, you need to:","Pass outbound UDP packets with the addresses and ports of each client sender.","Redirect inbound UDP packets to local client addresses, selecting clients according to UDP port number specified in the packet.","To configure a client's connection via a firewall (NAT) where static rules of address translation are possible:","Ensure there is a tick in the Use Firewall check box.","Select With static NAT from the Firewall type drop-down box.","If necessary, change the port number in the UDP port text box. By default, it is 55777. Changing the UDP port is necessary if several ViPNet hosts work through one firewall (or other NAT device). In this case, such hosts must have different port numbers.","To fix an external IP address for accessing this client through the firewall, click the Fix the external IP address for access through the Firewall check box and select the IP address from the drop-down list.","If an IP address is not specified, the IP address is registered by the external parameters of the IP packet. If an IP address is specified, external network nodes will send packets for this client to the specified address, regardless of the address substituted in the external parameters of the packet.","We recommend you select this option only if the firewall has several external addresses and you need to route incoming packets through a specific address, regardless of the firewall address from which a packet left.","Click the Apply to save your settings.","To configure a coordinator's connection via a firewall (NAT) where static rules of address translation are possible:","Ensure there is a tick in the Use Firewall check box.","Select With static NAT from the Firewall type drop-down box.","If necessary, change the port number in the UDP access port text box. By default, it is 55777.","Select the network adapter located on the same side as the firewall or NAT device from the Network interface connected to Firewall drop-down list box.","To fix an external IP address for accessing this client through the firewall, click the Fix external IP address for access through Firewall check box and select the IP address from the drop-down list.","Click the Apply to save your settings.","Connections via Firewall with Static NAT",

"314.htm");

Page[79]=new Array("In some cases, a connection type must be selected that flouts the recommendations in the previous topics.","If a client is accessible by public address and you select the With static NAT firewall type for this client, all the other ViPNet nodes (including the IP addresses server for this client) will see this client as a firewall (ie. the address of this client for external nodes will be turned into an address of a non-existent firewall). In this case, the connection is handled by the UDP protocol, including connections with the IP/241 protocol. Additionally, this network node becomes accessible through a special, so-called 'virtual' IP address. This can be very helpful when segmenting a network or making access rules based on IP addresses.","When a network node is in the same network segment as a coordinator, which is on the border of this segment, it's advisable to set this node so it works through this ViPNet coordinator (select ViPNet coordinator as the firewall type). At the same time, network nodes will work if you select another firewall type. For example, selecting the With static NAT or With dynamic NAT firewall types leads to the routing of encrypted traffic through another coordinator. (Note: You should set the IP address of this coordinator as a gateway in the network properties of the Windows operating system on your client's computer). This allows skilled administrators to create different routing rules.","If remote users (eg, home users), working through different NAT devices where it's impossible to set static rules of address translation, select the With dynamic NAT firewall type and enable the Direct all traffic with external hosts through IP addresses server feature, they will get more stable connections with resources in the ViPNet network. However, due to increased traffic on the IP addresses server, the speed of data exchange can slow down.","Special Cases",

"316.htm");

Page[80]=new Array("Each ViPNet network node automatically creates one or more (depending on the number of network adapters) virtual IP addresses for every ViPNet network node connected to it. These virtual addresses don't depend on real addresses and are defined by unique identifiers of the network nodes.","Each network node has its own list of virtual IP addresses. All network-capable applications may use these addresses when connecting to the corresponding systems. The ViPNet driver replaces the addresses when sending or receiving IP packets (including protocols for services like DNS, WINS and NetBIOS).","A network node uses virtual IP addresses to arrange network interaction with network nodes that work through NAT devices (including coordinator) and use private IP addresses. A network node will automatically use the real IP address if the network node switches places and receives a public IP address (this often happens with mobile users).","This technology is irreplaceable when connecting network nodes (with IP address conflicts) from different sub-nets. This situation is becoming increasingly common because more and more devices (wireless, xDSL and other) are forcing local systems to use standard, private addresses like 192.168.*.*. Virtual addresses allow you to solve this problem.","Another case for using virtual IP addresses can occur if you try to create access rules based on virtual IP addresses. It is common knowledge, however, that this is a possible security threat because IP addresses can be faked if this address is used for identification. However it's impossible to do this in the ViPNet network. When receiving IP packets from the network, the ViPNet driver passes this packet to the application after replacing the original packet address with the corresponding virtual IP address. However, this will only happen if the packet can be decrypted using the private keys of the sender. This provides security against address fraud as well as identifying the user.","The starting address for the virtual IP address generator can be changed in the Settings - Advanced Settings window. The pre-defined starting address is 11.0.0.1 (Subnetmask: 255.0.0.0).","The first four bytes of a tunnelled address is always incremented by one (this results in the default starting address being: 12.0.0.1).","Virtual IP Addresses",

"317.htm");

Page[81]=new Array("If there is no need for traffic encryption within the local network or it's impossible to install ViPNet on any network devices, you can configure a coordinator to only tunnel (encrypt) the traffic between local area networks. You can connect up to five networks with each other (this number and the number of clients depends on the number of coordinators/clients you are allowed to setup by your license - the biggest ViPNet OFFICE package, ViPNet OFFICE Corporate, consists of five coordinators).","Before configuring the tunnelling itself (assuming tunnelling was not already configured in ViPNet Manager), you will need to set the connection type.","What's more, firewalls integrated with the coordinator must be adjusted because, by default, the coordinator blocks all packets coming from tunneled addresses. For each adapter of the coordinator, you should select the necessary security level and, if necessary, set filters for tunneled addresses on that network adapter.","To set tunnels, the following steps should be completed:","Network settings for tunnelled nodes. For tunnelled nodes, a local IP address of the coordinator network adapter, which is in the subnet of tunnelled addresses, must be assigned as a gateway.","Settings on coordinators","Note: If IP addresses were set for tunneled connections for all coordinators in ViPNet Manager, you don't need to do this procedure.","Settings on client","Note: If IP addresses were set for tunneled connections for all coordinators in ViPNet Manager, you don't need to do this procedure.","Coordinator as Tunneling Server",

"318.htm");

Page[82]=new Array("To configure a coordinator to tunnel (encrypt) the traffic between local area networks:","Click the Tunneling button in the Settings window.","The Tunnelling IP addresses ranges dialog box appears:","Click the Add button. The IP address dialog box appears:","Type the IP address range or single IP addresses which will be tunnelled by the coordinator.","Click OK.","Repeat this process to add as many IP addresses as your license allows.","Note: The number of IP addresses can exceed the number of possible simultaneous tunnels defined by your license, however, only the number of clients defined in the license will be tunnelled; the rest will be blocked. ","Click the Apply to save your settings."," To specify the tunneled addresses for other coordinators in the Private Network you want to use for tunneling:","Either:","Double-click the coordinator in the Private Network, or","Right-click the coordinator name and select Access Rules &gt; Open from the pop-up menu.","The Access rule window will appear.","Click the Tunnel tab.","Tick the Use IP addresses for tunneling check box.","Click the Add button. The IP address dialog box appears:","Type the IP addresses for tunneling by this coordinator and click OK.","To avoid IP address conflicts, click the Use virtual IP addresses check box.","Repeat this procedure for all coordinators from the Private Network you want to use for tunneling.","Settings on Coordinators",

"1176.htm");

Page[83]=new Array("To configure a client that needs tunneled connections with other nodes:","From the ViPNet Client [Monitor] interface, double-click the name of coordinator that will provide tunneled connection with unprotected node. ","The Access Rules window will appear.","Click the Tunnel tab.","Tick the Use IP addresses for tunneling check box.","Click the Add button. The IP address dialog box appears:","Type the IP addresses that have to be tunneled.","Click OK. The real IP address and a corresponding virtual address appear in the Access rule window.","To avoid IP address conflicts, click the Use virtual IP addresses check box. Listed virtual IP addresses automatically appear in bold.","If a client is sometimes used in remote mode and needs to make a connection with tunneled workstations in its own (original) network, these local addresses must be added in the list of tunneled addresses. In this situation, you should leave the Do not use the coordinator for tunneling local IP addresses check box ticked. Otherwise, a connection between the client and tunneled nodes will be impossible, if they are both in the local network at the same time.","We also recommend you tick the Do not use the coordinator for tunneling the following IP addresses check box, if the encryption of information is not required for separate IP addresses and you can set these addresses.","After you have finished all settings, click Apply and OK.","The settings described in this topic must be made on the client for each coordinator of each local network with which the client wants to have tunneled connections.","If necessary, you can specify the DNS names for tunneled computers. To specify DNS names, use the Access Rule window (IP addresses tab) for the coordinator. The first place in the list must belong to the DNS name registered on DNS server for the IP addresses of the coordinator.","To learn about the basic schemes of using ViPNet OFFICE software, refer to the document Schemes of Using ViPNet.","Settings on Client",

"1177.htm");

Page[84]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","The integrated firewall of ViPNet Coordinator can be easily switched between five pre-defined global security levels.","If the coordinator is acting as a gateway-firewall and/or router, and has more than one network adapter installed, the security level can be defined for each network adapter.","To change the current security level:","Click the Security Levels configuration link.","Select Service &gt; Network Adapters &gt; &lt;name of adapter&gt; from the menu bar. The name and IP address of the selected adapter display in the title bar of the ViPNet Coordinator [Monitor] window.","Either:","Click the radio button beside the desired level, or","Right-click @ in the system tray and select the level from the pop-up menu.","Security level options are:","1. Encryption is active. All open traffic is blocked. This is the safest mode. All traffic is encrypted and ViPNet users can only communicate with other ViPNet users (as listed in the Private Network section). Any non-encrypted inbound or outbound traffic, regardless of filters in the Public Network section or the security level of a different network adapter, will be blocked. In addition, you can apply traffic filtering rules for selected ViPNet nodes (see Actions &gt; Access Rules from the menu bar).","2. Encryption is active. Registered traffic is allowed. Any open traffic has to be defined before it is able to pass. This mode allows encrypted connections to other ViPNet nodes (as listed in the Private Network section). Non-encrypted traffic is allowed however if it is defined by a filter in the Public Network section. In addition, you can apply traffic filtering rules for selected ViPNet nodes (see Actions &gt; Access Rules from the menu bar). ","3. Encryption is active. Boomerang mode for open traffic. This is the default mode. Internet usage is allowed, however the VPN's integrity is kept upright. This means connections from other sources may only be established if the initial connection request came from the VPN Client. This mode allows you to establish connections to any open LAN or Internet resource (on your initiative). At the same time, connection requests from other addresses or over another port are blocked. VPN connections are provided the same way as the previous levels.","The advanced boomerang mode analyzes incoming information according to several parameters (including IP address, protocol and port).","The standard boomerang mode analyzes incoming traffic by IP address and protocol only.","Filters set up in the Public Network section are applied in boomerang mode by the following principle: If you add a rule for a specific IP address in the Public Network section, the boomerang mode will not be applied to this address.","4. Encryption is active. All open traffic is allowed. The firewall is deactivated, however the connection log is still functioning. This mode is suitable for testing purposes rather than a working environment.","5. Encryption is turned off. All open traffic is allowed. The firewall and ViPNet driver are deactivated and no encryption takes place. No connection log is kept. Note: In this mode a network adapter becomes totally unprotected from possible network attacks.","Note: A connection log file is kept for each security level (except level 5) containing information on blocked and passed IP packets.","To block all packets, except for IP, ARP and RARP, tick the Enable IP, ARP and RARP only check box.","ViPNet is intended to analyze IP packets and will pass packets of other protocols (like IPX/SPX, NetBEUI usw) by default. ARP and RARP packets are always passed since they are needed for the successful functioning of the IP protocol.","To define the security settings that will automatically be used next time ViPNet Coordinator [Monitor] starts up:","Select a security level from the drop-down selection box in the On startup area of the window.","To block all packets, except for IP, ARP and RARP, tick the Enable IP, ARP and RARP only check box.","To force the user to enter their ViPNet password after the program has started, tick the Lock Desktop check box.","Set Security Level",

"300.htm");

Page[85]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","You need filters to block or pass IP packets depending on the protocol, protocol parameters and the IP address.","In the tree structure, filters are shown separately for the private and public networks. This structure allows you to create a filter for a single IP address as well as define a range of addresses (first layer). Afterwards, filters according to protocols, direction and port numbers can be defined (second layer).","Filters for open traffic (in the Public Network section) are created for each network adapter separately.","When setting up access policies, a security level has to be defined for each network adapter. Afterwards, you can specify filters to gain more control over the security level.","There are four pre-defined filters for the private and public networks. These filters can be modified but cannot be deleted: ","&lt;All IP packets&gt;","&lt;Broadcast IP packets for all protected hosts&gt;","&lt;All unregistered IP addresses&gt;, and","&lt;Non-encrypted broadcast IP packets&gt;.","Filtering Overview",

"301.htm");

Page[86]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","Filters are shown inside a tree structure. Ticked filters pass IP packets. Cleared filters block IP packets.","Second-level filters (protocol filters) belonging to the same first-level filter have the same filtering rule action (either passing or blocking). This action is always opposite to the action of the first-level filter.","If a first-level filter is ticked, all added protocol filters will have blocking action:","If a first-level filter is unticked, all added protocol filters will have passing action:","You can easily switch filtering modes by clicking the check box for the first-level filter. When the following message appears, click Yes.","If a first-level filter is ticked, and it has no second-level protocol filters, it passes all traffic without limitations. It it is unticked, all traffic is blocked.","To disable a second-level filter, click @. The icon turns to @.","Filters Structure",

"304.htm");

Page[87]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","1. Broadcast Filter","&lt;Broadcast IP packets for all protected hosts&gt; in the Private Network defines the filtering rules for all encrypted broadcast packets. ","&lt;Non-encrypted broadcast IP packets&gt; in the Public Network defines the rules for all non-encrypted broadcast packets.","Broadcast filters pass:","nbname (port 137) and nbsession (port 138) broadcast IP packets, which organize the NetBIOS service (defining network names).","bootp (67 and 68 ports) broadcast IP packets, which allow the DHCP service to receive the IP address of a computer when it's loading.","iplirdatagram (port 2046) broadcast IP packets, which assist ViPNet network functioning (broadcast IP packets for all protected hosts filter in the Private Network window only).","Note: The operation of broadcast filters isn't influenced by the settings of other filters.","2. Main Filter","&lt;All IP packets&gt; in the Private Network defines the general filtering rule for all ViPNet users.","&lt;All unregistered IP addresses&gt; in the Public Network defines the general filtering rule for all non-encrypted IP packets (those related to unregistered IP addresses). By default, the &lt;All unregistered IP addresses&gt; filter blocks all unregistered IP packets, except the following:","incoming UDP packets with ports 138 (own and other) from all unregistered IP addresses. This means, if a computer with ViPNet software works as a master browser, other computers in the local network without ViPNet software won't lose access to shared folders in the local network. If security level 3 is set, this filter provides this service.","incoming and outgoing ICMP packets with type 3 and code 4 for all unregistered IP addresses. This filter is necessary for the correct operation of computers with network hardware equipment (eg, some DSL modems, Wireless devices), on which the MTU (Maximum Transmission Unit) value can be set less than standard one for Ethernet.","3. Individual Filter","This filter is used for a specific ViPNet user from the Private Network. You can create filters for each ViPNet node by right-clicking the node and selecting Access Rules &gt; Add protocol filter from the pop-up menu. Individual filters are displayed under the user's name in the Private Network list.","This filter is also used for a specific address or address range in the Public Network.","4. Network Adapter Filter (Interface Filter used for Coordinator Only)","For the Public Network, this filter defines a general filtering rule for all open IP packets (outgoing and incoming) passing through this network interface. The filter name contains the IP address and name of the corresponding network adapter.","5. Protocol Filter","This filter defines a filtering rule for IP packets based on their IP address, protocol and selected protocol parameters (eg. port numbers, transmission direction). The Protocol filter can be created as a second-level filter for one of the above filter types.","6. Microsoft SQL Filter","This filter can be used when ViPNet Coordinator is installed on a Microsoft SQL Server to limit ViPNet user access to the SQL Server, or to prevent undesirable incoming information. The filter uses the TDS protocol (a special data transfer protocol for MS SQL data transmission). Microsoft SQL filter is a second-level filter for a first-level individual filter in the Private Network.","Note: Filter types 1, 2, 3 and 4 are first-level filters. Filter types 5 and 6 are second-level filters.","Filter Types",

"303.htm");

Page[88]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","You can create the following filters:","First- and second-level filters in the Public Network.","Second-level filters (protocol filters) for:","individual filters of ViPNet nodes","the main filter &lt;All IP packets&gt;","broadcast filters in the Private Network","the main filter &lt;All unregistered IP addresses&gt;","broadcast filters in the Public Network.","To create a first-level filter in the Public Network:","Right-click the Public Network folder and select Access Rules &gt; Add a new rule from the pop-up menu.","The Access rule dialog box appears:","Type a name for the rule in the Alias text field.","If you know the IP address:","Click the Add button. The IP address dialog box appears:","Type the IP address (or IP address range) and click OK.","If you don't know the IP address:","Type a URL (eg, website name, FTP) or the computer's network name in the Computer name text box.","Click OK.","The Find computer dialog box appears. It will search for the computer name or URL you have defined. If it finds a match, the correct IP address will appear in the IP addresses area of the Access rule dialog box.","Click either the Allow or Block radio buttons to allow or block that IP address.","To add a protocol filter, click the Add a Protocol Filter button and follow the instructions for creating a second-level filter.","Click OK to save your settings.","Create First-Level Filter",

"305.htm");

Page[89]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","To create a second-level (protocol) filter:","Right-click the first-level filter you want the protocol filter to belong to and select Access Rules &gt; Add a protocol filter from the pop-up menu.","The Protocol filter dialog box appears:","Select the required protocol from the Select protocol drop-down list box and specify the parameters you need.","Click OK to save your settings.","Create Second-Level (Protocol) Filter",

"1148.htm");

Page[90]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","The Public Network includes a list of IP addresses for external nodes for which traffic is blocked by the protection system. By expanding the tree structure, you can see the protocol parameters for each blocked IP address. Some IP addresses from the list can belong to external nodes you trust and would include in the allowed list of the Public Network.","To add an IP address for a blocked external node to the Public Network:","Right-click any part of the record belonging to the external node and select Access Rules &gt; Add a new rule from the pop-up menu.","The following dialog box appears:","To add a:","filter to the Public Network containing the corresponding protocol filter, select Allow this protocol from this IP address ONLY.","protocol filter to the main filter &lt;All unregistered IP addresses&gt; in the Public Network, select Allow this protocol from ANY IP address.","passing first-level filter to the Public Network, select Allow ALL protocols from this IP address.","blocking first-level filter to the Public Network, select Block ALL protocols from this IP address.","The newly created filter is named after the IP address it was created for. ","To adjust (extend) the name of the new filter, either:","Right-click the new filter and select Resolve Name from the pop-up menu. The Find computer dialog box appears. It will search for the resolved system name.","Double-click the new filter in the Publish Network and when the Access rule dialog box appears, manually type your additional naming text in the Alias text box. Click OK to save your settings.","By default, notification messages about blocked IP packets are disabled. To enable notification messages:","Click the Notification configuration link.","Tick the Display a notification message for check box.","Select your notification behavior.","Create Filter for External Node",

"1147.htm");

Page[91]=new Array("This chapter describes how to use DNS and WINS in the ViPNet network. It describes:","the different considerations when using DNS in ViPNet.","the main rules of specifying DNS names for ViPNet nodes in ViPNet.","the registration rules for ViPNet nodes on the DNS server.","ViPNet's support for the WINS service.","DNS and WINS Services",

"306.htm");

Page[92]=new Array("ViPNet technology supports use of the DNS service to retrieve the IP addresses of different applied servers. ","To make the DNS service work in the ViPNet network, the DNS names, and corresponding IP addresses, of applied servers must be registered on the DNS server in accordance with certain rules.","DNS service support is provided by ViPNet technology either automatically or by manually specifying the DNS names for ViPNet nodes in the ViPNet [Monitor] program. The following list explains the different scenarios:","The applied server is installed on a protected computer. In this situation, the DNS name of this server corresponds to the real or virtual IP address of this protected computer and you don't need to make any settings for DNS names in ViPNet.","The applied server is installed on a ViPNet node working through firewall (NAT device). In this situation, the DNS name of this server corresponds to IP address of this firewall (NAT device) and you must specify the DNS name on the ViPNet node that will use the applied server by DNS name. If you define a DNS name in ViPNet Manager, you need to specify this DNS name on the node where the applied server is installed.","The DNS name and IP address of the protected applied server are registered on a public (open) DNS server. In this situation, the DNS name must be specified on those ViPNet nodes that will use the applied server by DNS name. If you define a DNS name in ViPNet Manager, you need to specify this DNS name on the node where the applied server is installed. However, if this applied server is installed on a computer that is tunneled by any coordinator, you need to define the DNS name in the settings of this coordinator.","Note: Public DNS servers may be attacked. If an attack (caused by IP address substitution) of a network resource takes place, the 'attacking' computer will try to get information from the protected computer. To avoid such attacks, it's better to specify the DNS names for all protected applied servers (even they aren't registered on public DNS servers) on ViPNet nodes using the public DNS server. If such an attack takes place, that re-addressed information will be encrypted and inaccessible to the attacking computer.","The DNS service can be used if there is no way to assign a constant IP address for a coordinator or NAT device (eg, DSL modem) through which a coordinator works. If the IP address for this coordinator is needed by other coordinators or by workstations for which this coordinator is the IP addresses server, you should register this address (for a corresponding DNS name) on the DNS server. The DNS name must be specified on the ViPNet nodes for which coordinator access is necessary. If you define DNS names in ViPNet Manager, you also need to specify them on the coordinator.","Using the DNS Service",

"307.htm");

Page[93]=new Array("Specifying DNS names for ViPNet nodes can be achieved via ViPNet Manager or the ViPNet [Monitor] program on the ViPNet node.","Specifying DNS names in ViPNet [Monitor] is done via the IP addresses tab of the Access rule dialog box. The Access rule window allows you to specify DNS names to work with several applied servers located on the node.","DNS names for computers tunneled by a coordinator are specified in the Access rule window for that coordinator, together with the DNS name of the coordinator itself. The first place in the list must belong to the DNS name registered on DNS server for the IP addresses of the coordinator.","Specifying DNS Names",

"308.htm");

Page[94]=new Array("You should follow these guidelines when registering the DNS names and corresponding IP addresses of nodes on the DNS server:","To enable the interaction between a coordinator and other ViPNet nodes it's necessary to tell the nodes the IP addresses of this coordinator. If the coordinator's addresses were specified as DNS names in ViPNet Manager, you need to register all IP addresses of access on the DNS server. If the coordinator's IP addresses were specified in ViPNet Manager, you do not need to register these addresses on the DNS server.","On public (open) DNS servers, you should only register real addresses of protected computers. If ViPNet nodes work through a firewall (NAT device of coordinator), you may also publish the IP address of this firewall.","On protected DNS servers:","For the DNS name of a ViPNet node or tunneled computer, you can register real or virtual IP addresses in accordance with their visibility from a node, ie.","If the DNS server is located on any ViPNet node, it's necessary to register the IP addresses from which a corresponding protected computer is accessible from this ViPNet node.","If the DNS server is located on a tunneled computer, it's necessary to register the IP addresses from which a corresponding protected computer is accessible from a coordinator providing tunneling of the DNS server.","For the DNS name of a ViPNet node, you can also the register the IP address of the NAT device or coordinator through which this ViPNet node works.","For an unprotected computer, you should only specify the real addresses of requested nodes and the firewall address.","Registration Rules on DNS Server",

"309.htm");

Page[95]=new Array("ViPNet technology supports protected WINS servers only. On the WINS server, as on the DNS server, real and virtual addresses are registered in accordance with their visibility from a node. ViPNet technology supports the automatic registration of necessary address types on the WINS server.","ViPNet technology doesn't currently support the registration of the firewall IP address.","Registration Rules on WINS Server",

"310.htm");

Page[96]=new Array("Before configuring ViPNet Client, the configuration of the coordinator(s) should be finished to allow the communication between clients in different networks. Not all clients set up in ViPNet Manager need to be connected to have a functioning VPN.","Warning! Before starting ViPNet Client, make sure there is no any other firewall installed on the computer. If there is, you should delete it. If you use Microsoft Windows XP, turn off the integrated Windows Firewall within the Network Connections settings (when using Service Pack 2, this option is switched on by default). Using ViPNet Client and another firewall simultaneously may lead to conflicts between the programs and problems with network access.","If you log on to a domain, terminal or similar server, the process will fail if a coordinator or client is not (yet) installed on the domain-controller. All connection attempts from non-ViPNet objects to the computer will also fail. This happens because the integrated firewall denies all unprotected (non-encrypted) connections. To ensure network functionality during ViPNet setup, integrated firewalls on installed ViPNet network nodes should be configured accordingly.","Configuration: ViPNet Client",

"319.htm");

Page[97]=new Array("To start and close ViPNet Client [Monitor], follow the same start and close procedures used for ViPNet Coordinator [Monitor].","Start &amp; Close ViPNet Client [Monitor]",

"320.htm");

Page[98]=new Array("Clients located in the same network segment as other network nodes (a connection which was allowed in ViPNet Manager and which can be accessed directly), can connect to each other without further configuration. However, before it is possible to establish connections to remote clients or network nodes from another network, you need to apply some changes in the client's settings.","All further ViPNet Client [Monitor] settings depend on the settings specified in ViPNet Manager. If all necessary settings were specified in ViPNet Manager, you don't need to do manual settings in ViPNet Client. If necessary settings were not done in ViPNet Manager, you need to do manual settings in ViPNet Client.","To learn about the basic schemes of using ViPNet OFFICE software, refer to the document Schemes of Using ViPNet.","Recommendation: When configuring clients, we recommend you to set the security level to 4.","After the connections between coordinators and clients are established and confirmed, you can start configuring the integrated firewall according to your security policy.","Configuration Overview",

"321.htm");

Page[99]=new Array("First of all, the client needs to know the IP address of its coordinator. This can be either public IP addresses of coordinator itself, or the public IP address of the firewall or NAT device providing redirection of traffic from the client to the coordinator. You can find a detailed description of the settings in the section on routing of IP traffic.","Note: If you made all necessary IP address or DNS name settings for the client's coordinator in ViPNet Manager, you don't need to do manual settings in ViPNet Client.","For more information on DNS names, refer to DNS and WINS Services.","To establish/confirm the connection between the client and its coordinator:","Select Private Network on the main window and double-click the client's coordinator from the right-hand side of the screen.","The Access rule window appears:","Click the IP addresses tab.","To specify the coordinator's IP address:","Click the Add button. The IP address window appears:","Type the IP address and click OK.","To specify the coordinator's DNS name:","Tick the Use DNS name check box.","Click the Add button. The DNS name dialog box appears:","Type the DNS name. Note: You can get DNS names for ViPNet network nodes from your organization's network administrator.","Click OK twice to save your settings.","To choose the connection type between the client and coordinator:","Select Settings on the main window.","The coordinator that was selected at your client's IP addresses server when the ViPNet network was configured via ViPNet Manager automatically appears in the IP addresses server drop-down list box. ","What's more, if the IP address of the coordinator was assigned by ViPNet Manager, by default, the Use Firewall check box will be ticked and a coordinator will be selected as the firewall type. You can find a detailed description of the settings in the section on routing of IP traffic.","To check the connection between the client and coordinator:","Select Private Network on the main window.","Click the ViPNet coordinator from the right-hand side of the screen and either:","Click @,","Right-click and select Check Connection from the pop-up menu, or","Press the F5 key. ","If all your settings are correct, you will receive a message confirming the client connection with the coordinator is successful. If you don't receive this message, check your settings.","After the connections between coordinators and clients are established and confirmed, you can start configuring the integrated firewall according to your security policy.","Establish/Confirm Connection",

"1128.htm");

Page[100]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","When your ViPNet network changes, so will the key diskettes, key sets and link files for some of your ViPNet nodes. As the ViPNet network administrator, you need to send updates to ViPNet nodes. By default, the update is done automatically from ViPNet Manager. If, however, the update from ViPNet Manager cannot be received by a particular node, you (or a user) can manually complete a keys update using a new .dst file.","Manual Key Set Updates",

"322.htm");

Page[101]=new Array("To manually update the key sets on a network node:","Run (double-click) the new .dst file. The following information box appears:","Click Continue. ","If ViPNet software is running, you will be prompted to close it down:","Close the ViPNet software and click Retry to continue the installation.","The ViPNet Key Setup dialog box appears:","Make sure the file path to the .dst file is correct in the Browse field.","Click Continue.","If there are no errors, a message appears confirming the successful installation of the keys. If there are errors, see your ViPNet administrator.","After the keys are installed, start your ViPNet software.","Update Key Sets using .dst File",

"323.htm");

Page[102]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","When updating key sets, the program always makes a copy (backup) of the previous key set. ","The backup is stored in the ccc\\backup subfolder of the ViPNet software installation folder. The backup folder itself is named using the format: &lt;year&gt;,&lt;date&gt;,&lt;time (HH.MM.SS)&gt;.","The backup folder contains the following:","a folder with the key diskette (eg, abn_0005\\key_disk\\) of the user for whom the update has been done,","a folder named 'station' containing a set of files related to the ViPNet node.","To return to a previous key set:","Open the necessary backup folder (ie. the folder with the corresponding date, time and year).","Copy the 'station' folder and paste it into the main installation folder for that ViPNet software (either ViPNet [Client] or ViPNet [Coordinator]. Click Yes to all questions about overwriting files.","Copy the 'key_disk' folder and paste it into the main installation folder for that ViPNet software (either ViPNet [Client] or ViPNet [Coordinator]. Click Yes to all questions about overwriting files.","Return to Previous Key Set",

"324.htm");

Page[103]=new Array("ViPNet encryption technology uses a combination of crypto algorithms with symmetric and asymmetric keys. Symmetric algorithms are used to encrypt and control the information integrity. Asymmetric algorithms are used for the key exchange and digital signature. The reason for such an implementation is to ensure that data encryption is accomplished by using the symmetric keys from ViPNet Manager and asymmetric keys, which are created on ViPNet Client itself. This results in the administrator not being able to access any data even though he/she may know the symmetric keys.","ViPNet software employs the following symmetric algorithms: AES (256 bit), GOST (256 bit), 3DES (168 bit) and DES (56 bit). The standard algorithm is AES; the other algorithms may be chosen freely by the user. 512 bit long public and private keys are used by the asymmetric key exchange algorithms.","The secret asymmetric key is generated independently by the client and kept secret from all other users. In addition, a public key is created and published for the private key. It is common practice to store all public keys in a combined list and to send that list out to all participants. ViPNet employs additional security for these lists by encrypting them with the symmetric keys, and by only sending them out to network nodes to which a connection is allowed. This dramatically improves security and reduces the risk of the list being exchanged with another (in comparison to PKI systems).","Two different asymmetric keys are used by ViPNet: an asymmetric key for the digital signature and an asymmetric key for the encryption itself. When the private key is combined with the foreign public key, a new key is generated. This key is only known to the 'sender' and 'recipient' and it is used to encrypt the traffic between the two nodes. ","ViPNet does not send out directories of the public keys of the digital signature. ","When creating the ViPNet structure, ViPNet Manager creates a distributable key file (.dst) for each network node. These files are needed for the initial startup of the ViPNet software on the network node. They include private symmetric keys, a connection directory and the registration file 'infotecs.re'.","The distribution of keys between nodes is completely automated.","The ViPNet Key System",

"373.htm");

Page[104]=new Array("Working with asymmetric encryption keys is only available to ViPNet clients.","On each ViPNet client node, you can use the Public Key Infrastructure (PKI) System to distribute public keys. When asymmetric encryption is used, a pair of asymmetric encryption keys (public and secret) is created at specified time periods. A new public key, signed by a ViPNet user, is then sent to those ViPNet nodes for which the PKI System is activated. ","In the case of private and public keys for nodes that have valid certificates, an additional symmetric exchange key is created. This key is used until a new pair of asymmetric keys is created by either side and a new public key is delivered to other ViPNet nodes.","Changing the key doesn't break current sessions, because it only occurs if both sides are sure the keys exist.","Updating asymmetric keys between nodes is done automatically without the participation of users and ViPNet Manager.","To work with another user using asymmetric keys:","Select Service &gt; Security Service Settings from the main menu of ViPNet Client [Monitor].","The Security Service Settings window appears. ","Click the Security Configuration button. The Security configuration dialog box appears:","Tick the Use asymmetric encryption keys check box.","In the Asymmetric keys automatic update period (0-365 days) field, specify how often you want to update the keys. ","To save your settings, click the OK button.","Select Private Network on the main window of ViPNet Client [Monitor] and double-click the user you want to work with using asymmetric keys from the right-hand side of the screen.","The Access Rules dialog box appears:","From the Common tab, tick the Use Public Key Infrastructure check box and press OK. ","An asymmetric key will be created for that workstation and the public part of the asymmetric key will be sent to that workstation. After receiving the public part (if using asymmetric key is allowed), another asymmetric key will be created on that workstation and its public part will be sent to your workstation. Future work between the two workstations will be carried out with using asymmetric keys.","Using Asymmetric Encryption Keys",

"359.htm");

Page[105]=new Array("As the administrator, you can enter the Monitor program on any node with the authority of an administrator. This authority gives you the ability to change the application's configuration. You will be able to:","Alter different user settings","View the registration log on the user's and administrator's actions","View the connections log on any remote workstation or coordinator","View detail about the user's status","Note: Before you attempt this, you must source the administrator password for the particular network node from the ViPNet_a.txt file.","Administrative Functions",

"325.htm");

Page[106]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","To enter the Monitor program with administrative authorities:","Open the ViPNet_a.txt file in the \\NCC\\KEYS subfolder of the ViPNet Manager installation folder. Write down the password that will give you administrator access to the network node you want to configure.","If the Monitor program is:","already open, select Service &gt; Change User from the menu bar.","not open, click the Start button on your Windows taskbar and select All Programs &gt; ViPNet &gt; Client &gt; ViPNet Monitor program.","The password dialog box for the administrator appears:","Type the symbols @@@@@ followed by the administrator password for that node. For example: @@@@@conescbar","Click OK or press the Enter key. The following option box appears:","If you want to change the administrator password for this network node, click Yes. Otherwise, click No. If you click Yes, type your new password twice (once to specify and once to confirm) and click OK.","The password dialog box for the user appears:","Type the network node's user password and click OK. The following greeting will appear.","Either click OK or wait a few seconds and the dialog box will disappear.","The Monitor program will open, ready for you to make your configuration changes.","Enter Application as Administrator",

"326.htm");

Page[107]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","The Administrator window allows you to customize user settings.","To limit the user's actions, so they only view the Private Network folder in the left pane of the main Monitor window, tick the Restrict user interface check box. The Actions &gt; Access Rules menu item will also be disabled.","Note: The user will still have the ability to right-click the @ icon in the notification area of their Windows taskbar and change their security level (levels 1, 2 or 3 only available) and computer locking mode.","To prevent ViPNet [Monitor] from starting when the operating system is re-launched and to set the ViPNet driver security level to 5, tick the Do not secure IP traffic after computer restart check box. In this mode, encryption is turned off and all open traffic is allowed.","To prevent ViPNet [Monitor] from starting when the operating system is re-launched and to set the ViPNet driver security level to its default value, tick the Do not load Monitor after computer restart check box. Note: The default level is set from the On startup list box under the Security Levels header:","To prevent the user from canceling the loading of ViPNet [Monitor] during operating system start up, tick the Obligatory ViPNet login at Windows start check box. The user will not be able to use the Cancel button or Close [x] icon in the password dialog box.","To define how long ViPNet [Monitor] will wait for the user to use the keyboard or mouse before automatically locking the computer, type a time in the Specify the time of inactivity before the action text box. Note: The default value (0) disables automatic locking.","To accept the changes, click the Apply button at the bottom of the window. To cancel the changes, click Revert.","To view information about user and administrator activity, click the Event Log button. To save the event log in HTML or XLS format, right-click anywhere in the event log window.","Change User Settings",

"327.htm");

Page[108]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","The Connections Log window allows you to generate a connections log report according to a set of search criteria. That report allows you to monitor all the incoming and outgoing connections of the specific network node.","Use the following selection criteria on the Connections Log window to control what information is shown in the report:","Date/time intervals (days, hours, minutes)","Traffic direction (incoming, outgoing or both)","Encryption flag (encrypted, non-encrypted IP packets or both)","The IP address of a specific ViPNet node in the private network or all nodes","The name of a specific ViPNet node in the private network or all nodes","Local port number or range of port numbers","Remote port number or range of port numbers","Protocol","Counter (filtering according to the number of connections of the same type to/from the node. The default is from 1 to 65535.)","Event identifier (you can select an event from the list)","Number of records. You can limit the number of the latest records to be shown in the log. The default value (0) shows all records within the specified date/time interval.","Note: If you don't change any settings, the window automatically shows the log for the last day.","To re-set the filters to their default values, click the Default button. Note: The only filters that won't be reset are the single IP address, single port (local and remote) and the number of records.","Click the Find button. The Viewing Connections Log window appears:","The upper pane of the Connections Log window contains records the meet your selection criteria. The lower pane shows more detail about the selected record.","Icons in the log communicate the nature of each record:","Icon","Meaning","Allowed (passed) IP packets.","Blocked IP packets.","Open outgoing IP packets.","Open incoming IP packets.","Encrypted incoming IP packets.","Encrypted outgoing IP packets.","This log record contains an event belonging to the Other events group in the Event identifier drop-down list box.","IP packets blocked by the IDS (Intrusion Detection System). This log record contains an event belonging to the Intrusion Detection System events group in the Event identifier drop-down list box.","The window's status bar summarizes the IP packet size (in bytes) of the selected record, the number placing of that record in the list, and the total number of records in the log report. If you select several records, the combined IP packet size displays. Note: You can select all records by using the Ctrl+A keys.","To sort information by column, click the column heading.","To find the host name of the selected record:","Click @ or right-click and select Find from the pop-up menu.","Click Find now.","To search the entire log:","Click @ or right-click and select Search from the pop-up menu.","Type any information you like in the Find what field.","Click Find Next.","To export a log report, right-click anywhere in the top pane of the report and select View as HTML document or View as XLS document from the pop-up menu.","View Connections Log",

"328.htm");

Page[109]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","The Log Settings window allows you to control the size of log files and archived information.","To increase the number of entries stored in the log file, decrease the value in the Event log interval field. Note: The smaller the number, the bigger the log file. To receive information about every single packet, use the value '0'. The accuracy of the records is reduced by raising the value. The default is 60.","If necessary, change the maximum size of log files in the Log size field. The default is 1MB. Note: If a log file exceeds this value, the file is 'rotated', ie. it is saved to a folder named Archive in the Log settings folder (this folder is created at the time of the first log rotation).","If necessary, limit how much information can be archived in the Archive size field. The default is 10MB. Note: If the archive size is exceeded, the user will be asked whether you would like to raise the value of the archive size. If they say no, archived information gets replaced in chronological order (oldest first).","Log Settings",

"329.htm");

Page[110]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","The Monitor program allows you to work on the remote computer of a ViPNet user, using external programs of remote access such as Remote Administrator (Radmin), VNC or Remote Desktop Connection.","To run such a program:","Click the Private Network link on the left of the screen.","Right-click a ViPNet user from the right-hand list that displays and select External Programs &gt; &lt;external program&gt; from the pop-up menu.","The menu items are active if the selected programs are installed on your computer. What's more, the user with whom you want to work, must have a non-zero IP address and their computer must be have the corresponding server software installed, set and launched (eg. Radmin Server, VNC Server).","If all above conditions are satisfied, a connection window will appear. If a connection is established, a password window appears. If the password is successful, access is provided to the remote user's computer.","Software Installations","To download Remote Administrator, version 2.2, go to http://www.radmin.com/download/. The Remote Administrator installation set contains server and client components.","To download an improved version of client Radmin 3.0 Viewer (beta), go to http://www.radmin.com/radmin/new/rviewer.php. Radmin 3.0 Viewer is compatible with Remote Administrator, version 2.2.","To download VNC, go to http://www.realvnc.com/download.html. The VNC installation set contains server and client components.","To download Remote Desktop Connection, use the Microsoft web site. By default, Remote Desktop Connection is installed with Windows Server&nbsp;2003 and Windows&nbsp;XP.","Administer Remote Computers",

"330.htm");

Page[111]=new Array("The Statistics window allows you to view information about inbound and outbound IP packets that are passed or blocked in accordance with the filters set for open and protected networks. Statistics about other blocked IP packets are not displayed. This information can be useful for the initial configuring of ViPNet Client and ViPNet Coordinator.","View Statistics",

"331.htm");

Page[112]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","The Configurations window allows you to create one or more configuration sets for this installation of ViPNet [Monitor]. After the configurations are created, you can activate the configuration you want at the time.","When you start the program for the first time, only one configuration called 'Main Configuration' is created. This configuration, which contains default settings, is the current configuration. It's impossible to rename and delete this configuration.","To add other configurations to the program:","Right-click Configurations and select Create new configuration from the pop-up menu. ","A new folder called 'New configuration' is created. ","To re-name the folder, right-click it and select Rename from the pop-up menu.","Make the necessary settings for ViPNet [Monitor].","When you have finished, right-click the folder and select Save current configuration from the pop-up menu. The program will ask you to confirm that you want to save the configuration. Click Yes.","Repeat the above process until you have created as many configurations as you need.","To make one of the configurations the current (active) configuration, right-click the folder and select Set current configuration from the pop-up menu. The current configuration appears in the bold.","The next time the user starts up their Monitor program, they will be asked to select the required configuration:","Create Other Configurations",

"332.htm");

Page[113]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","The MFTP transport module is an important part of ViPNet Client and ViPNet Coordinator. It is responsible for sending and receiving transport packets generated by communication tools such as Business Mail and File Exchange.","MFTP Functions on ViPNet Client","The MFTP module starts with ViPNet Client [Monitor], displaying the @ icon in the system tray. The module checks whether the coordinator has any transport packets available for it, and if so, downloads the packets after a two-sided identity verification has been performed. After the downloading is complete, the module closes and restarts every 15 minutes to perform the same operation (this is a default value and may be changed). In this case, the MFTP module works in so-called client mode.","If ViPNet Client [Business Mail] is running, the MFTP module will stay working until the application closes.","If you send a file or folders using File Exchange, the MFTP module will only run while the application is executing its task.","MFTP Functions on ViPNet Coordinator","With ViPNet Coordinator, the MFTP module works in so-called server mode. The module starts with ViPNet Coordinator and is active during the whole session. When receiving transport packets, the coordinator decides how these packets should be handled according to the existing routing policy and forwards them accordingly. If the packet has several recipients, it is distributed accordingly.","Note: The MFTP module resumes a failed down/upload from the same point whenever a connection terminates during a transfer session.","MFTP Transport Module",

"333.htm");

Page[114]=new Array("The MFTP Transport module is automatically started with ViPNet Client [Monitor] and ViPNet Coordinator [Monitor]. ","To view the MFTP user interface:","Click @ on the main window of ViPNet Client or ViPNet Coordinator, or","Click @ in the system tray.","The MFTP window appears:","The four progress bars at the top of the interface communicate the current sending and receiving of transport packets.","Information about connections and disconnections are shown in the bottom window. This information is only useful when doing maintenance work and is irrelevant for the end user.","By default, the MFTP user interface displays information from the last 10 days.","To poll the activity of the coordinator, click the Poll button.","To display information about transport packets that have not yet been sent (the reason for this could be a missing connection to the coordinator or the sending out of another packet):","Click Queue from the menu bar.","The Find files in the current queue window appears:","Define your search criteria and click OK. A list of transport packets that match your search criteria displays.","To monitor the sending and receiving of transport packets, click Log from the menu bar. ","The Find files in log window appears:","Define your search criteria and click OK. A list of log files that match your search criteria displays.","To minimize the MFTP module interface back to the system tray, select Close &gt; Hide from the menu bar.","To close the program, select Close &gt; Exit from the menu bar.","Warning: Changes to the Settings menu option are only applied in special cases during maintenance. Please consult Infotecs support before changing your MFTP settings.","View Transport Packet Activity",

"334.htm");

Page[115]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","Application Control provides constant tracking of the network activity of local applications running on a network node.","Installed with ViPNet Client [Monitor] and ViPNet Coordinator [Monitor], it starts up at the same time as either application, displaying the @ icon in the system tray.","Application Control",

"335.htm");

Page[116]=new Array("Application Control is automatically started with ViPNet Client [Monitor] and ViPNet Coordinator [Monitor].","To view the Application Control interface:","Click  @ on the program's main window, or","Click @ in the system tray.","The Application Control window appears:","To disable tracking (without stopping the program), click @ in the system tray and select Disable tracking from the pop-up menu. The icon will become inactive @.","To minimize the Application Control interface back to the system tray, select File &gt; Hide from the menu bar.","To close the program, select File &gt; Exit from the menu bar.","Note: If Windows XP (SP 2 or higher) is installed on the computer and you disable tracking or stop Application Control, the Windows Security Center will warn that switching off the ViPNet firewall leaves your computer unprotected.","View Network Activity of Local Applications",

"336.htm");

Page[117]=new Array("Once Application Control starts tracking applications and an application experiences network activity, information about this network activity appears in a window. The type of window that displays depends on the application that requests your sanction to work with the network.","There are applications that are not related to services of the operating system:","And, there are applications that are related to the services of the operating system:","Note: Service applications can have one executable module, and can run services in the process.","In both windows, the Event field describes the type of network operation being executed. The Remote IP and Remote Port (if there is a port), show the IP address and port fields with which the network operation is trying to run.","Both windows also tell the user the program name, vendor, version and executable file path.","If you want to allow the operation of this application or process, click the Allow button. If you want to forbid it, click Block. If you allow this application, it will be registered in the so-called white list. If you block this application, it will be registered in so-called black list.","Every time a white list application shows network activity, Application Control authorizes this application. If the authorization is successful, the application is allowed.","How Application Control Works",

"337.htm");

Page[118]=new Array("A user can register an application in any list. ","To register an application:","Either: ","Right-click any application line item on the right side of the Registered Applications window and select Add from the pop-up menu, or","Click any application line item and press the Insert key on your keyboard.","The Add file to list window appears. ","After you have added the application, right-click it in the list and select Put on white list from the pop-up menu.","To remove an application from the list, right-click the line item and select Remove from the pop-up menu.","To view an application's properties, right-click the line item and select Properties from the pop-up menu.","Register an Application",

"338.htm");

Page[119]=new Array("ViPNet OFFICE includes the following set of additional tools to facilitate the rapid and secure transfer of data:","Encrypted Instant Messaging","File Exchange","Business Mail","Calling external programs","Web Link service","Explore Network Place service","The suite also provides the following useful functions:","Connection and status checking of other ViPNet users","Computer locking","Note: This chapter provides a basic overview of the above tools and functions. For detailed information, refer to the ViPNet Coordinator and ViPNet Client manuals.","Integrated Communication Tools",

"339.htm");

Page[120]=new Array("The Encrypted Instant Messaging service allows you to have a real-time, online conversation (or conference) between one or more VPN users.","The messaging between several ViPNet users is termed a session. All messages related to one session are written to one protocol that can be saved in a file. If a user sends a message from one session to the another user, any reply from the other user will always belong to the same session and, correspondingly, to the same protocol.","Several sessions can be running simultaneously. This means a user can be involved in more than one session. If a message comes from a user and it is not part of the current session, a new session will open and a new protocol is created.","New messages are messages that have not yet been processed by the user (ie. the user hasn't accepted, answered or deleted the message). The user can, however, read them in the New messages window.","Unread messages are messages that have not even been viewed by the user.","Encrypted Instant Messaging",

"340.htm");

Page[121]=new Array("The main interface of the ViPNet instant messaging application is the Encrypted Instant Messaging window. In this example, the user is participating in one session:","The following table explains the purpose of the three window panes:","Pane","Purpose","Send message to","A list of recipients with whom a session of messaging is established. After sending a message, the status of the message with each recipient is communicated to you using the following character symbols:","S - The message is sent, but not delivered","D - The message is delivered and a notification has appeared on the recipient's screen","R - The message has been read by the recipient","T - The message has been read and the recipient is going to answer.","Sent messages are numbered in the order of their sending. Messages are only sent to selected participants.","Session log","The session protocol appears here.","Message","Where you type the message you want to send.","By starting or participating in more than one session, the vertical Sessions pane appears:","The following table explains the purpose of the pane columns:","Column","Meaning","@ Session Status","(blank) The session is open and all messages have been are processed.","@ The session is open and there are new messages.","@ The session has been closed by the initiator but there are unread messages.","@ The session has been close by the initiator and all messages have been processed.","# ","The session number.","Participants","The names of the recipients in a list.","New","The number of new (unprocessed) messages. The field is blank if there are no new messages.","Not read","The number of unread messages. The field is blank if there are no unread messages.","If there are unread messages among the new messages, items in the list for that session appear in bold.","Encrypted Instant Messaging Window",

"342.htm");

Page[122]=new Array("To send and receive instant messages:","From the ViPNet Client [Monitor] or ViPNet Coordinator [Monitor] interface, click the Private Network link on the left of the screen and select the clients you want to chat with from the right-hand list that displays. ","If you want to:","chat with one other person, click @, or","create a conference between several users, click @.","A new session opens in the Encrypted Instant Messaging window.","Note: Alternatively, if the Encrypted Instant Messaging window is already open, select Session &gt; New &gt; Chat from the menu bar, or Session &gt; New &gt; Conference.","Type your message in the Message pane.","Click the Send button or press the F5 key.","When a message arrives from a recipient of your message, the ViPNet program notifies you by flashing the @ icon in the notification area of the taskbar. (Note: you can change the way the notification appears.)","To read new messages:","Click the @ icon in the taskbar, or ","Click the @ button on the Encrypted Instant Messaging window toolbar.","The New messages window appears.","Note: If a message arrives that is part of the current session, the New messages window will open automatically. You can deactivate this behaviour by removing the tick from the Show this window always on top check box.","A number that identifies the session appears on the window title bar. The session number, the names of the session participants, and the number of new messages associated with the session display in the status bar of the window.","Messages are displayed in chronological order, with the most recent at the bottom. Unread messages appear in bold.","To read a message, select it from the list. The content of the message displays in the Message panel. ","Note: Once the message is viewed by you for more than three seconds, an acknowledgment is sent to the other session participants (the R attribute displays in their Encrypted Instant Messaging window).","To read a message and save it to your protocol log, select the message and click the Accept button.","To simultaneously save all the session's messages to your protocol log, click the Accept All button.","To write a reply to a message, select it from the list and click the Answer or Answer with quotation buttons.","To delete a message, select it from the list and click the Remove button.","To close the New messages window, click Close.","To close a session:","Select the session from the Sessions pane.","Either:","Select Session &gt; Close from the menu bar, or ","Press the F8 key, or","Click @ from the toolbar. ","By default, the program will ask you if you want to save the session protocol before closing.","Once closed, the session disappears from the Sessions pane.","To close the Encrypted Instant Messaging program:","Select Session &gt; Exit from the menu bar, or","Click @. All open sessions and windows will close.","By default, the program will ask you if you want to save the session protocol before closing.","Send &amp; Receive Instant Messages",

"341.htm");

Page[123]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","To send and receive files to and from other VPN network nodes:","Select Private Network on the main window of ViPNet Client [Monitor] and click the user you would like to send a file to from the right-hand side of the screen.","Either:","Click @ on the toolbar, or","Select Actions &gt; Send File from the menu bar.","The File Exchange window appears:","If the file you want to send isn't in the file list, click @ and select the file from your directory.","To send the file, select it from the file list and click @.","To view the files you have received, click @. A directory containing folders named after all the ViPNet users who have sent you files displays. (The file path should be something like C:\\Program Files\\Infotecs\\ViPNet [Client]\\TaskDir\\Receive).","File Exchange",

"345.htm");

Page[124]=new Array("Business Mail is a feature of ViPNet Client, allowing the user to encrypt and sign (by digital signature) email messages and their attachments and then send them to other participants of the ViPNet network. The look and feel is similar to that of other email clients like Microsoft Outlook.","To run Business Mail:","Click @ on the main window of ViPNet Client [Monitor]. The ViPNet Client [Business Mail] window appears:","To open a new email, double-click it in your inbox.","To create a new mail, click @.","Click @ and select your recipient(s) from the address book that displays.","Type a subject heading in the Subject text box.","Type your email text.","Click @ to send the email.","Business Mail",

"346.htm");

Page[125]=new Array("By default, the Business Mail toolbar displays the following buttons:","Button","Action","Creates a new email","Sends and receives all emails (calls MFTP transport)","Prints the selected email","Deletes a folder or email","Encrypts email and attachments","Decrypts email and attachments","Replies to the sender of the original email","Replies to all recipients of the original email","Forwards an email to another person","Signs an email by current certificate or selected certificate","Checks signature","Removes all signatures from the selected email","Finds an email","You can customize the toolbar to display these additional buttons:","Button","Action","Changes the current user","Displays the Help system","Displays the address book","Runs external program","Displays program settings","Displays security settings","By viewing the Attribute code of an email in your inbox or outbox, you can determine the status of that email:","Attribute code","Status","E","The email is encrypted","S","The email is signed","P","The email is packed into an envelope and ready to send","W","The email is sent by not delivered","D","The email is delivered","R","The email is read","F","Either the email signature or the signature of one of the attachments is invalid","Additional Information","Sending files and folders to protected external applications like File Exchange and Business Mail is supported by the Windows Explorer context menu environment.","Business Mail Toolbar",

"347.htm");

Page[126]=new Array("ViPNet Client [Monitor] and ViPNet Coordinator support the following external programs:","Microsoft NetMeeting","VoxPhone","InternetPhone","Compaq Insight Manager","Microsoft Portrait","VNC Viewer","Remote Desktop Connection","Radmin Viewer","For more information about Radmin View, VNC Viewer and Remote Desktop Connection, see Remote Control for ViPNet Users.","These programs allow ViPNet users to hold telephone conversations and conduct other activities via the Internet. The benefit of running them over your ViPNet network is that it ensures your traffic is highly encrypted.","To communicate with another ViPNet user using an external program:","From the ViPNet Client [Monitor] or ViPNet Coordinator [Monitor] interface, click the Private Network link on the left of the screen.","Right-click a ViPNet user from the right-hand list that displays and select External Programs &gt; &lt;external program&gt; from the pop-up menu.","The external program will automatically run in protected mode on your computer and the other user will be prompted to start the same program.","External Programs",

"348.htm");

Page[127]=new Array("If any web server or web application is installed on the same computer as ViPNet Client or ViPNet Coordinator, the Web Link service allows other ViPNet users to make a protected (encrypted) connection with this computer.","To initialize this encrypted connection:","From the ViPNet Client [Monitor] or ViPNet Coordinator [Monitor] interface, click the Private Network link on the left of the screen.","From the right-hand list that displays, either:","Click a VPN network node with active web services and click @, or","Right-click the VPN network node and select Web Link from the pop-up menu.","As long as no other filters are defined, such a web server is accessible by other ViPNet users. You will be able to deploy a secure Internet portal, which other applications can easily be integrated into like CRM, CMS or database applications.","Web Link",

"349.htm");

Page[128]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","The Explore Network Place service allow you to explore the accessible network resources on computers in the private (with installed ViPNet software) or public (without ViPNet software) networks. For ViPNet users in the private network, a connection is carried out in protected mode.","To display the network resources on a computer on either the private or public network:","From the ViPNet Client [Monitor] or ViPNet Coordinator [Monitor] interface, click either a ViPNet user from the Private Network or a registered IP address from the Public Network.","Either:","Click @ from the application toolbar, or","Right-click the selected computer and select Explore Network Place from the pop-up menu.","Windows Explorer will display the available network resources of this computer.","Explore Network Place",

"350.htm");

Page[129]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","ViPNet Client [Monitor] and ViPNet Coordinator [Monitor] allow you to view the current status of each ViPNet user in the private network. To use this functionality, the ViPNet software on the network node you want to know about must be version 2.8.9 or higher.","To check the connection and status of a ViPNet user:","From the ViPNet Client [Monitor] or ViPNet Coordinator [Monitor] interface, click the Private Network link on the left of the screen.","Right-click a ViPNet user from the right-hand list that displays and select Check Connection from the pop-up menu.","Note: You can simultaneously check the connection of ViPNet users from one folder by right-clicking the folder and selecting Check Connection from the pop-up menu. To check the connection for all ViPNet users, right-click the Private Network folder.","A window like the following appears. It displays for 20 seconds before closing.","A ViPNet user can have one of three statuses:","Active - the user is accessible (the connection is successful) and active (ie. they worked with the computer's keyboard or mouse within the last 15 minutes)","Enable - the user is accessible but not active (ie. they did not work with the computer's keyboard or mouse within last 15 minutes)","Not accessible - there is no connection. The ViPNet user probably switched off their computer or closed their ViPNet [Monitor].","If a connection fails, a message will only appear if you have removed the tick from the Don't warn if host is inaccessible check box in the Settings &gt; Advanced settings window.","If you open your ViPNet program with Administrator authorities, the window displays slightly more information about the connected user:","Check User Connection &amp; Status",

"351.htm");

Page[130]=new Array("@ This topic applies to both ViPNet Coordinator and ViPNet Client.","A ViPNet [Monitor] user can forbid access to all desktop applications and block all IP traffic or do both actions simultaneously.","To lock your computer:","Click @ on the main window of ViPNet Client or ViPNet Coordinator.","By default, the program uses the blocking mode last used. If this is the first time you've used computer locking, the program will block all desktop applications and traffic.","If you want to select another blocking mode, click arrow beside @ and select one of the three options:","Lock computer and IP traffic. When this mode is selected, the program is closed, all incoming and outgoing traffic is blocked, and a password input window with the message 'The IP traffic is blocked' is shown. To continue your work, you need to re-enter your user password and click OK.","Lock desktop. When this mode is selected, no-one else can access your desktop. However, the program won't be closed and IP traffic won't be blocked. To continue your work, you need to re-enter your user password and click OK.","Lock IP traffic. When this mode is selected, all incoming and outgoing traffic is blocked. In addition, the program is closed, and a password input window with the message 'The IP traffic is blocked' is shown. To continue your work, you need to re-enter your user password and click OK.","The current mode is shown in bold in the selection list.","Settings that Affect Computer Locking Behavior","If you don't use the keyboard or mouse in the length of time specified in the program's configuration (see Specify the time of inactivity before the action option in the Administrator window), the current blocking mode is carried out automatically.","If the Show IP traffic and computer blocking button on screen check box is selected in the Advanced settings window a large button will appear on the bottom right-hand corner of your screen. If you click this button, the current blocking mode is carried out automatically.","If you enable (tick) the Lock Desktop check box in the Security Levels window, the desktop will be locked as soon as the ViPNet [Monitor] program starts up.","Computer Locking",

"352.htm");

Page[131]=new Array("This section provides an overview of the functions and settings of ViPNet CryptoExtension for Outlook. For more information, refer to the program-specific user guide delivered with ViPNet OFFICE.","ViPNet CryptoExtension for Outlook",

"353.htm");

Page[132]=new Array("ViPNet CryptoExtension allows users of the VipNet network to exchange protected (encrypted) email messages. Users must be working on computers that run Microsoft Outlook and/or Outlook Express as well as ViPNet Client [Monitor] or ViPNet Client [Business Mail].","ViPNet Client provides digital signature features (signing, signature checking etc.) and the automatic protected upgrade of keys, link files and certificates.","ViPNet CryptoExtension:","Signs outgoing emails (text and attachments)","Encrypts outgoing emails (text and attachments)","Verifies the signature of incoming emails and allows the user to view the result","Decrypts incoming messages","Removes signatures (Microsoft Outlook only)","Note: Encrypting sent emails is only possible to users included in the list of aliases created via ViPNet Manager.","To install ViPNet CryptoExtension, run the application executable (setup.exe) from the delivery set and follow the instructions of the installation program.","Overview",

"354.htm");

Page[133]=new Array("After installing ViPNet CryptoExtension, the ViPNet CryptoExtension toolbar automatically appears in Microsoft Outlook's main window:","For Outlook Express, a single CryptoExtension button automatically appears:","The following buttons appear in the message windows of the email program:","Microsoft Outlook","Button","Function","Signs outgoing email text and attachments","Encrypts outgoing email text and attachments","Outlook Express","Button","Function","Signs outgoing email text and attachments","Encrypts outgoing email text and attachments","Verifies the signature of incoming email","Toolbar Buttons",

"355.htm");

Page[134]=new Array("ViPNet CryptoExtension functions may display differently, depending on the email program used.","Microsoft Outlook","Function","Main window","Messages window","Sign signature","No","Yes (Outbox)","Verify signature","Yes","No","Remove signature","Yes","No","Encrypt message","Yes","Yes (Outbox)","Decrypt message","Yes","No","Outlook Express","Function","Main window","Messages window","Sign signature","No","Yes (Outbox)","Verify signature","No","Yes (Inbox)","Remove signature","No","No","Encrypt message","No","Yes (Outbox)","Decrypt message","No","Yes (automatically when opening email)","Functions",

"356.htm");

Page[135]=new Array("To view / customize ViPNet CryptoExtension settings:","Click either:","@ (Microsoft Outlook), or","@ (Outlook Express).","If this is the first time you have opened Microsoft Outlook or Outlook Express after installing ViPNet CryptoExtension, you will be asked to enter a password. After the password is successfully checked, the ViPNet CryptoExtension Options window appears.","Customize Settings",

"357.htm");

Page[136]=new Array("The Common tab contains the following information:","The ViPNet network user name","The email addresses of those users who can receive encrypted messages. The exchange of encrypted messages can only be between ViPNet users. This list of email addresses (also known as the aliases list) is created via ViPNet Manager.","The Security tab for Microsoft Outlook allows you to set the following parameters:","Outgoing mail","To automatically encrypt outgoing emails, tick the Encrypt outgoing messages check box.","To automatically sign outgoing emails, tick the Sign outgoing messages check box.","To automatically sign outgoing emails with attachments, leave the Prompt for signing attachments check box unticked. Note: If you tick this check box, you will be asked each time you send an email with attachments if you want to sign the mail.","To make Microsoft Outlook compatible with Outlook Express when exchanging signed and encrypted emails, tick the Compatibility with CryptoExtension for Outlook Express check box.","Incoming mail","To automatically decrypt incoming emails, tick the Decrypt incoming messages check box. To save them in non-encrypted form, leave the check box clear.","To verify a signature before opening an email, tick the Verify signature before opening a message check box.","Digital signature key","To change the current ViPNet network user:","Click the radio button beside Other.","Click the Change button and browse to the folder containing the digital signature key of the user.","Microsoft Outlook",

"769.htm");

Page[137]=new Array("The Common tab contains the following information:","The ViPNet network user name","The email addresses of those users who can receive encrypted messages. The exchange of encrypted messages can only be between ViPNet users. This list of email addresses (also known as the aliases list) is created via ViPNet Manager.","The Security tab for Outlook Express allows set the following parameters for ViPNet CryptoExtension:","To automatically sign outgoing emails, tick the Sign outgoing messages check box.","To automatically encrypt outgoing emails, tick the Encrypt outgoing messages check box.","To verify a signature before opening an email, tick the Verify signature before opening a message check box.","Digital signature key","To change the current ViPNet network user:","Click the radio button beside Other.","Click the Change button and browse to the folder containing the digital signature key of the user.","For more information about ViPNet CryptoExtension options, refer to the program-specific user guide delivered with ViPNet OFFICE.","Outlook Express",

"770.htm");

Page[138]=new Array("Registration is only required for ViPNet Manager.","When starting an unregistered version of ViPNet Manager, a dialog box appears prompting you to register the program.","If you don't want to register the program now, click the Run ViPNet Manager radio button and click Next. (Note: You can register the program anytime by going to the main menu of ViPNet Manager.)","If the demo period has expired, only the Register ViPNet Manager option will be available.","To register ViPNet Manager:","Select Register ViPNet Manager and click Next. The Registration of ViPNet Manager wizard launches:","If you have:","not yet purchased ViPNet Manager, select Buy program (get serial number).","purchased ViPNet Manager and have a serial number, select Request registration code.","purchased ViPNet Manager and received your registration code, select Register program.","Click Next.","Registration",

"360.htm");

Page[139]=new Array("To buy a serial number:","If ViPNet Manager is:","already running, select Help &gt; Registration from the menu bar","not running, start the application and when the following dialog box appears, click Register ViPNet Manager and click Next.","The Registration of ViPNet Manager wizard launches:","Select Buy program (get serial number) and click Next.","The ViPNet products order page on the Infotecs website displays in your default Internet browser. After using the website to successfully buy ViPNet OFFICE, you will receive a serial number by email.","Request a registration code.","Buy Application (Get Serial Number)",

"858.htm");

Page[140]=new Array("To request a registration code for ViPNet Manager:","If ViPNet Manager is:","already running, select Help &gt; Registration from the menu bar","not running, start the application and when the following dialog box appears, click Register ViPNet Manager.","The Registration of ViPNet Manager wizard launches:","Select Request registration code and click Next.","The Registration request options window appears:","Select how you want to request your registration code and click Next. Options are:","By email","Through website","By phone","Group registration (through system administrator)","Request Registration Code",

"363.htm");

Page[141]=new Array("If you select By email, the Registration data window appears:","Your computer code, user name and company (which you specified during installation of the product) appear automatically. If desired, you can edit this information.","Type your serial number in the Serial number text box. Note: If you have previously filled in this number, it will automatically appear.","If desired, type any additional information in the Additional information text box.","Click Next. An email summarizing your registration data will automatically open in your default email application. It will be addressed to reg@infotecs.biz.","To complete the procedure, send this email. When Infotecs has checked your registration data, you will receive your registration code by return email.","Register your application.","By email",

"860.htm");

Page[142]=new Array("If you select Through website, the registration page on the Infotecs Internet site launches.","Fill in registration data and click the Send button. When Infotecs has checked your registration data, you will receive a registration code by email.","Register your application.","Through website",

"861.htm");

Page[143]=new Array("If you select By phone, the Registration request by phone window appears:","This window summarizes the kind of information you need to provide Infotecs.","Call Infotecs using the phone number specified at the top of the window and request a registration code.","When you receive the registration code, click Next. The Register window appears:","Type your serial number and registration code. Note: If you have previously filled in this number, it will automatically appear.","Click Next. If all the fields were filled in correctly, a message appears confirming the application was successfully registered. It will also suggest how to save registration data.","Click Finish.","Register your application.","By phone",

"862.htm");

Page[144]=new Array("If you select Group registration (through system administrator), the Registration data window appears.","This window enables each ViPNet user to send a file containing registration data to their system administrator. Once the system administrator receives a set of registration codes from Infotecs, you can register your ViPNet program.","Your computer code (the code that uniquely identifies your computer), your user name and the company your work for (which you specified during installation of the product) appear automatically. If desired, you can edit this information.","Type your serial number in the Serial number text box. Note: If you have previously filled in this number, it will automatically appear.","If desired, type any additional information in the Additional information text box.","Click Next. The Saving registration data window appears:","Click Browse and select the folder that will store the file containing your registration data.","Click Next. The registration data is saved in a text file named after the serial number of the program: &lt;serial number&gt;.txt.","Click Finish.","Send the file containing your registration data to your system administrator.","When you receive your registration code from you system administrator, register your application.","Group registration",

"863.htm");

Page[145]=new Array("To register ViPNet Manager:","If ViPNet Manager is:","already running, select Help &gt; Registration from the menu bar","not running, start the application and when the following dialog box appears, click Register ViPNet Manager.","The Registration of ViPNet Manager wizard launches:","Select Register program and click Next. The Serial number window appears:","Type your serial number. Note: If you have ever filled in the serial number, this value automatically appear.","Click Next. The Registration code window appears:","If:","You personally sent a request for a registration code, select Single registration and type the registration code.","Your system administrator sent a request for a registration code, select Group registration, click Browse and locate the file on your network that contains the registration code.","Click Next. If all the fields were filled in correctly, the following window appears: ","Click Finish.","Save your registration data by backing up your registration file. The file, offmanager.brg, is located in the same folder as the application.","Register ViPNet Manager",

"367.htm");

Page[146]=new Array("The registration process stores registration data in a file named *.brg, located in the ViPNet Manager installation folder. We recommend you save this file in a secure place because it will be useful in some cases of re-installation (for example, if you need to install the program into another folder on your computer, or you need to re-install the program after formatting of the disk). In such cases, you should put the saved *.brg file back into the installation folder. After restarting, the newly installed ViPNet program will consider itself registered (as long as the registration data is true and there were no changes in the configuration of your computer).","Information about registration data (serial number, computer code, registration code etc.) is also stored in a registration log file named reginfo.txt, located in the ViPNet Manager installation folder. Information from this file can be used for manual registration of the program after re-installation (for example, if the *.brg file has been lost).","Saving Registration Data",

"368.htm");

Page[147]=new Array("Group registration allows a company to request and receive registration codes for several users via a single person. This person is normally the organization's system administrator.","To use group registration, all ViPNet users must have their product's serial number. If not, they need to buy it via the Registration of ViPNet Manager wizard.","Each user, from their own computer, must have created a group request of registration. This creates a .txt file containing registration data, which they will send to their system administrator.","If you are system administrator:","Save these files to one folder.","When you have them all, combine them using the copy line command: copy *.txt registration.all. (Note: You can use another file name instead of registration.all.)","Email the file to Infotecs at reg@infotecs.biz. In the subject line, name the email 'ViPNet Group Registration'.","After Infotecs has processed the request, you will receive an email with an attached .txt file. This file will contain the registration codes for all users taking part in the group registration. Deliver this file to users (e.g. via network disk) who can then register their installed ViPNet program.","System Administrator Actions for Group Registration",

"369.htm");

Page[148]=new Array("ViPNet OFFICE is offered in the following packages: Light and Standard. Each package includes a license that defines the maximum number of coordinators, the number of clients per coordinator, and the maximum number of unprotected addresses that can be tunneled through a coordinator. ","The following table provides an overview of the different packages. Note: ViPNet OFFICE includes TUNNEL.","Coordinators","Clients","Tunnels","ViPNet OFFICE Light","2","2","2","ViPNet OFFICE Standard","2","10","8","ViPNet TUNNEL Standard","2","0","20","Attention: If required, ViPNet OFFICE or ViPNet TUNNEL allow you to easily upgrade your existing license.","License Packages",

"1076.htm");

Page[149]=new Array("Immediately after its installation, ViPNet Manager works as an unregistered application with a number of limitations. ","Firstly, you can only run the program for 45 days. After that, ViPNet Manager will not start.","An unregistered version also limits the administrator to the creation of a 'demo' ViPNet network. The demo network includes two coordinators and two clients, as well as a maximum of two IP addresses that can be tunneled through the coordinator. The distributed key files for all network nodes are created with a 45-day expiration time - after that, all Client and Coordinator software is automatically deactivated.","To use ViPNet Manager after the test phase or to extend the ViPNet structure to meet your requirements, you must register the program.","Limitations of the Unregistered (Demo) License",

"377.htm");

Page[150]=new Array("To extend the number of clients, coordinators or open tunneled addresses within your ViPNet network, you need to contact an Infotecs representative (reseller or distributor) and order an extension that will cover the additional number of nodes.","If this is a first time you are extending your registered license, the Infotecs representative will ask you for your ViPNet network number. If ViPNet Manager is running, you can view the network number by selecting Help &gt; About ViPNet Manager from the menu bar.","After making the order, you will receive a license file called 'infotecs.reg', which will contain your new license information. Simply put this file in the installation folder of ViPNet Manager and you will immediately be able to add additional network nodes or tunnels.","Note: Extending a license is only possible for licenses that are registered.","Upgrading Your License",

"370.htm");

Page[151]=new Array("A certificate is a digital document that contains a network user's public key of digital signature. A certificate is used for vouching the authenticity of a network user's digital signature and for authenticating the certificate's owner. In ViPNet OFFICE, a certificate is issued by ViPNet Manager and signed by digital signature by the ViPNet Manager administrator. Certificates of public signature keys are formed for the ViPNet Manager administrator and users. In addition, you can specify a time period for which an administrator certificate is valid (no less 5 years). The time period for which the ViPNet user certificate is valid is constant and equal to three years.","Certificate specifications and format correspond to the standard X.509, version 3.","Certificate of public key of digital signature",

"90.htm#o1016");

Page[152]=new Array("A computer with an installed version of ViPNet Client software.","Client",

"90.htm#o1007");

Page[153]=new Array("A secure communication channel (encrypted connection) between two network nodes.","Connection",

"90.htm#o1014");

Page[154]=new Array("A computer with an installed version of ViPNet Coordinator software.","Coordinator",

"90.htm#o1008");

Page[155]=new Array("A firewall or other device with NAT (Network Address Translation) translates internal addresses in addresses accessible from external network. ViPNet software provides three types of NAT devices:","ViPNet coordinator. A computer with ViPNet Coordinator is installed. This provides NAT for ViPNet nodes in the local network.","With static NAT. A firewall or other NAT device where it's possible to set static translation rules. These rules provide interaction with a specific internal address of the local network by UDP protocol and a specified port.","With dynamic NAT. A firewall or other NAT device where it's very difficult to set static translation rules.","Firewall or other devices with NAT function",

"90.htm#o1029");

Page[156]=new Array("All IP addresses, except IP addresses that are reserved for use in local networks with private IP addresses.","IP addresses permissible in the Internet",

"90.htm#o1031");

Page[157]=new Array("If any changes are made to the ViPNet network structure by the ViPNet Manager administrator, link files and keys for ViPNet nodes are changed. The administrator must then send the new keys (called a key sets update) to the ViPNet nodes.","Key sets update",

"90.htm#o1018");

Page[158]=new Array("A key set is a file (with .dst extension) that enables you to start ViPNet software on a network node. Keys sets are created for each node using ViPNet Manager.","Key set (key)",

"90.htm#o1017");

Page[159]=new Array("A license defines the maximum number of coordinators, the number of clients per coordinator, and the maximum number of unprotected addresses that can be tunneled through a coordinator. The license is bound to the ViPNet OFFICE or ViPNet TUNNEL product lines and is included with the serial number you receive on purchase. The license can be upgraded.","License",

"90.htm#o1013");

Page[160]=new Array("A network node with ViPNet Client software that the VIPNet Manager administrator has nominated as manager. From this node, an administrator can send keys and software updates to network nodes.","Manager",

"90.htm#o1020");

Page[161]=new Array("A client, coordinator or network node tunnelled by a coordinator.","Network node",

"90.htm#o1009");

Page[162]=new Array("A password with administrator rights used to enter ViPNet Client or ViPNet Coordinator to retrieve additional settings for ViPNet applications.","NN administrator password",

"90.htm#o1024");

Page[163]=new Array("The following three IP ranges are reserved by the Internet Assigned Numbers Authority (IANA) according to RFC 1918 - Address Allocation for Private Internets: 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255 and 192.168.0.0-192.168.255.255. These IP addresses are not routable over the Internet, so they will not conflict with other sites using these ranges. To access the Internet with these ranges, you need a Network Address Translation (NAT) device.","Private addresses for IP networks",

"90.htm#o1030");

Page[164]=new Array("Servers located on a protected computer, for example, a web server, mail server or FTP server.","Protected applied servers",

"90.htm#o1033");

Page[165]=new Array("A network node or tunneled computer.","Protected computer",

"90.htm#o1010");

Page[166]=new Array("A server located on a protected computer.","Protected DNS or WINS server",

"90.htm#o1032");

Page[167]=new Array("A server located on an unprotected (open) computer.","Public (open) DNS server",

"90.htm#o1034");

Page[168]=new Array("The area on the right side of the taskbar on the Windows interface is used to display the status of various functions, such as speaker volume and modem transmission.","System tray",

"90.htm#o957");

Page[169]=new Array("A data packet generated by the Business Mail or File Exchange applications. The packet contains a header with parameters that are needed for routing it in the ViPNet network.","Transport packet",

"90.htm#o1023");

Page[170]=new Array("A computer that has its traffic tunneled by a ViPNet coordinator.","Tunneling computer",

"90.htm#o1011");

Page[171]=new Array("A computer on which ViPNet software is not installed and which is not a tunneling computer.","Unprotected computer",

"90.htm#o1012");

Page[172]=new Array("An individual user password is required to log on to ViPNet software. ","The user password is generated using the first x (number of) characters from each word of a randomly generated password phrase.","This phrase is created from one of the available languages (English, German or Russian). It is a grammatically correct sentence, created from random words from special dictionary files. ","The number of words in a phrase can be either three or four; however it is also possible to create a password from two password phrases (six or eight words).","In the following example, the password 'stradiveterrempt' is generated from an English phrase consisting of four words: strange diversant terrorizes emptiness.","User password (random phrase password)",

"90.htm#o1022");

Page[173]=new Array("The person responsible for creating and configuring the ViPNet network. Also the person who creates and updates link files and key information for network nodes. This manual is intended for the ViPNet Manager administrator.","ViPNet Manager administrator",

"90.htm#o1025");

Page[174]=new Array("The password is used to enter ViPNet Manager.","ViPNet Manager administrator password",

"90.htm#o1026");

Page[175]=new Array("A ViPNet network combines all the network nodes of a specific network. Each client is registered on a certain coordinator. You can choose the connection types between all network nodes while creating the network via ViPNet Manager. Afterwards, you can change the links. There are obligatory links between coordinators and also between a coordinator and its clients. You cannot remove these links. If the license permits the tunneling of IP addresses, these IP addresses will be automatically shared between the coordinators during the initial configuring the ViPNet network. Afterwards, you can modify the maximum number of connections tunneled by a coordinator at the same time.","To aid in the centralized sending of updates, one client is assigned as manager. During the initial configuring the ViPNet network, the first client of the first coordinator is automatically assigned the manager role. Afterwards, you can change the assignment to another client.","If you do not want the ViPNet Manager client to be visible to ViPNet applications (Monitor, Business Mail) on other nodes, you do not need to link it to those nodes. All necessary key information for providing the connection between ViPNet nodes and network management will be created automatically, irrespective of the presence of links.","It's necessary for the computer with ViPNet Manager to belong to the administrator. The administrator's computer controls the ViPNet network. If you have added new nodes to your ViPNet network, the ViPNet Client on the ViPNet Manager workstation must receive key set updates before you send updates to the other network nodes (such an update of keys is done automatically by default).","ViPNet network structure",

"90.htm#o1015");

Page[176]=new Array("The centralized process of upgrading ViPNet software on ViPNet network nodes. The process is done by the ViPNet Manager administrator.","ViPNet software upgrade",

"90.htm#o1019");

Page[177]=new Array("A user of ViPNet Client or ViPNet Coordinator.","ViPNet user",

"90.htm#o1021");

var PageCount=178;



function search(SearchWord){

var Result="";

var NrRes=0;

Result='<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">\n';

Result+="<html>\n";

Result+="<head>\n";

Result+="<meta http-equiv='Content-Type' content='text/html; charset=ISO-8859-1'>\n";

Result+="<title>Search Results</title>\n";

Result+='<script language="javascript" type="text/javascript" charset="ISO-8859-1" src="dhtml_search.js"></script>\n';

Result+='<link rel="stylesheet" type="text/css" href="stylesheet.css">\n';

Result+="<style type='text/css'>\n";

Result+=".searchDetails {font-family:verdana; font-size:8pt; font-weight:bold}\n";

Result+=".searchResults {font-family:verdana; font-size:8pt}\n";

Result+="</style>\n";

Result+="</head>\n";

Result+="<body onload='javascript:document.SearchForm.SearchText.focus()'>\n";

Result+='<table class="searchDetails" border="0" cellspacing="0" cellpadding="2" width="100%">\n';

Result+='<tr><td>Enter a keyword or phrase</td></tr>';

Result+='<tr><td>';

Result+='<form name="SearchForm" action="javascript:search(document.SearchForm.SearchText.value)">';

if(SearchWord.length>=1){

   while(SearchWord.indexOf("<")>-1 || SearchWord.indexOf(">")>-1 || SearchWord.indexOf('"')>-1){

       SearchWord=SearchWord.replace("<","&lt;").replace(">","&gt;").replace('"',"&quot;");

   }

}

Result+='<input type="text" name="SearchText" size="25" value="' + SearchWord + '" />';

Result+='&nbsp;<input type="submit" value="&nbsp;Go&nbsp;"/></form>';

Result+='</td></tr></table>\n';



if(SearchWord.length>=1){

   SearchWord=SearchWord.toLowerCase();

   this.status="Searching, please wait...";

   Result+="<table border='0' cellpadding='5' class='searchResults' width='100%'>";

   for(j=0;j<PageCount;j++){

       k=Page[j].length-1;

       for(i=0;i<k;i++){

           WordPos=Page[j][i].toLowerCase().indexOf(SearchWord);

           if(WordPos>-1){

               FoundWord=Page[j][i].substr(WordPos,SearchWord.length);

               NrRes++;

               Result+="<tr><td>";

               Result+="<a target='BODY' href='"+Page[j][k]+"'>"+Page[j][k-1].replace(FoundWord,FoundWord.bold())+"</a><br/>\n";



               if(i<k-1){

                   if(Page[j][i].length>350){

                       Result+="..."+Page[j][i].substr(WordPos-100,200+FoundWord.length).replace(FoundWord,FoundWord.bold())+"...\n";

                   }

                   else{

                       Result+=Page[j][i].replace(FoundWord,FoundWord.bold())+"\n";

                   }

               }

               Result+="</td></tr>";

               break;

           }

       }

   }

   Result+="</table>";

   Result+="<p class='searchDetails'>&nbsp;" + NrRes + " result(s) found.</p>";

}



Result+="</body></html>";

this.status="";

this.document.open();

this.document.write(Result);

this.document.close();

}