NCP Secure VPN Enterprise Client for Android
Universal Centrally Administered VPN Client for Android 4.x
*Price per user. Quantity must be 1 or greater
Get a Quote!
*Price per user. Quantity must be 100 or greater
Get a Quote!
*Price per user. Quantity must be 250 or greater
Get a Quote!
*Price per user. Quantity must be 500 or greater
Get a Quote!
Pricing notes:
- Pricing and product availability subject to change without notice.
- For more than 1,500 users, please use our Quote Request Form!
Overview:
Equip Android end devices, used within your enterprise, with a NCP managed Android VPN Client. NCP's VPN Management enables central management of all VPN clients. VPN configurations and user certificates and licenses for these clients can be centrally managed. The NCP Android VPN clients are available for mobile end devices with the operating system Android 5.x/4.x.
Features:
Secure
Rely on high-quality IT security software made in Germany
- IPv6 supported dynamic personal firewall
- data encryption
- strong authentication
- multi-certificate support
- parameter locks
- FIPS Inside
- automatic adaption of firewall rules
Efficient
Mindful of one of the biggest challenges organizations face – cost savings
- Budget Manager for full cost control
- support for 3G/4G hardware (LTE)
- Custom Branding Option
- Central Management
Ease of use
Reduced IT complexity
- a single and easy-to-use user interface (one click) for the connection setup
- integrated support for 3G/4G hardware
- a reliable, uninterrupted VPN connection
- automatic, location-aware adaption of firewall rules through the NCP VPN Client
- automatic media recognition
- seamless Roaming
- easy domain registration
Mobile
The best mobile device user experience
- Working without dropped connections or interruptions even when switching between networks, i.e. seamless roaming
- auto-connect to your corporate network
- reliable and uninterrupted VPN connections
- quick and secure hotspot logon
- Remote Access even behind firewalls, whose port settings typically deny IPsec based communication, i.e. NCP Path Finder® Technology
Technical Data:
Secure VPN Enterprise Client for Android: Technical Data | |
Operating System | Android 4.0 and above |
Central Management | Distribution of VPN configurations and certificates from the NCP Secure Enterprise Management |
Standards | Support of all Internet Society IPsec Standards |
Virtual Private Networking | IPsec (Layer 3 Tunneling), RFC conformant; IPsec proposals can be determined by the IPsec Gateway (IKE, IPsec Phase 2); Event log; Communication only in tunnel; MTU Size Fragmentation und Reassembly; DPD; NAT-Traversal (NAT-T); IPsec Tunnel Mode |
Encryption | Symmetric processes: AES 128,192,256 bits; Blowfish 128,448 bits; Triple DES 112,168 bits; Dynamic processes for key exchange: RSA to 2048 bits; Seamless Rekeying (PFS); Hash Algorithms: SHA-256, SHA-384, SHA-512, MD5, DH Groups 1, 2, 5, 14-18 |
FIPS Inside | The NCP Secure Android Client uses an embedded FIPS 140-2-validated cryptographic module (Certificate #1747) running on an Android platform per FIPS 140-2 Implementation Guidance section G.5 guidelines. FIPS conformance will always be maintained when any of the following algorithms are used for establishment and encryption of the IPsec connection:
|
Authentication Processes | IKEv1 (Aggressive und Main Mode), Quick Mode; XAUTH for extended user authentication; IKE Config Mode for the dynamic assignment of a virtual address from an internal pool (private IP) ; PFS IKEv2 Pre-Shared Secrets |
Strong Authentication | PKCS#12 Interface for using User (Soft) Certificates Multi Certificate configuration One-Time Passwords and Challenge Response System; RSA SecurID Ready |
Network Protocol | IP |
Auto Reconnect | A connection is automatically established if the Internet connection has been interrupted or the communication medium has changed from WiFi to mobile data transmission. Configurable connection mode (always, manual) |
VPN Path Finder | NCP VPN Path Finder Technology, Fallback IPsec /HTTPS (Port 443) when port 500 or UDP encapsulation can not be used (prerequisite: NCP VPN Path Finder Technology required at the VPN Gateway |
IP Address Assignment | DHCP (Dynamic Host Control Protocol); DNS: central VPN gateway selection using public IP address allocated by querying a DNS server |
Line Management | DPD (Dead Peer Detection) with configurable polling interval; Short Hold Mode; WLANRoaming (Handover); Timeout |
Data Compression | IPCOMP (lzs), Deflate |
Other Features | UDP encapsulation Import function supporting file formats:*.ini, *.pcf, *.wgx und *.spd |
Internet Society RFCs and drafts | RFC 2401 –2409 (IPsec), RFC 3947 (NAT-T negotiations), RFC 3948 (UDP encapsulation), IP Security Architecture, ESP, ISAKMP/Oakley, IKE, XAUTH, IKECFG, DPD, NAT Traversal (NATT), UDP encapsulation, IPCOMP |
Client Monitor Intuitive GUI |
English; Connection control and management, connection statistics, log files; trace tool for error diagnosis; traffic light icon indicates connection status |
Comparison:
Technical Features | VPN Client | Premium | Enterprise |
---|---|---|---|
Operating System | |||
Operating System | |||
Central Management | – | – | |
Security Features | |||
Security Features | |||
Virtual Private Networking | |||
Encryption | |||
FIPS Inside | – | ||
Authentication Process | |||
PKCS#12 Interface for private key in soft certificates Multi Certificate configuration | |||
IKEv2 | – | ||
Pre-Shared Secrets | |||
Strong Authentication | |||
PKCS#12 Interface for private key in soft certificates Multi Certificate configuration | – | ||
One-Time Passwords and Challenge Response System; RSA SecurID Ready | |||
Networking Features | |||
Network Protocol | |||
Auto Reconnect | – | ||
VPN Path Finder | – | ||
IP Address Assignment | |||
Line Management | |||
Data Compression | |||
Other Features | |||
UDP encapsulation | |||
import function supporting file formats:*.ini, *.pcf, *.wgx und *.spd | – | ||
Internet Society RFCs and Drafts | |||
Internet Society RFCs and Drafts | |||
Client Monitor | |||
Intuitive GUI |
Android Devices and NCP Solutions:
Universal VPN Clients for companies of all scales for Android Tablets and Smartphones
Do you own a mobile end device running on the Android 4.x operating system? Would you like to use it to securely access data on the company network via VPN? If your answer to both questions is "yes", NCP developed the perfect software for you: the NCP Secure VPN Clients for Android.
The following VPN clients for Android end-devices are available:
NCP managed Android Clients | |||
---|---|---|---|
NCP Secure Enterprise Android VPN Client | NCP Secure Android Client Volume Edition | NCP Secure VPN Clients for Android | |
How to buy | specialist retailer / invoice | specialist retailer / invoice | Google Play / credit card |
License Management | Yes | Yes | No |
Configuration Management | Yes | No | No |
Certificate Management | Yes | No | No |
Multi-Tenancy | Yes | Yes | No |
User | About 50 ot more | About 5 -50 | Workstation |
Management-Tool | Secure Enterprise Management | Volume License Server | No Tool |
Managed Android VPN Clients
NCP's Secure Enterprise Android Client is part of the NCP Enterprise series and can be comfortably managed with NCP's Secure Enterprise Management. The client allows comfortable and highly secure remote access to the company network and it is compatible to IPsec gateways of various producers.
NCP's Volume License Server (VLS) is an additional tool for the Android VPN Client Volume Edition which is available for 5 + User. This tool simplifies license management.
NCP VPN Clients on Google Play
The VPN Clients NCP Secure VPN Client for Android and NCP Secure VPN Client Premium for Android are available on Google Play. The two IPsec VPN clients have been designed for private use or use in small scale environments containing only a small number of Android Smartphones or Tablet PCs. They are also compatible to all major IPsec VPN Gateways. Further information on NCP Google Play Store VPN Clients.
FAQs:
Can I import configuration files?
Yes, you can directly import configuration files (*.pcf, *.spd, *.wgx, *.ini) from other manufacturers or files (*.ini) exported by the NCP configuration exporter.
You further have the option to import the configuration file "ncpphone.cfg". Please note that this configuration file only contains the VPN profile for the communication medium LAN.
Please copy the file "ncpphone.cfg" to the "\NCP\Import" directory on the internal or external SD card of the Android phone. In Windows Clients this file is usually located in "C:\Program Files (x86)\NCP\Secure Client\". You can now import the configuration data from that file into the Android Client via the "Import / Export" option. If the file is located in the correct directory, the system displays the entry "ncpphone.cfg" and next to it a box which can be checked. Check this box and then press the "Back" button to leave the menu. With that, the configuration data has been imported correctly and a connection can be established.
How do I import a certificate?
Currently support is provided for a certificate stored in a PKCS#12 file located on the Android phone's internal or external SD card in the "\NCP\Import" directory.
Import the certificate into the Android Client using the "Import / Export" option (menu - Import / Export); select either "Import User Certificates" or "Import CA Certificates" dependent on the type of certificate being imported.
Finally, select the certificate as "Certificate" in the Profile settings.
What does the error message:
"Ike: NOTIFY : x : RECEIVED : NO_PROPOSAL_CHOSEN : 14" mean?
This error message means that the IPsec Phase 2 encryption settings are incorrect. Currently the Client only supports a limited list of proposals. If the VPN server requires a type of encryption not in that list, this error message will be generated when the Client attempts to establish a connection to the server. The facility to fully configure the settings will be implemented in the next version of the Client. In the interim, a workaround is to create the correct configuration ("ncpphone.cfg", see above) on a Windows Client and import that into the Android Client.
Is there an NCP Secure Client for Android versions earlier than V4.0?
Manufacturer dependent restrictions mean that, on Android versions earlier than V4.0, the NCP VPN Client can not be sourced from the Android Market and then installed in the normal way. To circumvent this problem, NCP has developed an NCP Secure Client that requires either a "rooted" device or a specially adapted Android kernel. NCP only supplies this product to hardware manufacturers or system integrators or for major projects.
Where do I store the Cisco parameters "Group Password" and "Group ID"?
Save the "Group Password" parameter as the "Pre-shared Key" in the NCP Android Client. Also, with connections to Cisco servers, "Exchange Mode" is then usually set to "Aggressive Mode".
Save the "Group ID" parameter as the "IKE ID", and then set the "IKE ID Type" to "Free string used to identify groups".
Does Google Play accept other methods of payment apart from credit cards or is there another ordering process?
Google Play only accepts credit cards. However, both NCP Enterprise Versions for Android operating systems are available through our reseller and partner.
How does the configurable connection mode of the Premium Client work?
The VPN tunnel always starts automatically without interaction with the user. If connection setup fails, the client tries to establish a connection every 20 seconds. In order to permanently disconnect the tunnel, the user should select a different profile, which has been configured for the manual connection mode. Please note that after cold booting the device, the user has to manually initiate the first VPN connection setup.
NCP's Secure VPN Client Premium automatically reconnects a VPN tunnel (auto-reconnect: default setting) if a connection has been interrupted or the communication medium has been changed (3G/WiFi). Under certain circumstances, however, for example with bad 3G reception, it might happen that the VPN reconnect fails and the connection remains disconnected. Users who wish a permanent VPN connection can counter this by setting the communication mode to "always". With that setting an established VPN connection will only be permanently disconnected if the user selects a different VPN profile.
Why does NCP's Secure VPN Client not work on my Android 4.x system?
NCP's Secure VPN Client requires a VPN-API, which has to be installed on the Android 4.x operating system. If the system displays an error message after installation of the client, please contact the manufacturer of your device or install the latest systems software or Android version; you will find both on the manufacturer's support websites.
Documentation:
Download the NCP Secure VPN Enterprise Client for Android Datasheet (PDF).