NCP Secure VPN Enterprise Client for Linux
Versatile Central Manageable VPN Client Suite for Linux
NCP Products
NCP Managed VPN Client Suite
NCP Secure Enterprise Linux Client - IGEL Edition, 1 to 99 users
*Price per user. Quantity must be 1 or greater
*Price per user. Quantity must be 1 or greater
#NWLPC-I
Get a Quote!
Get a Quote!
Pricing notes:
- Pricing and product availability subject to change without notice.
- For more than 99 users, please use our Quote Request Form!
Overview:
Compared to common VPN clients the NCP Secure Enterprise Linux Client Suite features – in addition to IPsec VPN functionality – a personal firewall, an integrated dialer (internet connector) with integrated 3G/4G card support and a Wi-Fi administration tool.. IT departments are able to centrally manage all components of the solution. For users this means that upon clicking (one-click solution) the VPN client software automatically carries out the Internet dial up, sets up the VPN tunnel, selects the transmission network and selects the appropriate firewall policy.
Features:
Secure
Rely on high-quality IT security software made in Germany
- IPv6 supported dynamic personal firewall
- data encryption
- strong authentication
- multi-certificate support
- parameter locks
- FIPS Inside
- automatic adaption of firewall rules
Efficient
Mindful of one of the biggest challenges organizations face – cost savings
- Budget Manager for full cost control
- support for 3G/4G hardware (LTE)
- Custom Branding Option
- Central Management
Ease of use
Reduced IT complexity
- a single and easy-to-use user interface (one click) for the connection setup
- integrated support for 3G/4G hardware
- a reliable, uninterrupted VPN connection
- automatic, location-aware adaption of firewall rules through the NCP VPN Client
- automatic media recognition
- seamless Roaming
- easy domain registration
Mobile
The best mobile device user experience
- Working without dropped connections or interruptions even when switching between networks, i.e. seamless roaming
- auto-connect to your corporate network
- reliable and uninterrupted VPN connections
- quick and secure hotspot logon
- Remote Access even behind firewalls, whose port settings typically deny IPsec based communication, i.e. NCP Path Finder® Technology
Technical Data:
| Secure VPN Enterprise Client for Linux: Technical Data | |
| Operating System | 32/64 Bit: Ubuntu Desktop 10.04.3 LTS, open SUSE 11.3, 11.4, 12.1, Fedora 16, Debian 5.0.8 |
| Security Features | The Secure Enterprise Linux Client supports all major IPsec standards in accordance with RFC |
| Personal Firewall | Stateful Packet Inspection; IP-NAT (Network Address Translation); Friendly Net Detection (FND)* (analysis of: current network address and IP address; automatic FND, secure hotspot logon; differentiated filter rules relative to: protocols, ports and addresses, LAN adapter protection, central administration with Client firewall configuration plug-in* |
| Virtual Private Networking | IPsec (Layer 3 Tunneling), RFC-conformant; IPsec proposals can be determined through the IPsec gateway (IKE, IPsec Phase 2); Event log; communication in the tunnel; MTU size fragmentation and reassembly, DPD, NAT-Traversal (NAT-T); IPsec tunnel mode |
| Encryption | Symmetric processes: AES 128,192,256 bits; Blowfish 128,448 bits; Triple-DES 112,168 bits; dynamic processes for key exchange: RSA to 2048 bits; seamless rekeying (PFS); hash algorithms: SHA-256, SHA-384, SHA-512, MD5, Diffie-Hellman Groups 1,2,5,14 |
| Authentication Processes | IKE (Aggressive mode and Main Mode), Quick Mode; XAUTH for extended user authentication; IKE config mode for dynamic assignment of a virtual address from the internal address pool (private IP); PFS; PAP, CHAP, MS CHAP V.2; IEEE 802.1x: EAP-MD5 (Extensible Authentication Protocol): Extended authentication relative to switches and access points (Layer 2); EAP-TLS (Extensible Authentication Protocol - Transport Layer Security): Extended authentication relative to switches and access points on the basis of certificates (Layer 2); support of certificates in a PKI: Soft certificates, smart cards, and USB tokens: Pre-shared secrets, one-time passwords, and challenge response systems; RSA SecurID ready |
| FIPS Inside | The IPsec Client incorporates cryptographic algorithms conformant with the FIPS standard. The embedded cryptographic module incorporating these algorithms has been validated as conformant to FIPS 140-2 (certificate #1051). FIPS compatibility is always given if the following algorithms are used for set up and encryption of the IPsec connection:
|
| Strong Authentication - Standards PKI Enrollment | X.509 v.3 Standard; Entrust Ready PKCS#11 interface for encryption tokens (USB and smart cards); smart card operating systems: TCOS 1.2 and 2.0; smart card reader interfaces: PC/SC, CT-API; PKCS#12 interface for private keys in soft certificates; PIN policy; administrative specification for PIN entry in any level of complexity; revocation: EPRL (End-entity Public-key Certificate Revocation List, formerly CRL), CARL (Certification Authority Revocation List, formerly ARL), OCSP. CMP (Certificate Management Protocol) |
| Network Access Control | Endpoint Policy Enforcement |
| Networking Features | LAN emulation: virtual Ethernet adapter |
| Network Protocol | IP |
| Dialer | NCP Internet Connector |
| VPN Path Finder | NCP Path Finder Technology: Fallback IPsec/ HTTPS (port 443) if port 500 respectively UDP encapsulation is no possible (prerequisite: NCP VPN Path Finder Technology on the Gateway is required) |
| Additional Features | Automatic media detection, UDP encapsulation, Multi certificate support |
| IP Address Allocation | DHCP (Dynamic Host Control Protocol), DNS: Dial-in to the central gateway with changing public IP addresses through IP address query via DNS server |
| Transmission Media | Internet, xDSL, LAN, GSM (inkl. HSCSD), GPRS, UMTS, LTE, HSDPA, PSTN, ISDN |
| Line Management | DPD with configurable time interval; channel bundling (dynamic in ISDN) with freely configurable threshold value; timeout (controlled by time and charges) |
| Data Compression | IPCOMP (lzs), deflate |
| Point-to-Point Protocols | PPP over ISDN, PPP over GSM, PPP over PSTN, PPP over Ethernet; LCP, IPCP, MLP, CCP, PAP, CHAP, ECP |
| Internet Society RFCs and drafts | RFC 2401 –2409 (IPsec), RFC 3498, RFC 3947: IP security architecture, ESP, HMAC-MD5-96, HMAC-SHA-1-96, ISAKMP/Oakley, IKE, XAUTH, IKECFG, DPD, NAT Traversal (NAT-T),UDP encapsulation, IPCOMP |
| Client Monitor Intuitive GUI |
Multilingual (English, German); intuitive operation; configuration, connection management and monitoring, connection statistics, log-files, trace tool for error diagnosis; traffic light icon for display of connection status; integrated support of Mobile Connect Cards (PCMCIA, embedded); password protected configuration management and profile management, configuration parameter lock |
* Prerequisites: NCP Secure Enterprise Management and/or NCP Secure Enterprise Server
** Download NCP FND server: http://www.ncp-e.com/en/downloadstatistik/secure-entry-client/friendly-net-detection-server.html
Documentation:
Download the NCP Secure VPN Enterprise Client for Android Datasheet (PDF).