Call a Specialist Today! 855-958-0756

NCP Secure Enterprise VPN Server
Universal Platform for Comprehensive Remote Access to Your Company Network

NCP Secure SSL VPN Server

NCP Products
NCP Secure Enterprise VPN Server (IPsec) - Basic System
NCP Secure Enterprise VPN Server (IPsec) Basic-System
*Highly scalable VPN software for use in company headquarters and branches
#DNTS01
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise VPN Server (IPsec)(SKU DNTS01), 1 to 24 users
*Price per user. Quantity must be 1 or greater
#DVPU01
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise VPN Server (IPsec)(SKU DNTS01), 25 to 49 users
*Price per user. Quantity must be 25 or greater
#DVPU25
Get a Quote!

More pricing below, click here!

Overview:

Hybrid VPN Gateway providing IPsec and SSL

NCP Secure Enterprise VPN Server: Universal Platform for comprehensive remote access to your company network

As a hybrid VPN Gateway, the NCP Secure Enterprise VPN Server supports both IPsec and SSL tunneling. This gives you the flexibility to choose one or the other VPN technology, or both, depending on which best suits your requirements. The modular software architecture and the high scalability of NCP's VPN Server allow adequate, need-oriented setup of your Remote Access network or your branch offices. Start small and scale up the performance spectrum on the fly. The system allows 1 to 10,000 users and the High Availability (HA) solution offers support for many times this amount of users.

Features:

Universality

NCP's Secure Enterprise VPN Server is a component of NCP's comprehensive VPN solution based on NCP's Next Generation Network Access Technology.

The VPN gateway integrates mobile and stationary teleworkers into one cross-company data network. The software can be installed on a standard PC running on Windows or Linux and can be used as central switching and monitoring tool behind a firewall in the DMZ (Demilitarized zone) or directly on the public network (Wide Area Network) or as VM Ware.

In IPsec environments, NCP's Secure Enterprise VPN Server is compatible to VPN gateways of established third-party suppliers. It is a universal remote access platform that offers connectivity for all NCP clients and, what is more, for all third-party VPN clients based on the IPsec standard.

The solution is further based on international standards and can be smoothly integrated into already existing IT infrastructure.

The modular software architecture of NCP's Secure Enterprise VPN Server offers companies a high degree of planning and investment security. It is possible to scale the number of remote users and VPN tunnels according to need.

Management/Multi-tenancy

Multi-tenancy or "multi company support" enables the concurrent use of a VPN gateway by several companies (resource sharing). Administrators of the connected companies are able to use a comfortable access management system to manage their respective NCP VPN clients*.

The NCP Secure Enterprise VPN Server also now contains a virtual network interface adapter, which is particularly important for cloud and Software as a Service (SaaS) provider environments. It can completely seal off data communication from the gateway operator and surrounding operating systems, and better protect it by decrypting the data, automatically forwarding it into a different VPN tunnel and re-encrypting it.

In large remote access VPN networks with several VPN gateways, NCP's High Availability Services ensure high availability and consistent workload for all installed VPN gateways.

Flexible user management can be executed directly via the VPN gateway or back-end systems, such as RADIUS LDAP or MS Active Directory. Integrated IP routing and firewall functionalities ensure connectivity and security for networking a branch office for example.

Administrators configure and manage the NCP Secure Enterprise VPN Server via the NCP Secure Enterprise Management through plug-in or a web interface. The management feature serves for central control and monitoring of all VPN components. Integrated automatisms optimize performance, ensure transparency, security and economic efficiency of the VPN solution.

NCP VPN Path Finder

With its unique "NCP VPN Path Finder" NCP provides a technology that enables users to use secure remote access even behind firewalls, whose port settings generally deny IPsec communication (e.g. in hotels).

Security/Strong Authentication

The NCP Secure Enterprise VPN Server supports all standards for highly secure data transfer in all remote access environments.

The NCP server supports strong authentication features such as one-time-password-tokens (OTP), text messages (SMS) or hard and software certificates and certificates with elliptic curve cryptography. Based on revocation lists, the server verifies the validity of certificates relative to the Certification Authority offline or online at each dial-in.

The NCP Advanced Authentication integrates a Two-Factor Authentication with a One-Time Password (OTP) in the Secure Enterprise Management via SMS. Each password is created by a random number generator within the NCP Advanced Authentication Connector.

Endpoint Security and Sandbox (Network Access Control = NAC**)

The security status of mobile and stationary end-devices is verified prior to the device gaining access to the corporate network. All parameters are defined centrally and the teleworkers' access rights depend on their compliance to them.

For IPsec VPN access, the options are "disconnect" or "continue in the quarantine zone". For an SSL VPN access, authorization to certain applications will be granted on the basis of pre-defined security levels. During the SSL VPN session all data is stored in NCP's Virtual Private Desktop (Sandbox), which is a work space that is separated from the operating system. After the SSL VPN session has been terminated, the sandbox automatically deletes all data from this container.

This means, meeting the security policies is mandatory for each end-device and the user can neither avoid nor manipulate them.

SSL VPN

IPsec and SSL

Using the NCP Secure Enterprise VPN Server, companies are able to set up data connections to their company network on the basis of an IPsec and/or SSL VPN.

With NCP's Secure Client Suite teleworkers have transparent access to all network applications and features - just like in the office. This also includes Voice over IP.

It is possible to assign an NCP Secure Client the same IP address at each connection setup. This IP address is a private IP address from the address range of the company. This enables identification of each teleworker through his IP address and simplifies remote administration and support for the user.

With dynamic assignment of an IP address from a pool, the system reserves the address for a certain user within a defined period (lease time). In case changing IP addresses are used, the NCP Secure Enterprise VPN Server also supports Dynamic DNS (DynDNS) for reachability of the VPN gateway. NCP's SSL VPN solution offers the following options for access to the company network:

  • Web Proxy - This module provides authorized users with secure access to internal web applications.
  • Port Forwarding – The Thin Client provides access to Client-/Server Applications (TCP/IP). Connection to local client applications (http enabled) via port forwarding. The system automatically downloads the Thin Client to the end-device and is required for additional security options like cache protection, endpoint security and NCP's Virtual Private Desktop.
  • PortableLAN – The Fat Client offers transparent network access and has to be installed on each end device.

Hybrid IPsec / SSL VPN gateway software
Universal platform for remote access to the company network

  • Integrated IP routing and firewall features
  • Integration of iPhone, iPad, iOS and Andoid
  • Fallback IPsec / HTTPS (NCP VPN Path Finder Technology®)
  • Bandwidth management
  • Network Access Control*
  • FIPS inside
  • Multi-tenancy
  • Endpoint Security (SSL VPN)
  • Easy Virtualization, perfect for Cloud VPN
  • Elliptic Curve Cryptography (ECC)
  • Multi Processor Support
*) Only in connection with NCP's Secure Enterprise Management
**) Network Access Control is a fixed part of NCP's SSL VPN Gateways. An IPsec VPN, however, requires the use of NCP's Secure Enterprise Management.

Technical Data:

Secure Enterprise VPN Server: Technical Data
IPsec VPN and SSL VPN – general
Operating Systems Windows Server 2019, Windows Server 2016, Windows Server 2012 R2
Debian, Red Hat or other Linux distributions with kernel version from 3.10, glibc from 2.17
Management Administrators configure and manage NCP's Secure Enterprise VPN Server via the NCP Secure Enterprise Management through VPN Server plug-in or a web interface.
Network Access Control(Endpoint Security) Endpoint policy enforcement for incoming data connections. Verification of predefined, security-relevant client parameters. Measures in the event of target/actual deviations in
Disconnect or continue in the quarantine zone with instructions for action
(Message box) or start of external applications (e.g. virus scanner update), logging in Log files
(Please refer to the Secure Enterprise Management data sheet for more information).
Dynamic DNS (DynDNS) Connection set up via Internet with dynamic IP addresses. Registration of each current IP address with an external Dynamic DNS provider. In this case the VPN tunnel is established via name assignment (prerequisite: The VPN client has to support DNS resolution - as do NCP Secure Clients)
DDNS Connected VPN clients are registered with the domain name server via Dynamic DNS (DDNS), meaning that VPN clients with dynamic IPs can be reached via a (permanent) name
Network Protocols IP, VLAN support
Multi-Tenancy Group capability; support of max. 256 domain groups (i.e. configuration of: authentication, forwarding, filter groups, IP pools, bandwidth limitation)
  • Alternative default certificates can be configured for other domain groups.
  • The Virtual Secure Enterprise VPN Server can select the most suitable certificate based on the client request (for example the certificate with the longest validity period).
User Administration Local user administration (up to 750 users); OPT server; RADIUS; LDAP, Novell NDS, MS Active Directory Services
Statistics and Logging Detailed statistics, logging functionality, sending SYSLOG messages
FIPS Inside The IPsec client integrates cryptographic algorithms according to the FIPS standard. The embedded cryptographic module, containing the corresponding algorithms, is certified according to FIPS 140-2 (Certificate #1747).
FIPS conformance will always be maintained when the following algorithms are used for set up and encryption of a VPN connection:
  • Diffie Hellman-Group: Group 2 or higher (DH starting from a length of 1024 Bit)
  • Hash Algorithms: SHA1, SHA 256, SHA 384 or SHA 512 Bit
  • Encryption algorithms: AES with 128, 192 and 256 Bit or Triple DES
IF-MAP The overall aim of the ESUKOM Project is the design and development of a real time security solution for company networks which works on the basis of consolidating meta data. The special focus of the project is the threat resulting from mobile end-devices, e.g. smartphones. ESUKOM focuses on the integration of existing security solutions (commercial and open source) which are based on a consistent meta data format according to IF-MAP specifications of the Trusted Computing Group (TCG).
The IF-MAP server of the Hannover University of Applied Science and Arts can currently be used for free-of-charge testing. The URL is: http://trust.inform.fh-hannover.de
Client/User Authentication Processes OTP token, certificates (X.509 v.3): User and hardware certificates (IPsec), user name and password (XAUTH)
Certificates (X.509 v.3)
Server Certificates It is possible to use certificates which are provided via the following interfaces: PKCS#11 interface for encryption tokens (USB and smart cards); PKCS#12 interface for private keys in soft certificates
Revocation Lists Revocation: EPRL (End-entity Public-key Certificate Revocation List, formerly CRL), CARL (Certification Authority Revocation List, formerly ARL),
Online Check Automatic downloads of revocation lists from the CA at certain intervals; Online check: Checking certificates via OCSP or OCSP over http
Connection Management
Line Management Dead Peer Detection (DPD) with configurable time interval;
Timeout (controlled by duration and charges)
Point-to-Point Protocols LCP, IPCP, MLP, CCP, PAP, CHAP, ECP
Pool Address Management Reservation of an IP address from a pool within a defined period (lease time)
IPsec VPN
Virtual Private Networking IPsec (Layer 3 tunneling), RFC-conformant; automatic treatment of MTU size, fragmentation and reassembly; DPD; NAT-Traversal (NAT-T); IPsec modes: Tunnel Mode, Transport Mode; Seamless Rekeying; PFS.
Internet Society RFCs and Drafts RFC 2401 –2409 (IPsec), RFC 3947 (NAT-T negotiations), RFC 3948 (UDP encapsulation), IP Security Architecture, ESP, ISAKMP/Oakley, IKE, IKEv2 (incl. MOBIKE), IKEv2 Signature Authentication, XAUTH, IKECFG, DPD, NAT Traversal (NAT-T), UDP encapsulation, IPCOMP, IKEv2 authentication conformant to RFC 7427 (padding process)
Encryption Symmetric processes: AES (CBC/CTR/GCM) 128, 192, 256 bits;
Blowfish 128,448 bits; Triple-DES 112,168 bits;
Dynamic processes for key exchange: RSA to 4096 bits;
Diffie-Hellman Groups 1, 2, 5, 14-21, 25-30;
Hash algorithm: SHA-1, SHA 256, SHA 384 or SHA 512
Firewall Stateful Packet Inspection; IP-NAT (Network Address Translation); port filtering; LAN adapter protection
VPN Path Finder NCP Path Finder Technology: Fallback to HTTPS from IPsec (port 443) if neither port 500 nor UDP encapsulation are available
Seamless Roaming With Seamless Roaming in the NCP Secure Client, the system can automatically transfer the VPN tunnel to a different communication medium (LAN / Wi-Fi / 3G / 4G) without changing the IP address to avoid interrupting communication via the VPN tunnel or disconnecting application sessions.
Authentication Processes IKEv1 (Aggressive and Main Mode), Quick Mode; XAUTH for extended user authentication;
IKEv2, EAP-PAP / MD5 / MS-CHAP v2 / TLS
Support for certificates in a PKI: Soft certificates, certificates with ECC technology;
Pre-shared keys;
One-time passwords and challenge response systems; RSA SecurID ready
IP Address Allocation DHCP (Dynamic Host Control Protocol) over IPsec;
DNS: Selection of the central gateway with dynamic public IP address by querying the IP address via a DNS server;
IKE config mode for dynamic assignment of a virtual address to clients from the internal address range (private IP)
Different pool can be assigned depending on the connection medium. (Client VPN IP)
Data Compression IPCOMP (lzs), Deflate
Recommended VPN Clients / Compatibility
NCP Secure Entry Clients Windows 32/64, macOS, Android
Windows 32/64, macOS, Android Windows 32/64, macOS, iOS, Android, Linux

Pricing notes:

NCP Products
NCP Secure Enterprise VPN Server (IPsec) - Basic System
NCP Secure Enterprise VPN Server (IPsec) Basic-System
*Highly scalable VPN software for use in company headquarters and branches
#DNTS01
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise VPN Server (IPsec)(SKU DNTS01), 1 to 24 users
*Price per user. Quantity must be 1 or greater
#DVPU01
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise VPN Server (IPsec)(SKU DNTS01), 25 to 49 users
*Price per user. Quantity must be 25 or greater
#DVPU25
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise VPN Server (IPsec)(SKU DNTS01), 50 to 99 users
*Price per user. Quantity must be 50 or greater
#DVPU50
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise VPN Server (IPsec)(SKU DNTS01), 100 to 249 users
*Price per user. Quantity must be 100 or greater
#DVPU100
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise VPN Server (IPsec)(SKU DNTS01), 250 to 499 users
*Price per user. Quantity must be 250 or greater
#DVPU250
Get a Quote!
NCP Secure Enterprise VPN Server Include High Availability Services (IPsec) Basis-System
NCP Secure Enterprise VPN Server (IPsec) Basis-System Include High Availability Services
*Highly scalable VPN software for use in company headquarters and branches incl. failover and load balancing
#BNTS01
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise VPN Server (IPsec) and NCP Secure Enterprise High Availability Server (SKU BNTS01), 1 to 24 users
*Price per user. Quantity must be 1 or greater
#BVPU01
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise VPN Server (IPsec) and NCP Secure Enterprise High Availability Server (SKU BNTS01), 25 to 49 users
*Price per user. Quantity must be 25 or greater
#BVPU25
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise VPN Server (IPsec) and NCP Secure Enterprise High Availability Server (SKU BNTS01), 50 to 99 users
*Price per user. Quantity must be 50 or greater
#BVPU50
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise VPN Server (IPsec) and NCP Secure Enterprise High Availability Server (SKU BNTS01), 100 to 249 users
*Price per user. Quantity must be 100 or greater
#BVPU100
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise VPN Server (IPsec) and NCP Secure Enterprise High Availability Server (SKU BNTS01), 250 to 499 users
*Price per user. Quantity must be 250 or greater
#BVPU250
Get a Quote!
NCP Secure Enterprise VPN Server (SSL) - Basic System
NCP Secure Enterprise VPN Server (SSL) Basic-System
Highly scalable VPN software for use in company headquarters and branches
#DSSLBS01
Get a Quote!
Concurrent User for NCP Secure Enterprise VPN Server (SSL) (SKU DSSLBS01), 1 to 24 users
*Price per user. Quantity must be 1 or greater
#DSSLC01
Get a Quote!
Concurrent User for NCP Secure Enterprise VPN Server (SSL) (SKU DSSLBS01), 25 to 49 users
*Price per user. Quantity must be 25 or greater
#DSSLC25
Get a Quote!
Concurrent User for NCP Secure Enterprise VPN Server (SSL) (SKU DSSLBS01), 50 to 99 users
*Price per user. Quantity must be 50 or greater
#DSSLC50
Get a Quote!
Concurrent User for NCP Secure Enterprise VPN Server (SSL) (SKU DSSLBS01), 100 to 249 users
*Price per user. Quantity must be 100 or greater
#DSSLC100
Get a Quote!
Concurrent User for NCP Secure Enterprise VPN Server (SSL) (SKU DSSLBS01), 250 to 499 users
*Price per user. Quantity must be 250 or greater
#DSSLC250
Get a Quote!
NCP Secure Enterprise VPN Server Include High Availability Services (SSL) Basis-System
NCP Secure Enterprise VPN Server (SSL) Basic-System Include High Availability Services
#BSSLBS01
Get a Quote!
Concurrent User for NCP Secure Enterprise VPN Server (SSL) and NCP Secure Enterprise High Availability Server (SKU BSSLBS01), 1 to 24 users
*Price per user. Quantity must be 1 or greater
#BSSLC01
Get a Quote!
Concurrent User for NCP Secure Enterprise VPN Server (SSL) and NCP Secure Enterprise High Availability Server (SKU BSSLBS01), 25 to 49 users
*Price per user. Quantity must be 25 or greater
#BSSLC25
Get a Quote!
Concurrent User for NCP Secure Enterprise VPN Server (SSL) and NCP Secure Enterprise High Availability Server (SKU BSSLBS01), 50 to 99 users
*Price per user. Quantity must be 50 or greater
#BSSLC50
Get a Quote!
Concurrent User for NCP Secure Enterprise VPN Server (SSL) and NCP Secure Enterprise High Availability Server (SKU BSSLBS01), 100 to 249 users
*Price per user. Quantity must be 100 or greater
#BSSLC100
Get a Quote!
Concurrent User for NCP Secure Enterprise VPN Server (SSL) and NCP Secure Enterprise High Availability Server (SKU BSSLBS01), 250 to 499 users
*Price per user. Quantity must be 250 or greater
#BSSLC250
Get a Quote!
High Availability Services for Secure Enterprise VPN Server (IPsec)
NCP Secure Enterprise High Availability Server for Secure Enterprise VPN Server (IPsec)
#DVE03
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise High Availability Server (SKU DVE03), 1 to 24 users
*Price per user. Quantity must be 1 or greater
#DVEU0301
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise High Availability Server (SKU DVE03), 25 to 49 users
*Price per user. Quantity must be 25 or greater
#DVEU0325
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise High Availability Server (SKU DVE03), 50 to 99 users
*Price per user. Quantity must be 50 or greater
#DVEU0350
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise High Availability Server (SKU DVE03), 100 to 249 users
*Price per user. Quantity must be 100 or greater
#DVEU03100
Get a Quote!
IPsec VPN Tunnel for NCP Secure Enterprise High Availability Server (SKU DVE03), 250 to 499 users
*Price per user. Quantity must be 250 or greater
#DVEU03250
Get a Quote!
High Availability Services for Secure Enterprise VPN Server (SSL)
NCP Secure Enterprise High Availability Server for Secure Enterprise VPN Server (SSL)
#DVE04
Get a Quote!
Concurrent User for NCP Secure Enterprise High Availability Server (SKU DVE04), 1 to 24 users
*Price per user. Quantity must be 1 or greater
#DVEU0401
Get a Quote!
Concurrent User for NCP Secure Enterprise High Availability Server (SKU DVE04), 25 to 49 users
*Price per user. Quantity must be 25 or greater
#DVEU0425
Get a Quote!
Concurrent User for NCP Secure Enterprise High Availability Server (SKU DVE04), 50 to 99 users
*Price per user. Quantity must be 50 or greater
#DVEU0450
Get a Quote!
Concurrent User for NCP Secure Enterprise High Availability Server (SKU DVE04), 100 to 249 users
*Price per user. Quantity must be 100 or greater
#DVEU04100
Get a Quote!
Concurrent User for NCP Secure Enterprise High Availability Server (SKU DVE04), 250 to 499 users
*Price per user. Quantity must be 250 or greater
#DVEU04250
Get a Quote!
NCP Secure Enterprise Management (SEM) Update
NCP Secure Enterprise VPN Server (IPsec) and NCP Secure Enterprise High Availability Server, Update 1 Version
#UBNTS0135
Get a Quote!
NCP Secure Enterprise VPN Server (IPsec) and NCP Secure Enterprise High Availability Server, Update 2 Versions
#UBNTS0150
Get a Quote!
NCP Secure Enterprise VPN Server (IPsec) Basic-System, Update 1 Version
#UDNTS0135
Get a Quote!
NCP Secure Enterprise VPN Server (IPsec) Basic-System, Update 2 Versions
#UDNTS0150
Get a Quote!
NCP VPN-Tunnel for NCP Secure Enterprise VPN Server (IPsec) and NCP Secure Enterprise High Availability Server, Update 1 Version
#UBVPU0135
Get a Quote!
NCP VPN-Tunnel for NCP Secure Enterprise VPN Server (IPsec) and NCP Secure Enterprise High Availability Server, Update 2 Versions
#UBVPU0150
Get a Quote!
NCP VPN-Tunnel for NCP Secure Enterprise VPN Server (IPsec) Basic-System, Update 1 Version
#UDVPU0135
Get a Quote!
NCP VPN-Tunnel for NCP Secure Enterprise VPN Server (IPsec) Basic-System, Update 2 Versions
#UDVPU0150
Get a Quote!