Call a Specialist Today! 855-958-0756

NCP Secure Entry Windows Client (32/64 bit)
Simple and Highly Secure Remote Access via Internet

NCP Secure Entry Client for Windows 32/64 bit

NCP Products
NCP Universal VPN Client Suite
NCP Secure Entry Client (Windows 32/64 Bit), 1 to 9 users
*Price per user. Quantity must be 1 or greater
Get a Quote!
NCP Secure Entry Client (Windows 32/64 Bit), 10 to 24 users
*Price per user. Quantity must be 10 or greater
Get a Quote!
NCP Secure Entry Client (Windows 32/64 Bit), 25 to 49 users
*Price per user. Quantity must be 25 or greater
Get a Quote!

More pricing below, click here!


Secure VPN connections for desktop, laptop or tablet PCs running on Windows operating systems 10, 8.x or 7.

The NCP Secure Entry Windows Client is a one-click solution. The IPsec client software automatically selects the appropriate firewall policy and the best possible communication medium, controls internet connectivity and initiates the setup of a VPN tunnel. A centrally defined parameter lock prevents intentional or accidental configuration setting changes by users.

Recommended for organizations with up to 100 remote access users and without a requirement for central management. The VPN software is compatible with all common IPsec VPN gateways and can also be used with Microsoft Windows Server 2008 R2 as it supports IKEv2.



Rely on high-quality IT security software made in Germany

  • IPv6 supported dynamic personal firewall
  • data encryption
  • strong authentication (e.g. biometrics)
  • multi-certificate support
  • parameter locks
  • FIPS Inside
  • support of OTP (one time password tokens) and certificates in a PKI (Public Key Infrastructure)
  • automatic modification of firewall rules


Mindful of one of the biggest challenges organizations face – cost savings

  • parameter locks avoid misconfiguration by users
  • NCP Budget Manager for full cost control
  • support for 3G/4G hardware (LTE)
  • Custom Branding Option

Ease of use

Reduced IT complexity

  • a single and easy-to-use user interface (one click) for the connection setup
  • integrated support for 3G/4G hardware
  • a reliable, uninterrupted VPN connection
  • automatic, location-aware adaption of firewall rules through the NCP VPN Client
  • automatic media detection
  • seamless roaming
  • easy Windows domain registration
  • Home Zone
  • VPN Bypass


The best mobile device user experience

  • Working without dropped connections or interruptions even when switching between networks, i.e. seamless roaming
  • auto-connect to your corporate network
  • reliable and uninterrupted VPN connections
  • quick and secure hotspot logon
  • Remote Access even behind firewalls, whose port settings typically deny IPsec based communication, i.e. NCP Path Finder® Technology

Technical Data:

Secure Entry Client for Windows 32/64 bit: Technical Data
Operating Systems Microsoft Windows (32 and 64 bit): Windows 10, Windows 8.x, Windows 7
Security Features The Entry Client supports all IPsec standards in accordance with RFC
Personal Firewall Stateful Packet Inspection; IP-NAT (Network Address Translation); Friendly Net Detection (FND) (Firewall rules are automatically adapted, if the connected network is recognized because of its IP address area, or the NCP FND server's); start FND dependent action; home zone; secure hotspot logon; differentiated filter rules relative to: protocols, ports, applications and addresses, LAN adapter protection; IPv4 and IPv6 support
VPN Bypass The VPN Bypass function allows the administrator to define applications which can communicate over the Internet directly despite disabling split tunneling on the VPN connection. It is also possible to define which domains or target addresses can bypass the VPN tunnel.
Virtual Private Networking IPsec (Layer 3 Tunneling),conform to RFC; IPsec proposals can be determined through the IPsec gateway (IKE/IKEv2, IPsec Phase 2); Event log; communication only in the tunnel; MTU size fragmentation and reassembly, DPD, NAT-Traversal (NAT-T); IPsec tunnel mode
Encryption Symmetric processes: AES 128,192,256 bits; Blowfish 128,448 bits; Triple-DES 112,168 bits; Dynamic processes for key exchange: RSA to 2048 bits; seamless rekeying (PFS); Hash algorithms: SHA-1, SHA-256,SHA384, SHA-512, MD5, DH group 1,2,5,14-21, 25, 26
FIPS Inside The IPsec Client incorporates cryptographic algorithms conformant with the FIPS standard. The embedded cryptographic module incorporating these algorithms has been validated as conformant to FIPS 140-2 (certificate #1051). FIPS compatibility is always given if the following algorithms are used for set up and encryption of the IPsec connection:
  • DH Group: Group 2 or higher (DH starting from a length of 1024 Bit)
  • Hash Algorithms: SHA1, SHA 256, SHA 384, or SHA 512 Bit
  • Encryption Algorithms: AES with 128, 192 and 256 Bit or Triple DES
Authentication Processes IKE (Aggressive mode and Main Mode), Quick Mode;
XAUTH for extended user authentication;
IKE config mode for dynamic assignment of a virtual address from the internal address pool (private IP);
IEEE 802.1x: EAP-MD5 (Extensible Authentication Protocol): Extended authentication relative to switches and access points (Layer 2);
EAP-TLS (Extensible Authentication Protocol - Transport Layer Security): Extended authentication relative to switches and access points on the basis of certificates (Layer 2);
support of certificates in a PKI: Soft certificates, smartcards, and USB tokens: Multi Certificate Configurations;
Pre-shared secrets, one-time passwords, and challenge response systems; RSA SecurID ready.
Strong Authentication- Standards Biometric Authentication (Windows 8.x or higher) X.509 v.3 Standard; PKCS#11 interface for encryption tokens (USB and smartcards); smartcard operating systems: TCOS 1.2, 2.0 and 3.0; smart card reader interfaces: PC/SC, CT-API; PKCS#12 interface for private keys in soft certificates; CSP for use of user certificates in Windows certificate store PIN policy; PIN policy; administrative specification for PIN entry in any level of complexity; Revocation: EPRL (End-entity Public-key Certificate Revocation List, formerly CRL), CARL (Certification Authority Revocation List, formerly ARL), OCSP.
Networking Features LAN emulation: Ethernet adapter with NDIS interface, full WLAN (Wireless Local Area Network) and WWAN (Wireless Wide Area Network, Mobile Broadband from Windows 7) support
Network Protocol IP
Dialers NCP Internet Connector, Microsoft RAS Dialer (for ISP dial-in via dial-in script) connection manager for international dial-in via GoRemote (formerly GRIC), UuNet, Infonet, MCI (on request)
VPN Path Finder* NCP Path Finder Technology: Fallback IPsec/ HTTPS (port 443) if port 500 respectively UDP encapsulation is not possible
Seamless Roaming If a communications medium error occurs, automatic switchover of VPN tunnel to another Internet communication medium (LAN/WWAN/3G/4G) without altering IP address ensures that applications communicating over VPN tunnel are not disturbed and application session is not disconnected. (prerequisite: NCP Secure Enterprise VPN Server)
Additional Features UDP encapsulation, WISPr-support, IPsec-Roaming, Wi-Fi roaming, import of the file formats:*.ini, *.pcf, *.wgx and *.spd, Multi Certificate Support
Transmission Media Internet, LAN, WI-FI, GSM (inkl. HSCSD), GPRS, UMTS, LTE, HSDPA, PSTN, ISDN
IP Address Allocation DHCP (Dynamic Host Control Protocol), DNS: Dial-in to the central gateway with changing public IP addresses through IP address query via DNS server
Line Management DPD with configurable time interval;
Short Hold Mode;
Wi-Fi roaming (handover);
channel bundling (dynamic in ISDN) with freely configurable threshold value;
timeout (controlled by time and charges);
budget manager (administration of connection time and/or –volume for GPRS/ 3G and Wi-Fi, in case of GPRS/ 3G separated administration of roaming abroad)
APN of SIM Card The APN (Access Point Name) defines the access point of a mobile data connection at a provider. If the user changes provider, the system automatically takes APN data from the corresponding SIM card and uses it in client configuration
Data Compression IPCOMP (lzs), deflate
Point-to-Point Protocols PPP over ISDN, PPP over GSM, PPP over Ethernet; LCP, IPCP, MLP, CCP, PAP, CHAP, ECP
Internet Society RFCs and drafts RFC 2401 –2409 (IPsec), RFC 3947 (NAT-T negotiations), RFC 3948 (UDP encapsulation), IP security architecture, ESP, ISAKMP/Oakley, IKE, XAUTH, IKECFG, DPD, NAT Traversal (NATT),UDP encapsulation, IPCOMP, RFC 7427: IKEv2-Authentication (Padding-method)
Client Monitor
Intuitive, Graphical User Interface
Multilingual (German, English, Spanish, French);
Client Info Center;
Configuration, connection management and monitoring, connection statistics, log-files (color displayed, easy copy&paste-function);
Internet availability test;
Trace tool for error diagnosis;
Traffic light icon for display of connection status;
Integrated support of Mobile Connect Cards (PCMCIA, embedded);
The Client Monitor can be tailored to include your company name or support information;
Password protected configuration management and profile management, configuration parameter lock;
Automatic check for newer software version

*) Prerequisite: NCP Secure Enterprise VPN Server

Pricing notes:

NCP Products
NCP Universal VPN Client Suite
NCP Secure Entry Client (Windows 32/64 Bit), 1 to 9 users
*Price per user. Quantity must be 1 or greater
Get a Quote!
NCP Secure Entry Client (Windows 32/64 Bit), 10 to 24 users
*Price per user. Quantity must be 10 or greater
Get a Quote!
NCP Secure Entry Client (Windows 32/64 Bit), 25 to 49 users
*Price per user. Quantity must be 25 or greater
Get a Quote!
NCP Universal VPN Client Suite Update
NCP Secure Entry Client (Windows 32/64 Bit) Update, 1 to 9 users
*Price per user. Quantity must be 1 or greater
Get a Quote!
NCP Secure Entry Client (Windows 32/64 Bit Update), 10 to 24 users
*Price per user. Quantity must be 10 or greater
Get a Quote!
NCP Secure Entry Client (Windows 32/64 Bit) Update, 25 to 49 users
*Price per user. Quantity must be 25 or greater
Get a Quote!