NCP Secure Client – Juniper Edition for Windows 32/64 bit
IPsec VPN clients from NCP for Juniper VPN Gateways – Junos and NetscreenOS

NCP Secure Client – Juniper Edition for Windows 32/64 bit

This product is no longer available, contact us for a replacement!

Overview:

NCP's Secure Client - Juniper Edition for Windows operating system enables convenient connectivity to Juniper VPN gateways (Junos, Netscreen OS). The client monitors the availability of the VPN tunnel and informs the user of any events affecting it, e.g. an interruption in Internet access. As long as there’s an Internet connection, remote access is ensured. Even within overlapping networks, i.e. between two networks that have the same IP address range such as a hotel Wi-Fi network and a corporate network, VPN remote access is possible. The client processes both IPv4 and IPv6 data. The NCP Secure Client – Juniper Edition is also available with the NCP Volume License Server.

Features:

Secure

Rely on high-quality IT security software made in Germany

data encryption
strong authentication
multi-certificate support
FIPS Inside
support of OTP (One time Password tokens) and certificates in a PKI (Public Key Infrastructure)

Efficient

Mindful of one of the biggest challenges organizations face – cost savings

Works in any remote access VPN environment

Ease of use

Reduced IT complexity

a single and easy-to-use user interface (one click) for the connection setup
a reliable, uninterrupted VPN connection

Mobile

The best mobile device user experience

auto-connect to your corporate network
reliable and uninterrupted VPN connections

Technical Data:

Secure Client – Juniper Edition for Windows 32/64 bit: Technical Data
Operating Systems	Windows (32 Bit): Windows 8, Windows7, Windows Vista, Windows XP, Windows (64 Bit): Windows 8, Windows7, Windows Vista, Windows XP
Requirement	Juniper IPsec Gateway (ScreenOS, Junos)
Security Features	The NCP Secure Client – Juniper Edition supports all IPsec standards in accordance with RFC
Virtual Private Networking	IPsec (Layer 3 Tunneling),conform to RFC; IPsec proposals can be determined through the IPsec gateway (IKE, IPsec Phase 2); Event log; communication only in the tunnel; MTU size fragmentation and reassembly, DPD, NAT-Traversal (NAT-T); IPsec tunnel mode
Encryption	Symmetric processes: AES 128,192,256 bits; Blowfish 128,448 bits; Triple-DES 112,168 bits; dynamic processes for key exchange: RSA to 2048 bits; seamless rekeying (PFS); hash algorithms: SHA-256, SHA-384, SHA-512,MD5, DH group 1,2,5,14
FIPS Inside	The IPsec Client incorporates cryptographic algorithms conformant with the FIPS standard. The embedded cryptographic module incorporating these algorithms has been validated as conformant to FIPS 140-2 (certifi-cate #1051). FIPS compatibility is always given if the following algorithms are used for set up and encryption of the IPsec connection: DH Group: Group 2 or higher (DH starting from a length of 1024 Bit) Hash Algorithms: SHA1, SHA 256, SHA 384, or SHA 512 Bit Encryption Algorithms: AES with 128, 192 and 256 Bit or Triple DES
Authentication Processes	IKE (Aggressive mode and Main Mode), Quick Mode; XAUTH for extended user authentication; IKE config mode for dynamic assignment of a virtual address from the internal address pool (private IP); PFS; support of certificates in a PKI: Soft certificates, smartcards, and USB tokens: Multi Certificate Configurations; Pre-shared secrets, one-time passwords, and challenge response systems; RSA SecurID ready.
Strong Authentication - Standards	X.509 v.3 Standard; Entrust Ready PKCS#11 interface for encryption tokens (USB and smartcards); smartcard operating systems: TCOS 1.2, 2.0 and 3.0; smart card reader interfaces: PC/SC, CT-API; PKCS#12 interface for private keys in soft certificates; CSP for use of user certificates in Windows certificate store PIN policy; Administrative specification for PIN entry to any level of complexity; Revocation: EPRL (End-entity Public-key Certificate Revocation List, formerly CRL), CARL (Certification Au-thority Revocation List, formerly ARL), OCSP.
Networking Features	LAN emulation: Virtual Ethernet adapter with NDIS-Interface; full WLAN (Wireless Local Area Network) and WWAN (Wireless Wide Area Network) support
Network Protocol	IP
IP Address Allocation	DHCP (Dynamic Host Control Protocol), DNS: Dial-in to the central gateway with changing public IP addresses through IP address query via DNS server
Line Management	DPD with configurable time interval; Short Hold Mode;
Additional Features	Import of the file formats:.ini, .spd
Internet Society RFCs and Drafts	RFC 2401 –2409 (IPsec), RFC 3947 (NAT-T negotiations), RFC 3948 (UDP encapsulation), IP Security Architecture, ESP, ISAKMP/Oakley, IKE, XAUTH, IKECFG, DPD, NAT Traversal (NAT-T)
Client Monitor Intuitive, Graphical User Interface	Multilingual (English, German); Client Info Center; Configuration, Connection statistics, log-files (color dis-played, easy copy&paste-function); Internet availability test; trace tool for error diagnosis; traffic light icon for display of connection status; Client Monitor can be tailored to include your company name or support information; automatic check for newer software version
Local License Server (LLS)	Simplifies license distribution - automates the management and distribution of any number of licenses to the corresponding individual machines. Windows OS (32/64bit): Windows 7, Vista, XP. Windows Server: 2003R2 (32bit) 2008SP2 (32/64bit) 2008R2SP1 (32/64bit) LLS web-based management interface accessible from a remote machine (with password and encrypted): Web Browser (recommended): Windows Internet Explorer from v8.0, Mozilla Firefox from v5.0.

FAQs:

I already own NCP Secure Entry Client Version 9.0/9.1/9.2.
Do I have to buy the NCP Secure Client – Juniper Edition?

No, except for Windows 7 support you need the current version 9.2 and above.

What kind of license is the NCP Juniper Edition?

The NCP Juniper Edition is working as a perpetual license. No annual license fees are involved

How much are the annual maintenance costs?

You can use your NCP's Secure Client - Juniper Edition license without any time limits. New releases, containing bug fixes, are available for download on NCP's website - of course, this service is free of charge. New versions with additional features are available for purchase. There is, however, no obligation to purchase the upgrade.

How do I get Support?

Please use juniperhelpdesk(ut)ncp-e.com

Support times?

Mo-Fr 8 am – 5 pm (CET) and Mo-Fr 8 am – 5 pm (PST)

Does the NCP Secure Client – Juniper Edition also work with VPN gateways from third-parties?

No, only Juniper gateways are possible.

Is there a way to easily import client configuration files?

Yes, you can automatically import .spd or .ini files.

I imported the .spd file successfully but I cannot connect due to an error with the Pre-Shared Key.
What to do?

The value of the Pre-Shared Key often has been encrypted in a proprietary way. Because of this fact you have to configure it in the client's identities section of the profile configuration. "Configuration/Profiles/Identity/Preshared Key".After doing that the connection should work smoothly.

What are the differences between NCP Secure Entry Client and NCP Secure Client – Juniper Edition?

The NCP Secure Entry Client has more features, like:

Compatibility to all major VPN gateway vendors

Integrated firewall

Integrated dialer to connect to the Internet via 3G, Wi-Fi, dsl, modem

Does the NCP solution address the issue of overlapping IP networks?

Yes, it does. Also the NCP Secure Client - Juniper Editons solves this problem.

What is involved in software activation?

In order to use your client software, you need a serial number and a license key. Client software license keys have a unique version number. The features of the client software are determined exclusively by the license key. The client license is released by the activation code sent via the Internet to every end device.

When should software activation be carried out?

For new installations of NCP Secure Client – Juniper Edition

For major changes to the hardware of the end device used

For purchased software license updates (new license key)

Possible causes for software activation failure:
The license key is larger than the installed software version
Solution: Software update

Transfer errors – Unable to connect to the License Server
Solution: Retry or contact Support

You cannot use all features of the software?

Cause: The license key is older than the installed software version. Solution: Software update with assignment of new license key.

What information does software activation look for?

Hardware information only - no user data (no SW registration!)

How can you activate the software?

Online, i.e. the end device has a direct Internet connection

Offline, i.e. the end device does not have an Internet connection

How does online software activation work?

How does offline activation work?

How can I reuse my license key when the hardware has been replaced (upgrade / faulty)?

"Grace Activation" is included exactly for situations like this, i.e. a second activation per license is possible by default. Further activations can be requested via NCP´s online support form. Please explain the reason for the additional activation in the plain text field ("problem description").

How can I reuse my license key when a user has left the company and the license key is to be transferred back into the pool of licenses to be reused on another device at a later time?

If the device/hardware remains the same, even if the device has to be reinstalled (with the same operating system, however), new activation is not required. However, the license key has to be entered again.

Is there a limit on the number of times a license key can be reactivated?