HP sa3110 Скачать руководство пользователя страница 14 | Manualshive

Страница: 14 / 36

background image

14

Hewlett-Packard

SA3000

Series

VPN

Client

Special Considerations

Windows 2000 Users Must Have
Administrative Rights to Use Protocol 99

Reference Number 340PDF

It appears that in the latest versions of Windows 2000,
Microsoft has withdrawn the use of the registry key that
allowed non-administrative users access to raw socket
calls. As a result of this change, Protocol 99 now does not
work for non-administrative users on Windows 2000
systems. If non-administrative users attempt to use
Protocol 99 to connect to a device, the following error
message appears:

Error unable transmit

Enabling the Use of Protocol 99 on
Windows NT or Windows 2000 Systems

Reference Number 673DF

On Windows NT and Windows 2000 systems, raw socket
security must be disabled for the VPN Client software to
send out protocol 99 packets. You must have
administrative privileges to disable raw socket security.
You can disable raw socket security on Windows NT and
Windows 2000 systems in one of the following ways:

•

In a mass deployment situation, the system
administrator should disable raw socket security by
using the vpnclient.ini file parameter available in
Release 6.8.2 software. Set the disable raw security
parameter to yes.

•

In a single installation, the administrator or user must
log on with administrative privileges, and then select
the Disable raw socket security for all users (required
for protocol 99) check box in the Options window

«
...
12
13
14
15
16
...
»

Содержание sa3110

Страница 1: ...hewlett packard sa3000 series vpn client release 6 8 2 release notes Hewlett Packard Company HP 5971 0874 P N A52439 001 March 2001 ...

Страница 2: ...2 Hewlett Packard SA3000 Series VPN Client ...

Страница 3: ... life sustaining applications Hewlett Packard Company may make changes to specifications and product descriptions at any time without notice This Hewlett Packard SA3000 Series VPN Client Release 6 8 2 Release Notes document as well as the software described in it is furnished under license and may only be used or copied in accordance with the terms of the license The information in this manual is ...

Страница 4: ...4 Hewlett Packard SA3000 Series VPN Client ...

Страница 5: ...ARE SERVICE AND TELEPHONE SUPPORT NUMBERS 7 SYSTEM REQUIREMENTS 10 RELEASE 6 8 2 FEATURES 12 AUTHENTICATION SUPPORT FOR SST 12 IPSEC SECONDARY AUTHENTICATION IMPLEMENTED 12 PACKETGUARD INCREASES USEFULNESS FOR REMOTE USERS 12 VPN CLIENT CO OPERATES WITH PACKETPROTECT 13 SPECIAL CONSIDERATIONS 14 KNOWN PROBLEMS 25 ...

Страница 6: ...6 Hewlett Packard SA3000 Series VPN Client ...

Страница 7: ...indows Me Not Supported Reference Numbers 617 631 632 and 760 In Release 6 8 2 the VPN Client on a Microsoft Windows Millennium Edition Me system exhibits degraded performance or crashes displaying a fatal exception error message Performance problems include not being able to use IPSec over dial up connections and if your implementation is for Windows NT domain logon you will not see the three bar...

Страница 8: ... Dutch 02 626 8806 French 02 626 8807 Czech Republic 420 2 613 07 310 Denmark 3929 4099 English non UK see also UK 44 20 7512 5202 Finland 02 03 47 288 France 01 43 62 3434 Germany 0180 525 8143 Greece 30 0 16196411 Hungary 36 1 382 1111 Ireland 01 662 5525 Israel 972 9 952 4848 Italy 02 2 641 0350 Netherlands 020 6068751 Norway 22 11 6299 Poland 48 22 8659800 Portugal 21 317 6333 Russia 7095 797 ...

Страница 9: ...e s Republic of China 86 8008105959 Philippines 63 2 811 0643 Singapore 65 2725300 Taiwan 866 080 010055 or 886 2 7170055 8324155 Latin America In Latin America for hardware service and telephone support contact an HP authorized reseller or one of these support centers Argentina 541 4778 8380 Brazil Sao Paulo 11 3747 7799 All Others 0800 15 77 51 Chile 800 360 9999 Columbia 9 800 91 9477 Guatemala...

Страница 10: ...AM Dial Up Networking DUN 1 3 Winsock 2 required for protocol 99 and IPSec features Windows 98 running on Pentium 90 MHz processor performance level 5 MB free disk space 32 MB RAM Windows NT 4 0 Workstation or Server version with Service Pack 3 Service Pack 4 Service Pack 5 or Service Pack 6a running on Pentium 90 MHz processor performance level 5 MB free disk space 32 MB RAM Windows 2000 Professi...

Страница 11: ...ng 1 In the Start menu select Settings then select Control Panel The Control Panel window appears 2 In the Control Panel icon box select the Add Remove Programs icon The Add Remove Programs Properties window appears 3 In the Programs list box look for Dial Up Networking N N where N N shows the DUN version you are using 4 If N N is less than 1 3 install the upgrade as described next To upgrade to D...

Страница 12: ... SecurID authentication for IPSec tunnels Accordingly changes have been made to the GUI to address the new IKE secondary authentication capability PacketGuard Increases Usefulness for Remote Users In essence PacketGuard is a simple packet filtering firewall that functions on the VPN Client s PC during a VPN session The purpose of PacketGuard is to safely allow home networking functions during a VP...

Страница 13: ...d the Enable File and Other Services check box in the Options window The default setting is enabled This feature only applies to PCs on local networks not to standalone PCs for which the feature is not enabled Note For the PacketGuard feature to work you must specify a 0 0 0 0 subnet for the Remote Group tunnel profile in the VPN Manager GUI or Console window and you must ensure that the operating...

Страница 14: ...col 99 on Windows NT or Windows 2000 Systems Reference Number 673DF On Windows NT and Windows 2000 systems raw socket security must be disabled for the VPN Client software to send out protocol 99 packets You must have administrative privileges to disable raw socket security You can disable raw socket security on Windows NT and Windows 2000 systems in one of the following ways In a mass deployment ...

Страница 15: ...ation only connections that match the protocol port for that endpoint will be enabled All other connections will fail To resolve this problem do one of the following Include SAs for all connection types required to the end point such as FTP ICMP and so on Allow all traffic by assigning a protocol port combination that is ALL VPN Client on Windows NT Windows 2000 Server With DHCP Server Windows NT ...

Страница 16: ...d SR1 95A or SR2 95B for your operating system and you have trouble browsing your network check the version of Dial Up Networking DUN in your computer If you are currently using a DUN version earlier than 1 3 upgrade to DUN version 1 3 To check which version of DUN you are using 1 In the Start menu select Settings then select Control Panel The Control Panel window appears 2 In the Control Panel ic...

Страница 17: ... commands the VPN Client will display inconsistent behavior For example the outcome may be that either the initial Client IP address remains unchanged from the initial IP address or an IP address somewhat different than the one assigned will be displayed This behavior is exhibited because the Client IP address can be adjusted based on the VNIC virtual network interface card number Since the mask 8...

Страница 18: ...of DNS to the Internet or WINS to Microsoft With NDS you are authenticated to the tree much like being authenticated to the domain in Microsoft networking With NDS you normally enter the tree name and not a specific server when logging in The NDS tree structure usually identifies resources such as servers through names For example you might call your authentication server auth_server However NDS n...

Страница 19: ...s 98 only a patch is required The patch is a Novell file called trannta nlm Replace the existing trannta nlm file that was loaded on your computer when you installed the Novell client The patch is in Beta release but there are no known problems associated with it To obtain the patch call Novell technical support using the telephone number you obtain as follows To obtain the Novell technical suppor...

Страница 20: ...e host file HOSTS in the SYSTEM_ROOT SYSTEM32 DRIVERS ETC directory Full Class C Route Should Not Be Added to VPN Client Route Table Reference Number 104092 If a tunnel is created from the VPN Client to a VPN device using a net include of 172 16 20 0 mask 255 255 255 248 a route print from the VPN Client side of the tunnel displays the following route 172 16 20 0 255 255 255 0 client ip address 17...

Страница 21: ...ever there is no matching subnet listed in the Connections tab after the tunnel is negotiated packets sent to the Client IP network are discarded To illustrate the foregoing given a VPN device that has a group defined with Client IPs starting at 10 1 1 1 with an IP address defined on an Ethernet interface which is 10 1 1 254 mask 255 255 255 0 the first Client IP mask is 10 1 1 1 mask 255 255 255 ...

Страница 22: ...word window and then enter a decryption key What is unknown to you is that the decryption key has changed When the file was originally decrypted it was encrypted with your password Thus the new decryption key is the user s old password Secondly in a mass deployment the notice of the availability of the VPN Client software update includes a unique authentication password which is a randomly generat...

Страница 23: ... or retain the e mail message containing this password Network administrators should request that first time VPN Client users save their e mail messages until after their software update is successfully installed and the validity of their local password is verified This situation does not occur when a prior version of the VPN Client software is installed on the user s computer Windows Protection E...

Страница 24: ...168 Bit 3DES Versions There are two versions of the software One version provides 56 bit DES encryption while the other version provides 168 bit 3DES encryption As a result of certain countries import and export restrictions on security technology use of encryption encapsulation algorithms that exceed 56 bits may be limited If you are using the software in one of these countries please disregard i...

Страница 25: ... if you try to connect to 10 2 2 1 it will not go out the working Ethernet adapter but go to the tunnel adapter Error Message Rate High for Encryption 2 and 3 Errors on Windows 2000 Reference Numbers 324DF and 670 A VPN Client on a Windows 2000 Professional PC has a higher than expected number of Encryption 2 and Encryption 3 error messages from an SST tunnel connection to a device running continu...

Страница 26: ...urn blue and the cursor to allow typing in the field Automatic Use of IKE Configuration Window Settings Not Enabled Reference Number 256P Automatically using the settings in the IKE configuration window when creating a new IPSec tunnel is not enabled so the Always use these settings when creating a new tunnel check box on the Internet Key Exchange IKE window is not available for selection VLSM Net...

Страница 27: ...ll the same To work around this problem reboot the client Certain Characters in Distinguished Names Not Accepted Reference Number 104218DF The VPN Client does not accept certain characters for distinguished name information Given the following sequence of events Set up an Entrust server to provide a VPN Client PC with a certificate in which one of the fields of its distinguished name is surrounded...

Страница 28: ...EtherLink Ethernet card is installed an executable file called daconfig is installed in the Winnt System32 directory This file is loaded automatically when the PC boots The file version is 1 2 0 8 and is from 3Com Corp During Release 6 8 2 VPN Client installation on a computer running Windows NT the daconfig file presents the same restart window twice following the window that asks Do you want the...

Страница 29: ...of VNICs Causes Windows NT Blue Screen Crash Reference Number 104100DF Given a Windows NT system with the VPN Client installed if the VNICs Virtual Network Interface Cards are not present for example if they have been disabled or deleted the next time the VPN Client software is started the computer blue screen crashes To avoid this problem do not delete or disable VNICs Ensure that you have the NT...

Страница 30: ...l defaults in the setup program including reboot upon completion 2 Install Release 6 8 2 of the VPN Client following all defaults including reboot upon completion 3 Remove the AOL 4 0 software completely then reboot your PC when finished A Windows Protection Error occurs during the reboot until the user enters Windows in Safe mode and removes the VPN Client This problem occurs in both Windows 95 a...

Страница 31: ...dows 95 Windows 98 or Windows NT Then when you install the Novell client software select the option appropriate to the Novell server version the IPX option for a NetWare 4 server the IP option is not useful for NetWare 4 On a Windows 95 or Windows 98 client NetWare IP is added as a protocol On a Windows NT workstation NetWare IP is added as a service after which it appears as an adapter On the Net...

Страница 32: ...NetWare IP and the VPN Client to work together you can try one of the following procedures If you reconnect the same workstation either to the LAN or through a Dial Remote Access Server RAS then return to the VPN Client tunnel NetWare IP works A workstation that does an initial logon to NetWare through a Dial Remote Access Server RAS or on the LAN likely succeeds in subsequent attempts to log on t...

Страница 33: ...2F 1B Occasionally removal of the VPN Client appears to complete correctly but the VNICs actually are not removed When the VPN Client is reinstalled it does not work until the VNICs are manually removed or in extreme cases the Operating System OS is reloaded The issue is extremely hard to replicate but has happened on a number of occasions It has only occurred on Windows 98 SE machines thus far Ca...

Страница 34: ...nterface This results in the host not being able to contact local nodes in the subnet Device Name Not Displayed If Used In Place of IP Address Reference Number 768 If you connect the VPN Client using the device name in place of the IP address the device s address is displayed as the Peer IP instead of the device name This happens only when using IPSec not when using SST Transport Mode IPSec Tunnel...

Страница 35: ...btain a Client IP on a subsequent connection The VPN Client performs correctly obtaining IP and WINS information on successful authentication initiated through an Internet connection Then if the VPN tunnel from the VPN Client is dropped and a PPTP connection is made the latter connection is successful However if the VPN Client VPN tunnel is reconnected now it fails to obtain its IP and WINS inform...

Страница 36: ...connect This results from an interfaceIP 0 0 0 0 setting in the vpnuser ini file and autoconnect not working together To work around this problem open the vpnuser ini file in a text editor such as Notepad delete the following line and save the modified vpnuser ini file interfaceIP 0 0 0 0 Alternatively you may change the interfaceIP setting in the vpnuser ini file to the current interface IP addre...

Отзывы:

Нет отзывов

Похожие инструкции для sa3110

Бренд: Xerox Страницы: 220

Бренд: Xerox Страницы: 28

DocuPrint 100MX

Бренд: Xerox Страницы: 2

Бренд: 3onedata Страницы: 4

eServer 130 xSeries

Бренд: IBM Страницы: 156

Flex System p270 Compute Node

Бренд: IBM Страницы: 510

SUPERSERVER 5014C-MT

Бренд: Supero Страницы: 112

Бренд: Intermec Страницы: 232

SuperServer 7089P-TR4T

Бренд: Supermicro Страницы: 155

Бренд: Cisco Страницы: 2

Proline Promass 500

Бренд: TechnipFMC Страницы: 32

SUPERSERVER 6113L-8

Бренд: Supero Страницы: 104

SUPERSERVER 6017R-NTF

Бренд: Supero Страницы: 126

SuperServer 5017R-MF

Бренд: Supero Страницы: 106

SUPERSERVER 5015A-EHF

Бренд: Supero Страницы: 106

SuperServer 5013S-8

Бренд: Supero Страницы: 110

Supero SUPERSERVER 5015B-NT

Бренд: Supero Страницы: 98

Бренд: Supero Страницы: 122

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды