Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Billion Manuals
  4. Software
  5. English CO1
  6. User manual

Billion English CO1 User Manual

Biguard vpn client
Hide thumbs

Advertisement

Quick Links

Download this manual
BiGuard C01
BiGuard VPN Client
Secure access to Company Network
User's Manual
Version Release 3.0

Advertisement

loading
Need help?

Need help?

Do you have a question about the English CO1 and is the answer not in the manual?

Questions and answers

Related Manuals for Billion English CO1

Summary of Contents for Billion English CO1

  • Page 1 BiGuard C01 BiGuard VPN Client Secure access to Company Network User’s Manual Version Release 3.0...

  • Page 2: Table Of Contents

    CHAPTER 1: INTRODUCTION ... 1 NTRODUCTION TO UARD ... 1 EATURES CHAPTER 2: INSTALLING BIGUARD VPN CLIENT ... 3 ... 3 OFTWARE INSTALLATION ... 4 OFTWARE VALUATION ... 4 CTIVATION IZARD Two easy step Wizard... 4 Step 1 of 2: Enter License Number ... 5 Step 2 of 2: Online Activation ...
  • Page 3 How to set USB Mode on?... 27 How to enable a new USB Stick? ... 28 How to automatically open tunnels when an USB Stick is plugged in? ... 28 ERTIFICATE ANAGEMENT VPN C DEVICES AND UARD Additional support documents ... 29 How to configure IPSec VPN Client with Certificates? ...

  • Page 4: Chapter 1: Introduction

    Introduction to BiGuard VPN Client Your network is constantly evolving as you integrate more business applications and consolidate servers. In that environment, it is becoming extremely complex to maintain total security at the edge while users being employees or Teleworkers on the go are working with customers and partners.
  • Page 5 Billion BiGuard VPN Client Invisible User Interface Silent install and invisible graphical interface allow IT managers to deploy solutions while preventing user to misuse configurations. Configuration building User Interface and Command Line. Chapter 1: Introduction...

  • Page 6: Chapter 2: Installing Biguard Vpn Client

    Chapter 2: Installing BiGuard VPN Client Software installation BiGuard VPN client installation is a classical Windows installation that does not require specific information. After completing the installation, you will be asked to reboot your computer. After reboot and session login, a window appears for a license number request. The license number is shown on the CD packaging.

  • Page 7: Software Evaluation

    Billion BiGuard VPN Client Software Evaluation It is possible to use BiGuard VPN Client during the evaluation period (i.e. limited to 30 days) by clicking on "Evaluate" button. When the IPSec VPN Client is on "Evaluation" mode, the register window appears at each boot of the client. Evaluation period is displayed into the yellow bar above.

  • Page 8: Step 1 Of 2: Enter License Number

    Billion BiGuard VPN Client Step 1 of 2: Enter License Number Activation requires a License Number. Enter your License Number, your email address and click “Next” as shown below. Email address will be used to send back an activation confirmation email to the user once activation has been successfully performed.

  • Page 9: Step 2 Of 2: Online Activation

    Step 2 of 2: Online Activation The “Activation Wizard” will automatically connect to the online software activation server to activate the VPN Client Software. You can go back at anytime to change the License Number. Activation errors In case of an error is returned by the online software activation server, as shown below, you shall click on the (help button) available in the window to get more online explainations and recommandations on how to proceed next.

  • Page 10: Software Uninstallation

    exceeded Error 004 Wrong product code The License number you've entered is not allowed on Error 050 Impossible to complete activation process Error 051 Impossible to complete activation process Error 052 Impossible to complete activation process Error 053 Cannot connect activation server Error 054 Cannot connect...

  • Page 11: Chapter 3: Navigation The User Interface

    Chapter 3: Navigation the User Interface Navigation the user interface BiGuard VPN Client is fully autonomous and can start and stop tunnels without user intervention, depending on traffic to certain destinations. However it requires a VPN configuration. The VPN Client configuration is defined in a VPN configuration file. The software user interface allows creating, modifying, saving, exporting or importing the VPN configurations together with security elements (e.g.
  • Page 12 Billion BiGuard VPN Client A left-button click on VPN icon opens configuration user interface. A right-button click shows the following menu: Quit: will close established VPN tunnels, stops the configuration user interface. Save & Apply: will close established VPN tunnels, apply latest VPN configuration modification and reopen all the VPN tunnels.

  • Page 13: Main Window

    Billion BiGuard VPN Client Main Window The main window is made of several elements: 1. Three buttons “Console”, “Parameters” and “Connections” (left column). 2. A tree list window (left window) that contains all IKE and IPSec configuration. 3. A configuration window (right window) that shows the associated tree level. Main Menus There are several menus as followed: File: used to Import or Export a configuration.

  • Page 14: Status Bar

    Billion BiGuard VPN Client Status Bar The status bar displays several informations: The left side box indicates the VPN configuration location. For example, if the "USB Mode" is set, the image will show a USB stick, enabled or not depending on the presence of a valid VPN USB stick.

  • Page 15: Hidden Interface

    Billion BiGuard VPN Client Hidden Interface The graphical user interface can be hidden to the end user. We provide configuration tools for IT managers that prevent the end user from changing their configuration. Access to the configuration user interface can be restricted with configuration tool VPNHIDE. See section Configuration Tools.

  • Page 16: Miscellaneous

    Billion BiGuard VPN Client can start with 3 different modes: Start VPN Client software before MS Windows logon: this mode can be used for secure remote login Start VPN Client software after MS Windows logon Don't start VPN Client when I start MS Windows: VPN Client is launched by user or from a script ("manual"...

  • Page 17: Chapter 4: Vpn Configuration

    Billion BiGuard VPN Client Chapter 4: VPN Configuration Configuration Wizard Four easy step Wizard BiGuard VPN client provides a Configuration Wizard that allows the creation of VPN configuration in four easy steps. This Configuration Wizard is designed for remote computers that need to get connected to a corporate LAN through a VPN gateway.

  • Page 18: Step 1 Of 4

    Billion BiGuard VPN Client Step 1 of 4 You need to specify the following information: The public (network side) address of the remote gateway Address (In IP or Domain name). (e.g. specify gateway.mydomain.com) The Preshared-key you will use for this tunnel (this Preshared-key must be the same in the gateway).

  • Page 19: Step 3 Of 4

    Billion BiGuard VPN Client Step 3 of 4 You need to input this VPN Client IP address that will be used to identify the client in the VPN connection (e.g. specify 192.100.205.101). Be sure that each client must use different VPN Client IP Address. Warning Step 4 of 4 The fourth step summaries your new VPN configuration.

  • Page 20: Vpn Tunnel Configuration

    VPN Tunnel Configuration How to create a VPN Tunnel? To create a VPN tunnel from the main window (without using the Configuration Wizard), you must follow the following steps: 1. Right-click on “Configuration’ in the tree list window and select “New Phase 1” 2.

  • Page 21: Advanced Features

    Billion BiGuard VPN Client Phase (Phase 1). Advanced Features Advanced features and parameters can be defined for Phase 1 and Phase 2. Those defined in Phase 1 apply to all Phase 2 created in current VPN Configuration: Enable/Disable Config Mode Enable/Disable Agressive Mode Enable/Disable Redundant Gateway Change IKE Port...

  • Page 22: Phase 1 Settings Description

    Phase 1 Settings Description Name: Label for Authentication phase used only the configuration user interface. This value is never used during IKE negotiation. It is possible to change this name at any time and read it in the tree control. Two Phase1s cannot have the same name. Interface: IP address of the network interface of the computer, through which VPN connection is established.

  • Page 23: Phase 1 Advanced Configuration

    AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as encryption method. : It is a Message Digest algorithm which coverts any length of a message IKE authentication into a unique set of bits. It is widely used MD5 (Message Digest) and SHA (Secure Hash Algorithm) algorithms.
  • Page 24 Aggressive Mode: mode with the remote router. Negotiation port for IKE. Default value is 500. IKE port: This allows the VPN Client to open an IPSec tunnel with an alternate Redundant GW gateway in case the primary gateway is down or not responding. Enter either the IP address or the url of the Redundant Gateway (e.g.

  • Page 25: Ips Ec Configuration Or Phase 2

    Billion BiGuard VPN Client If this identity is not set, VPN gateway's IP address is used. IPSec Configuration or Phase 2 What is Phase 2? “IPSec Configuration” or “Phase 2” window will concern settings for Phase 2. The purpose of Phase 2 is to negotiate the IPSec security parameters that are applied to the traffic going through tunnels negotiated during Phase 1.

  • Page 26: Phase 2 Advanced Configuration

    Remote address: This field may be "Remote host address" or "Remote LAN address" depending of the address type. It is the remote IP address, or LAN network address of the gateway, that opens the VPN tunnel. Subnet mask: Subnet mask of the remote LAN. Only available when address type is equal to the "Subnet address".
  • Page 27 Billion BiGuard VPN Client Automatic Open mode: The VPN Client can automatically open the specified tunnel (Phase2) on specific events such as: Auto open this tunnel when the VPN Client starts up. Auto open this tunnel when USB stick is inserted (see section "USB Mode"). Auto open this tunnel when the VPN Client detect traffic towards remote LAN.

  • Page 28: Global Parameters - Global Settings Description

    Global Parameters – Global Settings Description Global Parameters are generic settings that apply to all created VPN tunnels. Once modified, click on “Save & Apply” to take you modifications into account. Lifetime (sec.) Default Lifetime (sec.): IKE Minimal Lifetime (sec.): aximal lifetime IKE M Default Lifetime (sec.):...

  • Page 29: Vpn Tunnel View - How To View Opened Tunnels

    Miscellaneous: Retransmissions: Delay between retries negociation. Block non-ciphered connection: When this option is checked, only encrypted traffic is authorized. Dead Peer Detection (i.e. DPD) is an Internet Key Exchange (IKE) extension (i.e. RFC3706) for detecting a dead IKE peer. BiGuard IPSec VPN Client is using DPD: to delete opened SA in the VPN Client when peer has been detected dead.

  • Page 30: Usb Mode

    USB Mode What is USB Mode? BiGuard VPN Client brings the capability to secure VPN configurations and VPN security elements (e.g. PreShared key, Certificates, …) by the use of an USB Stick. When you select "USB mode", the VPN configuration and security elements contained into the configuration are stored onto the USB Stick the first time you plug it in.

  • Page 31: How To Enable A New Usb Stick

    Once USB mode is set on, the left side box in the status bar shows an USB stick icon. The USB Stick icon is plain when a USB Stick is plugged in: The USB Stick icon is gray when no USB Stick is plugged in: How to enable a new USB Stick? A new USB Stick (no data) must be enabled by copying VPN configuration and security elements onto it.

  • Page 32: Certificate Management (Please See Appendix A - Compatible Table Of Billion Vpn Enabled Devices And Biguard Vpn Client)

    Certificate Management (Please see Appendix A - Compatible table of Billion VPN enabled devices and BiGuard VPN Client) Additional support documents BiGuard VPN Client uses X509 certificates with PEM format. This kind of certificates is created with OpenSSL, not with BiGuard VPN Client. In order to use X509 Certificates with BiGuard VPN client, you must have the following items: 1.

  • Page 33: Configuration Management - How To Import Or Export Avpn Configuration

    Billion BiGuard VPN Client Configuration Management – How to Import or Export a VPN Configuration? BiGuard VPN Client can import or export a VPN Configuration. With this feature, IT managers can prepare a configuration and deliver it to other users. 1.

  • Page 34: Configuration Tools

    Billion BiGuard VPN Client Configuration Tools Command line tools Those tools are available as command line type and are meant to be used by IT managers to change the IPSec VPN Client behavior to their needs. 1. Stopping IPSec VPN Client 2.

  • Page 35: Console And Logs

    Billion BiGuard VPN Client Console and Logs Console Windows The “Console” window is available from the context menu of the systray icon or from “Console” button in the configuration user interface. This window can be used to analyze VPN tunnels. This tool is particularly useful for IT managers in setting up their network.
  • Page 36 Billion BiGuard VPN Client Misc (Misc): log level for configuration reading or dump of low level messages Trpt (Transport): log level for UDP transport mode Msg (Message): log level for IKE decode Cryp (Crypto): log level and dump for crypto material exchanged Timr (Timer): log level about timers Sdep (Sysdep): log level about IKE interface from/to IPSec SA (SA): log level for SA managment...

  • Page 37: Chapter 5: Troubleshooting

    Ethereal is free software that can be used for packet and traffic analysis. It shows IP or TCP packets received on a network card. This tool is available on website: http://www.ethereal.com/. It can be used to follow protocol exchange between two devices. For installation and use details, read its specific documentation.

  • Page 38: No Keystate » Error

    « no keystate » error 115305 Default sysdep_app_open: Init Connection for : Cnx-Cnx-P2 Cnx-remote-addr 115305 Default sysdep_app_open: IPV4_SUBNET Network 192.168.1.1 115305 Default sysdep_app_open: IPV4_SUBNET Netmask 255.255.255.0 115315 Default (SA Cnx-P1) SEND phase 1 Main Mode 115317 Default (SA Cnx-P1) RECV phase 1 Main Mode 115317 Default (SA Cnx-P1) SEND phase 1 Main Mode 115319 Default (SA Cnx-P1) RECV phase 1 Main Mode 115319 Default (SA Cnx-P1) SEND phase 1 Main Mode...

  • Page 39: Invalid Id Information » Error

    115905 Default sysdep_app_open: Init Connection for : Cnx-Cnx-P2 Cnx-remote-addr 115905 Default sysdep_app_open: IPV4_SUBNET Network 192.168.1.1 115905 Default sysdep_app_open: IPV4_SUBNET Netmask 255.255.255.0 115911 Default (SA Cnx-P1) SEND phase 1 Main Mode 115911 Default RECV Informational [NOTIFY] with NO_PROPOSAL_CHOSEN error « INVALID ID INFORMATION » error 122609 Default sysdep_app_open: Init Connection for : Cnx-Cnx-P2 Cnx-remote-addr 122609 Default sysdep_app_open: IPV4_SUBNET Network 192.168.3.1 122609 Default sysdep_app_open: IPV4_SUBNET Netmask 255.255.255.0...

  • Page 40: No Response To Phase 2 Requests

    No response to phase 2 requests 120348 Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode [ID] [ID] 120349 Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode [ID] [ID] 120351 Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode [ID] [ID] 120351 Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode [ID] [ID] Check algorithms and phase 2 identities (“Local address”...

  • Page 41: Appendix A: Compatible Table Of Billion Vpn Enabled Devices And Biguard Vpn Client

    Appendix A: Compatible table of Billion VPN enabled devices and BiGuard VPN Client Hash algorithms SHA1 Encryption 3DES AES 128 AES 192 AES 256 Diffie Hellman Group Support Group1: MODP 768 Group2: MODP 1024 Group5: MODP 1536 Authentication Mechanism Preshared key X509 Certificate support (PEM) X-Auth...

  • Page 42: Appendix B: Product Support And Contact Information

    Billion BiGuard VPN Client APPENDIX B: Product Support and Contact Information Most problems can be solved by referring to the Troubleshooting section in the User’s Manual. If you cannot resolve the problem with the Troubleshooting chapter, please contact the dealer where you purchased this product.