(Answer) (Category) NetMAXFAQ : (Category) NetMAX VPN Server Suite (Virtual Private Networking) :
How do I configure the SafeNet SoftPK VPN client to connect to the NetMAX VPN Server?
Applies to: NetMAX VPN Server Suite version 3.1 - 4.03 with SafeNet SoftPK NetMAX Distribution
This guide applies to the version of SafeNet SoftPK that was distributed with NetMAX. This product is no longer in production, and we now recommend that you either purchase the latest version from SafeNet or use another compatible VPN client.
NetMAX VPN remote client configuration guidelines and troubleshooting

Multiple Network Interfaces Windows 2000 Configuration

To ensure connectivity of the NetMAX SafeNet/Soft-PK VPN client to a NetMAX VPN server, follow the following troubleshooting guidelines:

  • Delete any non-working connections you have created and reconfigure them according to the manual. Keep in mind that it is very important to follow the manual EXACTLY as presented when setting up the client. The order of the steps is very important.
  • In the dialog presented on the VPN server manual on page 67, ensure that Enable Replay Detection is NOT checked under Security Policy for each connection. This is an error not documented in the errata supplement of the VPN server manual.
  • Make sure that the value for the Remote Network (page 73 of the manual, or item 10 on the configuration worksheet) represents the network address for a subnet, not an individual host. A network address is the first address in an IP range.(e.g. 192.168.2.0 given a netmask of 255.255.255.0)
  • Verify that the value supplied for the Road Warrior Identity (item 8 on the worksheet and described on page 67 of the manual) matches what is assigned to the NetMAX server (page 29 of the VPN manual).
  • Re-enter the pre-shared key (passphrase) for each connection.
  • The NetMAX SafeNet VPN client is not compatible at this time with:

- Windows ME

- America Online (AOL)

Multiple network interfaces on NetMAX VPN client computer.

If you cannot connect your SafeNet VPN client to your NetMAX VPN server after trying the above guidelines the problem may be your computers' interfaces.

The SafeNet/Soft-PK VPN client cannot function properly if your Windows machine has more than one network interface (adapter). A network interface is considered any hardware which connects your computer to any kind of network.This includes all modems and all Network Interface Cards (An IR communications port will not cause any problems with the SafeNet VPN client.)

The problem and reason: Unable to connect VPN session remotely when the destination IP address of the server is the same network address of office LAN. User is able to connect to LAN through NIC card when connected locally. When the user takes his notebook outside the office and attempts to connect remotely to the same server's IP address on his local LAN- secure sessions are not possible. The user is also using fixed addresses on the NIC card. Cause: When the user is connecting remotely the notebook PC still thinks the server is local due to the address on the NIC card.

Resolution:There are two ways to work around this routing issue.

  1. If the notebook has a PCMCIA card, remove the card when connecting remotely. This will remove the local address from the machine.

  2. If the notebook does not have a removable PCMCIA card, then the user must configure hardware profiles. Hardware profiles are described in your Windows help.

An example for, creating a Dial-up only profile:

  1. Open the System Properties dialog box.

  2. Click the name of the profile you want to base the new hardware profile on, and then click Copy.

  3. In To, type a name for the new hardware profile you want to create. Dial-Up.

  4. Re-start Windows.

  5. During boot-up, you are prompted to choose the hardware profile in which to start Windows. Select Dial-Up.

  6. Open the System Properties dialog box at the Device Manager tab.

  7. Click the plus sign next to the Network adapters.

  8. Select properties for the NIC card that is present.

  9. Under Device usage, select Disable this device from this hardware profile. Disabling the network card for the dial-up profile will essentially remove the NIC card from the machine and therefore the LAN network address.

  10. Re-start window. Select Dial-up adapter profile when outside the office and Select Original configuration when inside the office.

  11. Under Security Policy Editor, Change the connection for the secure connection to use the PPP adapter. Select My Identity- Internet Interface-PPP Adapter. This secure connection will only be active when a PPP session is established.

If you have more than one network interface in your windows machine you may choose one of these options:

  1. You can create a hardware profile that has all except one network interface disabled.

    2. Having two profiles enables you to switch between the VPN profile, with only one network interface enabled, and the default profile, with all network interfaces enabled. This way you will not have to reinstall your network interfaces when you wish to use more than one.

    This option is recommended if you have an integrated network interface and use another for the VPN connection. For example if you have an integrated NIC and use a modem for the VPN connection.

  2. You can physically remove all but one interface from your computer. This option is more feasible if you are using a computer that only uses a modem to connect and does not have an internal network. For example a laptop used on business trips.

Windows 2000 configuration.

In order for the SafeNet VPN client to work in Windows 2000 these guidelines must be followed.

  1. The high encryption package must be installed.

    • To do so click the Start button and select Windows Update.

    • In the Windows Update browser click on product updates.

    • Browse to and select for download the high encryption package.

    • Click on download, read and accept any license agreements.

    • Click yes to reboot your computer.

  2. Any IPsec devices must be removed.

    • Any IPsec devices that windows provides or other VPN software provides must be removed in order for the SafeNet client to properly install and run.

  3. Network interfaces other than your internet connection interface must be removed from the system or another hardware profile must be created with other interfaces removed.

    • In other words if your Windows 2000 system has a modem and a NIC and you use the NIC to connect to the internet the modem must be removed from the system or the hardware profile. For more information on this please see Mutiple network interfaces.

  4. Other VPN software must not be running.

    • If you have other VPN software installed on your Windows 2000 system it should be removed.

    • It is possible to leave other VPN software installed, however all of it's components must not be running when the SafeNet client is installed or is run.

  5. Do not install Safenet VPN adapter which provides support for L2TP and Virtual Adapter functionality.

    • In the installation you are told not to install this feature. However you will still be asked if you would like to install this feature. DO NOT INSTALL IT!

    • Choosing to install this will keep the SafeNet VPN client from working.

address-suppressed
Previous: (Answer) What Common console messages are related to VPN?
Next: (Answer) How can I get the latest version of the SafeNet IRE client?
This document is: http://www.netmax.org/cgi-bin/fom.cgi?file=414
[Search] [Appearance]
This is a Faq-O-Matic 2.721.
This FAQ administered by ...Cybernet Systems Corp.