Nokia E65 Mobile VPN Client User's Guide Nokia E65 Mobile VPN Client User's Guide Legal Notice Copyright © Nokia 2007. All rights reserved. Reproduction, transfer, distribution or storage of part or all of the contents in this document in any form without the prior written permission of Nokia is prohibited. Nokia, Nokia Connecting People, Eseries and E65 are trademarks or registered trademarks of Nokia Corporation. Other product and company names mentioned herein may be trademarks or trade names of their respective owners. Nokia operates a policy of ongoing development. Nokia reserves the right to make changes and improvements to any of the products described in this document without prior notice. Under no circumstances shall Nokia be responsible for any loss of data or income or any special, incidental, consequential or indirect damages howsoever caused. The contents of this document are provided "as is". Except as required by applicable law, no warranties of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose, are made in relation to the accuracy, reliability or contents of this document. Nokia reserves the right to revise this document or withdraw it at any time without prior notice. Copyright to the Windows screenshots belongs to Microsoft. Copyright © 2007 Nokia. All rights reserved. Select Menu > Tools > Settings > Connection >VPN. With a virtual private network (VPN), you can create encrypted connections to access information you need while you are away from the office. You are in touch and in control with encrypted access to your enterprise network for email, database applications, and intranet. To create a VPN connection, a VPN gateway and the mobile device authenticate each other and negotiate encryption and authentication algorithms to help protect the privacy and integrity of the information you access. To use virtual private networking 1 Connect to a VPN policy server. See "Connecting to VPN policy servers" on page 7. 2 Install VPN policies from the VPN policy server. See "Installing VPN policies" on page 4. The VPN policy server automatically installs a VPN access point, specifying an Internet access point and a VPN policy to use with the access point. Note: VPN access points combine VPN policies with Internet access points. When you synchronise a VPN policy server for the first time, matching VPN access points are created for each policy that you install on the mobile device. Managing virtual private networking To create VPN connections, you first connect to a VPN policy server to install VPN policies and VPN access points. Then you select a VPN access point whenever you use an application and want to connect to the enterprise network. The VPN connection to the enterprise network is created and data is encrypted according to a VPN policy that is loaded when you connect to a VPN access point. Note: To use VPN, you need VPN policy server settings from your administrator. 3 When using an application, select a VPN access point to connect to the enterprise network. See "VPN and applications" on page 10. A VPN connection is created on top of the Internet connection. Copyright © 2007 Nokia. All rights reserved. Mobile VPN Client User's Guide Mobile VPN Client User's Guide 3 Mobile VPN Client User's Guide VPN policies Select Menu > Tools > Settings > Connection > VPN > VPN management > VPN policies. VPN policies define the method that a mobile device and a VPN gateway use to authenticate each other and the encryption algorithms that they use to encrypt the data. Administrators create VPN policies and store them on VPN policy servers. You install VPN policies from a VPN policy server. A VPN policy server is a Nokia Security Service Manager (Nokia SSM). You get the policy server address from the administrator. · Internet access point -- associate the VPN policy server with an access point. The access point is used to connect to this VPN policy server. You get the access point information from the administrator. 4 Press Back to save the VPN policy server settings. 5 Press Yes when you are asked to synchronise the VPN policy server. Glossary: Synchronising means that a VPN policy server is checked for new, updated, or removed VPN policies. Installing VPN policies Glossary: VPN policy servers are servers on the enterprise network that contain VPN policies. 6 Create a key store password. Glossary: A key store password helps protect private keys in VPN policies and VPN policy server connections from unauthorised use. See "Creating or changing a key store password" on page 9. You are connected to the VPN policy server. 7 Verify the identity of the VPN policy server. You receive a VPN policy server identity code from the administrator. Carefully compare the displayed VPN policy server identity code with the code that you have received from the administrator, enter the missing characters in the field, and press OK. Glossary: A VPN policy server identity code is the fingerprint of the VPN policy server certificate, which identifies the certificate. To install VPN policies 1 Go to an empty VPN policies view, and press Yes when you are asked to install VPN policies. 2 Press Yes when you are asked to add VPN policy servers. 3 Specify the settings for connecting to a VPN policy server. · Policy server name -- enter a name for the VPN policy server. You can specify any name for the policy server, but it must be unique in the VPN policy servers view. If you leave this field empty, Policy server addr. appears in the field. · Policy server addr. -- enter the host name or IP address of the VPN policy server to install VPN policies from. You can also specify a port number, separated with a colon (:). 4 Copyright © 2007 Nokia. All rights reserved. password in Policy server password to authenticate to the VPN policy server, and press OK. Glossary: A policy server user name and password help protect the VPN policy server from unauthorised access. You get the user name and password from the administrator. VPN policies are installed on the mobile device. Note: If you press Cancel, VPN policies are not installed. Press Options and select Install policies to install VPN policies from a VPN policy server. Note that you can also install VPN policies by adding a VPN policy server and then synchronising it. To do this, select Menu and select Tools > Settings > Connection > VPN > VPN management > VPN policy servers > Options > New server. Policy status Note: The VPN policy details view is not refreshed if the policy status changes while the view is open. Policy status can have the following values: · In use -- you created a connection to a VPN access point that is associated with a VPN policy. When you create a connection, the VPN policy is taken to use. · Associated with VPN access point -- you associated the VPN policy with one or several VPN access points. You can select any of the VPN access points to take the VPN policy to use. · Not associated with VPN access point -- you must associate the VPN policy with a VPN access point to take the VPN policy to use. Viewing VPN policies The VPN policies view lists the VPN policies that you have installed on the mobile device. If (no VPN policies) is displayed, you must install VPN policies. Select Options > Install policies to install VPN policies from a VPN policy server. Select a VPN policy to view the following information: · Description -- additional information about the VPN policy. An administrator defined the description when the VPN policy was created. Copyright © 2007 Nokia. All rights reserved. Mobile VPN Client User's Guide 8 Enter your user name in Policy server user name and · Policy status -- indicates whether the VPN policy is ready to use or whether it is already in use. · Certificate status -- indicates whether or not valid user certificates are available on the mobile device. · Policy name -- the name an administrator gave to the VPN policy when the VPN policy was created. · Policy server -- the name of the VPN policy server from which you installed the VPN policy. · Updated -- the date when the VPN policy was last updated from the VPN policy server. 5 Mobile VPN Client User's Guide Certificate status Certificate status can have the following values: · OK -- at least one valid certificate is available in the mobile device or you do not use certificates to authenticate to VPN gateways. · Expired -- the validity of one or more certificates has ended. If you cannot create a VPN connection, try to update the VPN policy to enroll new certificates. · No certificate -- one or more of the required certificates cannot be found on the mobile device. If you cannot create a VPN connection, try to update the VPN policy to enroll new certificates. · Not yet valid -- one or more certificates are for future use. This value may also mean that the date and time on the mobile device are set in the past, time zones are not set correctly, or the daylight saving setting is turned on. Press the selection key to close the details and return to the VPN policies view. Updating VPN policies When you create a connection to a VPN access point, the status of the VPN policy is checked from the VPN policy server. If the administrator has created a new version of the VPN policy, the new version is installed on the mobile device. If the administrator has deleted the VPN policy from the VPN policy server, the VPN policy is removed from the mobile device. Changes become effective the next time you create a connection to the VPN access point, so they do not affect the current VPN connection. You can also update a VPN policy in the VPN policies view. To update a VPN policy, select a VPN policy, press Options, and select Update policy. The status of the VPN policy is checked from the VPN policy server. Deleting VPN policies VPN policies are deleted automatically when you synchronise a VPN policy server after the administrator has deleted VPN policies from the VPN policy server. If you delete a VPN policy that still exists on the VPN policy server, the VPN policy is installed again when you synchronise VPN policies from the VPN policy server. To delete a VPN policy, select the VPN policy and press the clear key. You cannot use a VPN access point if you delete a VPN policy that is associated with it. Creating VPN access points with default values To use the VPN policy, you must associate it with a VPN access point. In the VPN policies view, select Options > Define VPN ac. point. Mobile VPN Client creates a VPN access point with default settings. You can create and modify VPN access points in the VPN access points view. 6 Copyright © 2007 Nokia. All rights reserved. Select Menu > Tools > Settings > Connection > VPN > VPN management > VPN policy servers. You install VPN policies from VPN policy servers. When you create a connection to a VPN access point, the VPN policy that is associated with the VPN access point is automatically updated from a VPN policy server. To update all VPN policies, synchronise the VPN policy servers with the mobile device. For more information, see "Synchronising VPN policy servers" on page 7. Select a VPN policy server in the VPN policy servers view to view or change its settings. Select Policy server name to enter a new name for the policy server. The VPN policy servers view shows the new name. You cannot change Policy server addr. after you install VPN policies from the VPN policy server, because the VPN policy server sends the address during the first connection. If you have deleted the access point that is associated with the VPN policy server, Internet access point shows the text (not selected). Select Internet access point to select a new access point. If you have deleted all access points, you cannot save the settings. Connecting to VPN policy servers When you install VPN policies from a VPN policy server, you create a trust relationship between the mobile device and the VPN policy server. To create the trust relationship, you must authenticate the VPN policy server, and the VPN policy server must authenticate you. After the VPN policy server authenticates you, a private key is generated and a corresponding certificate is enrolled. The certificate authenticates you to the VPN policy server. The private key and certificate are stored in a key store on the mobile device. Synchronising VPN policy servers Select a VPN policy server in the VPN policy servers view, press Options, and select Synchronise server to install and update policies from the VPN policy server. The VPN policy server is checked for added, updated, or deleted VPN policies. If the VPN policy server contains new VPN policies or new versions of VPN policies, the VPN policies are installed to the mobile device. If the administrator has deleted VPN policies from the VPN policy server, the VPN policies are ...