User manual

ManualsBrandsWatchGuard Technologies ManualsOtherNetwork Card SOHO 6

WatchGuard

Firebox

SOHO 6

MUVPN Clients Guide

SOHO 6.0

Summary of content (66 pages)

PAGE 1
WatchGuard® Firebox® SOHO 6 MUVPN Clients Guide SOHO 6.
PAGE 2
Using this Guide To use this guide you need to be familiar with your computer’s operating system. If you have questions about navigating in your computer’s environment, please refer to your system user manual. The following conventions are used in this guide. ii Convention Indication Bold type Menu commands, dialog box options, Web page options, Web page names. For example: “On the System Information page, select Disabled.” NOTE Important information, a helpful tip or additional instructions.
PAGE 3
Notice to Users Information in this guide is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WatchGuard Technologies, Inc. Copyright, Trademark, and Patent Information Copyright© 1998 - 2002 WatchGuard Technologies, Inc. All rights reserved.
PAGE 4
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 4.
PAGE 5
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3.
PAGE 6
"This product includes software developed by Ralf S. Engelschall for use in the mod_ssl project (http://www.modssl.org/)." 4. The names "mod_ssl" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact rse@engelschall.com. 5. Products derived from this software may not be called "mod_ssl" nor may "mod_ssl" appear in their names without prior written permission of Ralf S. Engelschall. 6.
PAGE 7
5. Products derived from this software may not be called "Apache", nor may "Apache" appear in their name, without prior written permission of the Apache Software Foundation. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
PAGE 8
viii MUVPN Client
PAGE 9
Contents CHAPTER 1 Configure the SOHO 6 .............................. 1 Redeem your SOHO 6 Upgrade Options .......................... 2 Configure the SOHO 6 for MUVPN Clients ........................ 3 CHAPTER 2 Preparation, Installation, and Connection 7 Prepare the Remote Computers ....................................... 7 System requirements ..................................................... 8 Windows 98/ME operating system setup ........................... 8 Windows NT operating system setup ......
PAGE 10
The Connection Monitor ............................................... 31 CHAPTER 3 The ZoneAlarm Personal Firewall ........... 33 ZoneAlarm Features ....................................................... 34 The Alerts Panel .......................................................... 34 Up and Down Graphs .................................................. 35 Expanded Alert Panel .................................................. 35 The Lock Panel ...........................................................
PAGE 11
CHAPTER 1 Configure the SOHO 6 This guide applies to both the SOHO 6TM and the SOHO 6tcTM–the name SOHO 6 is used to refer to both these devices throughout the guide. The only difference between them is the ability to create and use a Virtual Private Network (VPN) other than the MUVPN client.
PAGE 12
CHAPTER 1: Configure the SOHO 6 For information on registering your SOHO 6 with the LiveSecurity Service, see “Register your SOHO 6 and Activate the LiveSecurity Service” in the WatchGuard Firebox SOHO 6 User Guide. Follow these steps to redeem your upgrade option license key: 1 With your Web browser, go to: http://www.watchguard.com/upgrade 2 3 Click the LiveSecurity link at the top of the page and log into the site. 4 5 Copy the Feature Key displayed at the LiveSecurity Service Web site.
PAGE 13
Configure the SOHO 6 for MUVPN Clients Configure the SOHO 6 for MUVPN Clients Flow these steps to configure your SOHO 6: 1 With your Web browser, go to the System Status page using the Trusted IP address of the SOHO 6. For example, if using the default IP address, go to: http://192.168.111.1 2 From the navigation bar on the right side, select VPN => MUVPN Clients. The MUVPN Clients page appears. 3 MUVPN Client Guide Click the Add button. The Add MUVPN Client page appears.
PAGE 14
CHAPTER 1: Configure the SOHO 6 4 Enter a Username in the appropriate field. 5 Enter a Passphrase in the appropriate field. 6 Enter the Virtual IP address which will be used by the MUVPN computer when connecting to the SOHO 6 in the appropriate field. This Username will be used as the E-mail Address when setting up the MUVPN client. In our example, Helmdog. This passphrase will be used as the Pre-Shared Key when setting up the MUVPN client. In our example, pL4n3phr34k In our example, 192.168.111.4.
PAGE 15
CHAPTER 2 Preparation, Installation, and Connection WatchGuard® Mobile User VPN (MUVPN)™ client uses Internet Protocol Security (IPSec) to establish a secure connection over an unsecured network from a remote computer to your protected network. For example, the MUVPN client is installed on an employee’s computer, on the road or working from home. The employee establishes a standard Internet connection and activates the MUVPN client.
PAGE 16
CHAPTER 2: Preparation, Installation, and Connection Prepare the Remote Computers The MUVPN client is only compatible with the Windows operating system. Every Windows system used as a MUVPN remote computer must have the following system requirements. System requirements • • • • • • • • PC-compatible computer with Pentium processor or equivalent Compatible operating systems and minimum RAM: - Microsoft Windows 98: 32 MB - Microsoft Windows ME: 64 MB - Microsoft Windows NT 4.
PAGE 17
Prepare the Remote Computers Windows 98/ME operating system setup The following networking components must be configured and installed on a remote computer running Windows 98/ME in order for the MUVPN client to function properly. Configuring networking names From the Windows desktop: 1 Select Start => Settings => Control Panel. Double-click the Network icon. The Network window appears. 2 Verify that the Client for Microsoft Networks is installed.
PAGE 18
CHAPTER 2: Preparation, Installation, and Connection 7 In the Windows NT Domain field, type the domain name. 8 Enable the Logon and Restore Network Connections option. For example, your domains might be sales, office, and warehouse. Installing Dial-Up Networking The Mobile User VPN Adapter, which supports L2TP, installs only if Dialup Networking is already installed on your computer. If Dial-up Networking is not installed, follow these instructions.
PAGE 19
Prepare the Remote Computers 4 Click the DNS Configuration tab. 5 Under the “DNS Server Search Order” heading, enter your DNS server IP address, then click the Add button. Verify that the Enable DNS option has been enabled. If you have multiple remote DNS servers repeat this step. NOTE You must list the DNS server on the Private network behind the Firebox first. 6 7 8 Click the WINS Configuration tab. Verify that the Enable WINS Resolution option has been enabled.
PAGE 20
CHAPTER 2: Preparation, Installation, and Connection 4 5 Select Remote Access Services from the list, then click the OK button. Enter the path to the Windows NT install files or insert your system installation CD, then click the OK button. The Remote Access Setup dialog box appears. 6 Click the Yes button to add a RAS capable device and enable you to add a modem. 7 Click the Add button and complete the Install New Modem wizard.
PAGE 21
Prepare the Remote Computers NOTE You must list the DNS server on the Private network behind the Firebox first. 7 8 Click the WINS Address tab. Enter your WINS server IP address in the appropriate field, then click the OK button. If you have multiple remote WINS servers repeat this step. 9 Click the Close button to close the Network window. The Network Settings Change dialog box appears. 10 Click the Yes button to restart the computer and implement the changes.
PAGE 22
CHAPTER 2: Preparation, Installation, and Connection 2 3 Click the Properties button. 4 Double click the Protocol network component. 5 Select the Internet Protocol (TCP/IP) Network Protocol and then click the OK button. Select the Networking tab and then click the Install button. The Select Network Component Type window appears. The Select Network Protocol window appears.
PAGE 23
Prepare the Remote Computers 8 Click the Cancel button to close the Dial-up connection window. Configuring the WINS and DNS settings You must configure the remote computer to use the WINS and DNS servers of the trusted network behind the Firebox only if you do not plan to use the MUVPN client’s virtual adapter. From the Windows desktop: 1 Select Start => Settings => Network and Dial-up Connections, then select the Dial-up connection you use to access the Internet. The connection window appears.
PAGE 24
CHAPTER 2: Preparation, Installation, and Connection 13 Under the “WINS addresses, in order of use” heading, click the Add button. The TCP/IP WINS Server window appears. 14 Enter your WINS server IP address in the appropriate field, then click the Add button. If you have multiple remote DNS servers repeat the last two steps. 15 Click the OK button to close the Advanced TCP/IP Settings window. 16 Click the OK button to close the Internet Protocol (TCP/IP) Properties window.
PAGE 25
Prepare the Remote Computers 2 3 Click the Properties button. 4 Double click the Protocol network component. 5 Select the Internet Protocol (TCP/IP) Network Protocol and then click the OK button. Select the Networking tab and then click the Install button. The Select Network Component Type window appears. The Select Network Protocol window appears.
PAGE 26
CHAPTER 2: Preparation, Installation, and Connection 8 Click the Cancel button to close the Dial-up connection window. Configuring the WINS and DNS settings You must configure the remote computer to use the WINS and DNS servers of the trusted network behind the Firebox only if you do not plan to use the MUVPN client’s virtual adapter. From the Windows desktop: 1 Select Start => Control Panel => Network Connections, then select the Dial-up connection you use to access the Internet.
PAGE 27
Install the MUVPN Client 13 Under the “WINS addresses, in order of use” heading, click the Add button. The TCP/IP WINS Server window appears. 14 Enter your WINS server IP address in the appropriate field, then click the Add button. If you have multiple remote WINS servers repeat the last two steps. 15 Click the OK button to close the Advanced TCP/IP Settings window. 16 Click the OK button to close the Internet Protocol (TCP/IP) Properties window. 17 Click the OK button to close the next window.
PAGE 28
CHAPTER 2: Preparation, Installation, and Connection 4 The installation welcomes you again. Click the Next button. 5 Click the Yes button to accept the terms of the License Agreement and to continue with the installation. The Software Licence Agreement appears. The Setup Type window appears. 6 Select the type of setup. By default, Typical is enabled–this is the setup recommended by WatchGuard. Click the Next button.
PAGE 29
Install the MUVPN Client Configuring the MUVPN Client Once you have restarted the machine, the WatchGuard Policy Import dialog box appears. Click the Cancel button as this step is not necessary. From the Windows desktop system tray: 1 Right-click on the Mobile User VPN client icon. 2 Select Edit => Add => Connection. The Security Policy Editor window interface appears. A New Connection will appear under the My Connections folder within the Network Security Policy field on the left side of the Editor.
PAGE 30
CHAPTER 2: Preparation, Installation, and Connection 5 Enter the network IP Address of the Trusted Network behind the SOHO 6 in the field labeled “Subnet”. In our example, 192.168.111.0. 6 Enter the Subnet Mask of the Trusted Network behind the SOHO 6 in the field labeled “Mask”. In our example, 255.255.255.0. 7 8 From the Protocol drop list, verify that All has been selected. Enable the Connect using checkbox and select Secure Gateway Tunnel from the drop list.
PAGE 31
Install the MUVPN Client 15 Click the Pre-Shared Key button. The Pre-Shared Key window appears. 16 Click the Enter Key button. 17 Enter the same Passphrase configured on the SOHO 6 in the appropriate field. In our example, pL4n3phr34k. 18 From the Select Certificate drop list, verify that None has been selected. 19 From the ID Type drop list, select E-mail Address. 20 Enter the same Username configured on the SOHO 6. In our example, Helmdog.
PAGE 32
CHAPTER 2: Preparation, Installation, and Connection 21 From the Virtual Adapter drop list, verify that Disabled has been selected. 22 From the Network Security Policy expand Security Policy, then expand Key Exchange (Phase 2). My Identity and Security Policy should appear below New Connection. 23 Select Proposal 1. My Identity and Security Policy should appear below New Connection. 24 Verify that the Encapsulation Protocol (ESP) check box is enabled.
PAGE 33
Install the MUVPN Client 26 Select File => Save Changes. Uninstall the MUVPN client At some point, it may become necessary to completely uninstall the MUVPN client. WatchGuard recommends a complete uninstall using the Windows Add/Remove Programs tool. First, disconnect all existing tunnels and dial-up connections and reboot the remote computer. Then, from the Windows desktop: 1 Select Start => Settings => Control Panel. 2 Double click the Add/Remove Programs icon.
PAGE 34
CHAPTER 2: Preparation, Installation, and Connection 9 Right-click Mobile User VPN and select Delete to remove this selection from your Start Menu. Connect and Disconnect the MUVPN Client The MUVPN client enables the remote computer to establish a secure, encrypted connection to a protected network over the Internet. To do this, you must first connect to the Internet and then use the MUVPN client to connect to the protected network.
PAGE 35
Connect and Disconnect the MUVPN Client service properly and the remote computer must be restarted (if this continues you may need to reinstall the MUVPN client). Activated The MUVPN client is ready to establish a secure, MUVPN tunnel connection. Activated and Transmitting Unsecured Data The MUVPN client is ready to establish a secure, MUVPN tunnel connection. The red bar on the right of the icon indicates that the client has begun transmitting unsecured data.
PAGE 36
CHAPTER 2: Preparation, Installation, and Connection The MUVPN client has established at least one secure, MUVPN tunnel connection. The red and green bars on the right of the icon indicate that the client is transmitting both secured and unsecured data. Allowing the MUVPN client through the personal firewall There are a couple of programs associated with the MUVPN client, which you must allow through the personal firewall in order to establish the MUVPN tunnel: • MuvpnConnect.exe • IreIKE.
PAGE 37
Monitor the MUVPN Client Connection The New Program alert dialog box appears requesting access for the IreIKE.exe program. 2 Enable the Remember this answer the next time I use this program option and click the Yes button. This enables ZoneAlarm to allow the IreIKE.exe program through each time you attempt to make a MUVPN connection. Disconnecting the MUVPN client The MUVPN tunnel is independent of the Internet connection.
PAGE 38
CHAPTER 2: Preparation, Installation, and Connection The Log Viewer The LogViewer displays the communications log, a diagnostic tool that lists the negotiations that occur during the MUVPN client connection. From the Windows desktop system tray: 1 2 Right-click the Mobile User VPN client icon. Select Log Viewer. The Log Viewer window appears. The Connection Monitor The Connection Monitor displays statistical and diagnostic information for each active connection in the security policy.
PAGE 39
Monitor the MUVPN Client Connection An icon appears to the left of the connection name: • SA indicates that the connection has only a Phase 1 IKE SA. This occurs when connecting to a secure gateway tunnel or when a Phase 2 IPSec SA fails to establish or has not been established yet. • A key indicates that the connection has a Phase 2 IPSec SA, or both a Phase 1 and Phase 2 SA. • A key with a black line moving below it indicates that the client is processing secure IP traffic for that connection.
PAGE 40
CHAPTER 2: Preparation, Installation, and Connection 32 MUVPN Client
PAGE 41
CHAPTER 3 The ZoneAlarm Personal Firewall A personal firewall is a barrier between your computer and the outside world. The computer is most vulnerable at its doors, called ports. Without ports, no connection to the Internet is possible. ZoneAlarm protects these ports by following a simple rule: Block all incoming and outgoing traffic unless you explicitly allow it for trusted programs. When using ZoneAlarm, you often see Program Alert dialog boxes similar to the image below.
PAGE 42
CHAPTER 3: The ZoneAlarm Personal Firewall This alert appears whenever one of your programs (in this example, Internet Explorer) attempts to access the Internet or your local network. This powerful feature means no information leaves your computer unless you give it permission. If you enable the “Remember the answer each time I use this program” checkbox you will only have to answer this question once for each program.
PAGE 43
ZoneAlarm Features • The two graphs in the lower portion of the icon display a chronological history of Internet traffic as it is generated on your machine. Whenever red or green flashing bars appear in the Alerts icon, the application receiving or sending traffic is shown as a blinking icon inside the Programs icon. • NOTE You might also notice traffic being displayed when you are not on the Internet. This is local broadcast traffic from your computer.
PAGE 44
CHAPTER 3: The ZoneAlarm Personal Firewall Pressing the “More Info” button launches the Zone Labs Alert Analyzer Web page which provides additional information on traffic blocked by ZoneAlarm. The Lock Panel The purpose of the lock to is block all network activity inbound and outbound from your computer. Therefore, only use the lock during extended inactivity of your PC. A locked or unlocked padlock is displayed in the middle of the icon.
PAGE 45
ZoneAlarm Features • When the bar below the Lock button is green, the Internet Lock is not on. This means that ZoneAlarm is allowing Internet traffic in and out of your computer. If the bar displays a countdown timer, this is the time remaining before the Automatic Lock will engage. • When the bar is red, the lock is closed and no Internet traffic is allowed. When the lock is closed, the countdown timer counts upwards, showing the amount of time the lock has been active.
PAGE 46
CHAPTER 3: The ZoneAlarm Personal Firewall The Automatic Lock will activate at whatever set intervals you select. You can program the Automatic Lock to activate in the following situations: • Whenever your computer has not been used for a preset number of minutes • Whenever the screen saver takes control of your desktop NOTE If Internet access is locked when the screen saver activates, it will be unlocked when the screen saver is deactivated.
PAGE 47
ZoneAlarm Features The High Security setting will stop all applications' Internet activity regardless of the program's access settings. Please see the section of this document titled, “The Programs Panel” for more information. Undoing an Inactivity Lock If you have activated the Automatic Lock using the minutes-of-inactivity option, unlock the lock by clicking on the padlock inside the Lock icon. After clicking on the padlock to deactivate the lock, the bar under the padlock will be set to green.
PAGE 48
CHAPTER 3: The ZoneAlarm Personal Firewall The Local and Internet Zone each have a security level selector, that you drag up and down to change the security level. Local Zone security is displayed in green, and Internet Zone security in blue. The default security settings are medium for the Local Zone and high for the Internet Zone. For all three security levels, the application privileges in the Program panel are enforced.
PAGE 49
ZoneAlarm Features Use the block servers checkbox for each zone to prevent all programs from acting as servers for that zone. By checking this option, no application will be allowed to listen for incoming connections in that zone, even if you've checked the Allow Server option in the Programs panel. Definition of Zones ZoneAlarm divides traffic into two separate zones: the Local Zone and the Internet Zone.
PAGE 50
CHAPTER 3: The ZoneAlarm Personal Firewall The members of the Internet Zone are defined as all computers and addresses you have not included in your trusted Local Zone for protection. Members of the Local Zone can include hosts, Web sites, trusted IP Addresses, IP Subnets, and IP Ranges. Configuring the Local Zone Click on the button in the Security panel to display the Local Zone Properties.
PAGE 51
ZoneAlarm Features To add items to the Local Zone, follow these instructions: 1 At the Security panel, click the Advanced button. 2 Click Add and select Host/Site (where you have the URL of the remote server Web site rather than the IP address), IP address, IP Range or Subnet. 3 Under Description, enter a name for the entry. This description can be anything and has no bearing on functionality. It is intended to help you distinguish multiple entries in the Local Zone.
PAGE 52
CHAPTER 3: The ZoneAlarm Personal Firewall The Programs Panel The programs panel displays programs that have attempted to access the Internet. The extended portion of the Programs panel is the Program List. This is the list of programs installed on your machine that have attempted to connect to the Internet. Use the checkboxes in this panel to control the connection behavior of any program on the list or to specify each program's access rights for the Local Zone or the Internet Zone.
PAGE 53
ZoneAlarm Features Using the Panel Go to the Allow connect column in the main body of the panel to change a program's permissions. Click directly on the dots within the column to change the access level. In the same way, you can change the settings in the Allow server column. • The question mark indicates that ZoneAlarm will prompt you each time that particular program attempts to pass traffic to or from the either the Internet or Local zones.
PAGE 54
CHAPTER 3: The ZoneAlarm Personal Firewall See the section of this document titled, “Allowing Traffic through ZoneAlarm” for more information on allowing a few common applications and all of their necessary programs through the ZoneAlarm personal firewall. The Configuration Panel Use the configuration panel to set the basic operational characteristics for ZoneAlarm. Click the button to display the Configuration panel.
PAGE 55
ZoneAlarm Features The first checkbox on the Configuration Panel is On top during Internet activity. This checkbox controls whether or not ZoneAlarm will be displayed on top of other applications whenever Internet activity is detected. The Load ZoneAlarm at Startup checkbox is selected by default. This causes ZoneAlarm to be loaded when you start your computer. If you disable this checkbox, Internet traffic monitoring will not begin until you start ZoneAlarm on your machine.
PAGE 56
CHAPTER 3: The ZoneAlarm Personal Firewall versions and Windows 98/ME or Windows 2000, this option is part of the Windows Shell. The Check for update button contacts the web for ZoneAlarm product updates. The Change Registration button allows you to review and change your ZoneAlarm registration information Frequently Asked Questions about ZoneAlarm What is Internet Traffic? ZoneAlarm keeps an eye on all Internet traffic. Internet traffic includes all data movement to and from the Internet.
PAGE 57
ZoneAlarm Features - Modifications made to those settings by you or your system administrator. The higher the security setting in a zone, the more ZoneAlarm will block. In the Security panel, if you allow overall security for the Internet Zone to be set to high, the firewall will block, and create an alert, for the three events shown in the lower part of the example below.
PAGE 58
CHAPTER 3: The ZoneAlarm Personal Firewall Whenever red or green flashing bars appear in the Alerts icon, the application receiving or sending traffic is shown as a blinking icon inside the Programs icon. How Do I View My Internet Traffic? If you really want to see Internet traffic every single time it occurs, make sure the first checkbox below, located on the Configuration panel, is enabled.
PAGE 59
ZoneAlarm Features A number of rules could be responsible for this alert. One possibility is that, in the Allow connect column of the Programs panel, you have established a rule to block Internet Explorer's access to the Zone where the IP address mentioned in the alert. In this case, the IP address would be in the Internet zone, because the Red X is in the Internet Zone area.
PAGE 60
CHAPTER 3: The ZoneAlarm Personal Firewall If you enable the second checkbox, you'll get a display like the example below each time firewall rules trigger an alert. Allowing Traffic through ZoneAlarm When an application requires access through the ZoneAlarm personal firewall, a Program Alert will be displayed on the Windows desktop informing the user which particular program needs access.
PAGE 61
ZoneAlarm Features program which actually needs to pass through the firewall is “IEXPLORE.EXE”. In order to allow this program access each time the application is executed, enable the Remember the answer each time I use this program checkbox. Here is a list of a few essential programs which will need access through the ZoneAlarm personal firewall in order to operate some important applications. Programs Which Must Be Allowed MUVPN client IreIKE.exe MuvpnConnect.exe MUVPN Connection Monitor CmonApp.
PAGE 62
CHAPTER 3: The ZoneAlarm Personal Firewall Uninstalling ZoneAlarm From the Windows desktop: 1 Select Start => Programs => Zone Labs => Uninstall ZoneAlarm. 2 Click the Yes button. 3 Click the Yes button to continue with uninstalling the TrueVector service and disable its Internet Security features. The Confirm Uninstall dialog box appears. The ZoneLabs TrueVector service dialog box appears. The Select Uninstall Method window appears.
PAGE 63
Troubleshooting Tips CHAPTER 4 WatchGuard maintains a knowledge base on our Web site, including an In-Depth FAQ section on configuring and using the MUVPN client. This is available at: w w w.w a t c h g u a r d . c o m / s u p p o r t A few of the most common issues found in installing, configuring, and using the MUVPN client are described below. My computer is hung up just after installing the MUVPN client...
PAGE 64
CHAPTER 4: Troubleshooting Tips 3 Select Disconnect All. 4 Right-click on the Mobile User VPN client icon and select Deactivate Security Policy. The MUVPN client closes all VPN tunnels. The MUVPN icon will display a red slash to indicate that the Security Policy has been deactivated. 5 Right-click on the ZoneAlarm icon and select Shutdown ZoneAlarm. The ZoneAlarm dialog box appears. 6 Click the Yes button when prompted to quit ZoneAlarm.
PAGE 65
• Select Start => Run. Type ping and the IP address of a computer on your company network. My mapped drives have a red X through them... Windows 98/ME, NT, and 2000 verifies and maps networks drives automatically when the computer starts. Because there is no way for you to establish a remote session with the company network before the computer actually starts, drive mapping fails during the boot process and a red X appears on the drive icon. Establish a MUVPN tunnel and open the network drive.
PAGE 66
CHAPTER 4: Troubleshooting Tips It takes a really long time to shut down the computer after using Mobile User VPN... If you open and browse a mapped network drive during a MUVPN session, the Windows operating system waits for a signal from the network before it times out and completes the shut down cycle. I lost the connection to my ISP, and now I can’t use the company network... If you lose Internet connection long enough, MUVPN also loses the secure tunnel. Follow the steps to close the tunnel.