To set up a remote user, go to the VPCom Console's Remote Users tab, right-click Security Policy Configuration for Remote Users, and add a new user in the resulting dialog box. You provide a user ID and preshared key, which is essentially a password. Other configuration options on the client side are secure relay tunneling of IPSec traffic and secure tunneling of outbound broadcast traffic. These options enable secure communication channels among clients and between clients and hosts so that the browsing and drive-sharing features of Windows networking will function among remote users. This type of functionality approaches a seamless implementation of VPN.
To enable remote users, you need to export a unique configuration file (i.e., .alf file) for each VPCom Remote user. These encrypted files reflect a summary of settings that VPCom Gateway defines. Each user needs an .alf file in the client directory to connect to the VPCom Gateway. You can create these files individually or use VPCom's batch export utility to generate a file for each user. Ashley Laurent provides a Web-based deployment tool to help distribute .alf files. Remote users register on a secure Web page, and their .alf files are automatically downloaded to their PCs. I copied the .alf files to a disk and transferred them to the clients when I installed VPCom Remote.
Installing VPCom Remote
To install the VPCom Remote client on PCs running NT, you need to have administrative rights. To make the client work on Win95 PCs, you must update the Winsock drivers. The Remote client's setup wizard installs a virtual adapter that you can find in the Network property sheet. I copied the .alf file for the user that I created into the VPCom client directory. After the client PC rebooted and I logged on, the VPCom Remote client automatically launched. The User field displayed the correct username, so I entered the preshared key and connected to the VPCom Gateway. I entered an Ipconfig command at a command prompt and saw that the VPCom virtual adapter had obtained an IP address from the pool that I assigned on the VPCom Gateway. Figure 3, page 129, shows the VPCom Security Agent, which is the VPCom Remote client interface, displaying the VPCom Gateway (i.e., DIGIT300) and some of the intranet hosts that the user can access. The ESP_DES icon in Figure 3 depicts a secure IPSec tunnel that uses Data Encryption Standard (DES).
After my remote client PC connected to the VPCom Gateway, the client had most of the functionality I would expect on the local network. I didn't configure the ability to browse the VPN, but I could map drives and use Uniform Naming Convention (UNC) names to connect to shares. FTP transfers were seamless, and usability and performance were what I expected on my ISDN LAN. DES encryption caused some processor overhead on the server and client when I moved large amounts of data, but system performance didn't suffer.
Valuable Features, But ...
VPCom has some solid basic functionality but needs further refinement. Improving the product's documentation should be a key goal for Ashley Laurent. The company's technical support staff was invaluable in helping me work through various problems I encountered, but the technical staff would have difficulty providing such extensive support to a large customer base.
Small and midsized businesses would value VPCom's features. VPCom didn't appear to have any security flaws; the product thwarted my attempts to bypass the firewall, and the remote clients couldn't stray beyond their assigned boundaries. VPCom's most appealing feature is that it employs a standards-based implementation of high-security encryption technology and incorporates that technology into a functional remote client.
However, VPCom is sensitive to hardware and drivers. I had enough problems with hardware to make me believe that companies deploying this product will probably have similar experiences. The VPCom Gateway crashed three times during testing. Ashley Laurent's technical support responded well to these incidents, but VPCom would benefit from further testing, debugging, and interface refinement. Ashley Laurent claims that VPCom 2.6 will resolve the problems I encountered. However, until I can verify that the manufacturer improves the product's stability and documentation and provides support across a wider range of hardware, I can't recommend VPCom.
Register
