Juniper Network Connect SSL VPN Client Windows Quick

Juniper Network Connect SSL VPN Client Windows Quick
Juniper Network Connect SSL VPN Client
Windows Quick Reference Guide for Avaya
Employees
For Avaya Remote Access (ARA) Service SSL VPN
–
Version 1.2
December 20, 2013
Table of Contents
1.
Prerequisites .................................................................................................................. 3
2.
Using Avaya Remote Access Landing Webpage ............................................................... 3
3.
Login Process ................................................................................................................. 3
4.
5.
3.1
Remote UserID/Password Employee Users..................................................................... 3
3.2
Remote UserID/Password Contractor Users ................................................................... 4
3.3
MFA Soft Token Employee Users .................................................................................... 5
3.4
MFA Soft Token Contractor Users ................................................................................... 5
3.5
Remaining Steps for All Users ......................................................................................... 6
Frequently Asked Questions (FAQs)................................................................................ 8
4.1
Why can I only have one SSL VPN Connection per User ID, per Gateway? ..................... 8
4.2
What is the best way to connect to the SSL VPN Gateways? ......................................... 9
4.3
What web browsers are supported by the SSL VPN Gateways? ..................................... 9
4.4
Can I connect to the SSL VPN Gateway with my personal computer? ............................. 9
4.5
Is IP Softphone Supported? ............................................................................................. 9
4.6
Can I run Network Connect over a Satellite ISP or Dial-up Connection? ........................ 9
4.7
Why does my Network Connect session timeout after being connected for a short period
of time? ............................................................................................................................ 9
4.8
How do I sign out of the SSL VPN Gateway?................................................................. 10
4.9
How do I select an alternate SSL VPN Gateway to log into? ........................................ 10
4.10
Why do I receive a “Limited Network Access” message when logging into the SSL VPN
service? .......................................................................................................................... 10
4.11
Why does Network Connect rapidly disconnect after logging into the Avaya network? 10
4.12
Why doesn’t Network Connect client load on my PC? .................................................. 11
4.13
Why do I receive a Network Connect Timeout/Terminate Error or Network Connect
Error 23711/23712 message when trying to connect to the SSL VPN Gateway? ........ 14
4.14
Can I access my home network resources while connecting to the Avaya network using
the SSL VPN Client? ....................................................................................................... 14
4.15
Uninstalling the Juniper Software ................................................................................. 15
Support for SSL VPN Network Connect Client ............................................................... 16
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
2
1. Prerequisites
The following prerequisites must be met in order to use this service:
• The User’s PC must be running Windows 7.
• Public Internet access [NOTE: please make sure your PC is connected to the public
Internet at home or at a public WiFi hotspot. The directions provided here will
not work if your PC is connected to the Avaya corporate network in an Avaya
office.]
• Microsoft Internet Explorer 8.0 or the newest IT recommended browser and
version installed on your PC.
• You must have Sun Java installed. It is recommended that you use Sun Java
1.6.36 or the newest IT recommended version installed on your PC.
• The User’s PC Logon ID must have Administrator privileges/permissions in order
to install the Network Connect software.
• The user must have an active Multi Factor Authentication (MFA) account or ARA
ID and Password.
2. Using Avaya Remote Access Landing Webpage
To assure a smooth and sufficient remote access service using Juniper SSL VPN solution,
you should always access this service through the Avaya Remote Access Landing
webpage.
This webpage provides you with a listing of gateways you can use for your region and
assure that your Network Connect client is always up-to-date.
3. Login Process
Depending on how you will authenticate, UserID/password or MFA Soft Token, you will
see different login pages.
Please select the appropriate primary SSL VPN Gateway based on your region under
Avaya Employee Class.
APAC = Asia and Pacific Regions
EMEA= Europe, Middle East, and Africa Regions
NA East = North America East Coast Region
NA West = North America West Coast Region
CALA = Central and Latin America
3.1 Remote UserID/Password Employee Users
You will now find yourself at the The Avaya Remote Access (ARA) Service login
page.
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
3
Please type in your ARA username and password. Assure that the Default VPN
Domain is selected, and then click the Log In button. . If you can’t see the
SSL VPN login page, please return to the Avaya Remote Access web page and
select the Secondary SSL VPN Gateway based on your region.
3.2 Remote UserID/Password Contractor Users
You will now find yourself at the Contractor Secure Access login page.
Please type in your ARA username and password. Make sure that the CTACLUnrestirct ACL Group is selected, and then click the Sign In button. If you
can’t see the SSL VPN login page, please return to the Avaya Remote Access web
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
4
page and select the Secondary SSL VPN Gateway based on your region.
3.3 MFA Soft Token Employee Users
You will now find yourself at the Avaya SSL VPN Remote Access login page.
Select the MFA Default VPN Domain Realm from the drop down list, type in your
ARA username and PVN and Token Code, and click the Sign In button. If you can’t
see the SSL VPN login page, please return to the Avaya Remote Access web page
and select the Secondary SSL VPN Gateway based on your region.
3.4 MFA Soft Token Contractor Users
You will now find yourself at the Avaya SSL VPN Remote Access login page.
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
5
Select the MFA CT-ACLUnrestrict Realmfrom the drop down list, type in your ARA
username and PVN and Token Code, and click the Sign In button. If you can’t see
the SSL VPN login page, please return to the Avaya Remote Access web page and
select the Secondary SSL VPN Gateway based on your region.
3.5 Remaining Steps for All Users
1. Once the Network Connect application obtains an IP address, a new Network
Connect icon will be displayed in you system tray. This is the Network Connect
system tray icon looks like a lock with two blinking lights. Also, this means that
you are connected to the Avaya corporate network.
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
6
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
7
2. To ensure that you have obtained an IP address, you can double click on the
Network Connect system tray icon and that will reopen the Network Connect
application client. The Assigned IP: is your Avaya corporate IP address.
3. At this point, you can minimize this screen, close your web browser screen
and begin working online.
4. When you complete your work and want to shutdown your PC, make sure
that your first sign out of the SSL VPN gateway. To sign out of the SSL VPN
Gateway double click on the Network Connect icon in the System tray which
popup the Network Connect client screen and click the Sign Out button.
By signing out you release the user license you have been using on the SSL VPN
Gateway and puts the license back into the Gateway’s license pool so other
users can use the license.
4. Frequently Asked Questions (FAQs)
This section answers some frequently asked questions regarding the Network
Connect software and SSL VPN Service:
4.1 Why can I only have one SSL VPN Connection per User ID,
per Gateway?
Users can only establish one connection per domain on the SSL VPN Gateway.
This means can connect one Apple, one Linux and one Windows PC to the same
SSL VPN Gateway simultaneously, but you cannot connect two or more of the
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
8
same type of PC to a SSL VPN Gateway.
4.2 What is the best way to connect to the SSL VPN Gateways?
It is strongly recommended that you use a web browser to access the SSL
VPN Gateways. Connecting with a web browser will ensure that you are
using the most current version of the Network Connect client. You can use
Microsoft’s Internet Explorer 8.0 and above web browsers or Firefox 25.x
and above web browsers when connecting to the SSL VPN Gateways.
4.3 What web browsers are supported by the SSL VPN
Gateways?
Microsoft’s Internet Explorer 8.0 and above web browsers or Firefox 25.x and
above web browsers are supported by the SSL VPN Gateways.
4.4 Can I connect to the SSL VPN Gateway with my personal
computer?
Personal PCs can be connected to SSL VPN provided an exception is
approved. To request and exception go to the ITSS site > Support Request >
Passwords and Security > Security Exception Request - Personally Owned
Devices.
4.5 Is IP Softphone Supported?
IP Softphone can be used in two modes, the Telecommuter mode and the
Road Warrior mode. The Telecommuter mode uses regular POTS lines to place
voice calls and as a result should work fine if the IP Softphone and PBX
options are set correctly. The Road Warrior mode uses Voice over IP to carry a
voice call over the public Internet. Even though it will work for some Users, IT
does not recommend or support this configuration. This is because there’s
no control over performance or consistency given that the traffic/call rides over
the public Internet.
4.6 Can I run Network Connect over a Satellite ISP or Dial-up
Connection?
Network Connect can be used to connect to the Avaya network on a dial-up
(modem) or satellite connection, but it is not recommended or supported. This
is due to the high latency/delay experienced over a dial-up or satellite
connection. This delay can cause problems with the Network Connect client
and other applications.
4.7 Why does my Network Connect session timeout after being
connected for a short period of time?
The SSL VPN session is based on how long your ARA ID has been logged into the
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
9
SSL VPN Gateway; it is not based on how long your current Network Connect
session up and running. The configured Network Connect session time allows a
user to be logged in for 5 days. Let say you logged in 4 3/4 days ago and you did
not click the Sign Out button; your ID is still active on the SSL VPN Gateway.
When you log into the SSL Gateway next time, you might see a page displayed
stating do you want to continue with the current session. If you click the
Continue button, that will pick up where you left off last time you were
connected to the Gateway, thus you might only have a couple of hours
remaining for the session. The best practice is to click the Sign Out button when
you disconnect from the SSL VPN Gateway. Now when you login next time, you
will start off with a fresh 5 day session.
4.8 How do I sign out of the SSL VPN Gateway?
You can sign out of the SSL VPN Gateway by double clicking on the Network
Connect icon in the System tray which popup the Network Connect client
screen and clicking the Sign Out button. It is strongly recommended that you click
the Sign Out button before logging out your PC for the night. By doing this will
release the user license you have been using on the SSL VPN Gateway and
puts the license back into the Gateway’s license pool so other users can use the
license.
4.9 How do I select an alternate SSL VPN Gateway to log into?
The SSL VPN service has been installed in four separate Internet Gateway
locations to provide the service with location redundancy. If your primary SSL
VPN Gateway location is experiencing problems, you can select another SSL
VPN Gateway by going to the Main SSL VPN Gateway landing page where you
can select different SSL VPN Gateway locations.
4.10Why do I receive a “Limited Network Access” message
when logging into the SSL VPN service?
This means that the PC you have is a legitimate Avaya PC asset but needs to
be added to the Avaya Global domain. Once your PC is added to the Avaya
Global domain, you will have full access to the Avaya network. You can review
the Adding a PC to the Avaya Global domain quick reference guide on how
to do this.
4.11Why does Network Connect rapidly disconnect after
logging into the Avaya network?
Bonjour (an application that modifies the routing table) and mDNSResponder
(a Bonjour system service) can trigger the nc.windows.app.23711,
nc.windows.app.23712, nc.windows.app.23791, nc.windows.app.23792 Network
Connect errors. You will know that the application is active on your PC if your
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
10
Network Connect session continually disconnects a few seconds after successfully
logging in. There are two ways to resolve this issue:
1. Update the Bonjour software to version 1.0.6 or later
2. Remove the software.
Updating Bonjour Software
Please download the new Bonjour software from the URL link below:
http://www.apple.com/downloads/macosx/apple/windows/bonjourforwind
ows.html If the link above does not work, please go to http://www.apple.com ,
search for Bonjour for Windows, and download the latest Bonjour version for
Windows.
Once you saved this file to your PC, please double click on the file and follow the
instructions to install the updated software.
Removing the Bonjour Software
a. Open a Windows command (MSDOS) prompt and type the following
command:

cd \Program Files\Bonjour

mDNSResponder.exe remove
–
b. Navigate to the following folder in Windows Explorer: C:\Program
Files\Bonjour.
c. Rename the mdnsNSP.dll file in that folder to mdnsNSP.old
d. Restart your computer.
e. Delete the Program Files\Bonjour folder.
f. Please proceed to point 3.15 if you are still receiving the
nc.windows.app.23711 or nc.windows.app.23712 error message.
4.12 Why doesn’t Network Connect client load on my PC?
If the Network Connect software does not load on your PC, you might not have
Sun Java installed on your PC. First, check to see if you have Sun Java installed
on your PC. You can do this by clicking on the Start button, select Settings and
click on Control Panel.
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
11
Now you will be in your Control Panel. Please look for an icon that looks like a
Coffee Cup and says Java underneath it; double click on this icon.
You will now see a Java Control Panel on your screen, click the About button.
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
12
A new screen will popup showing your Java version. As long as you Java version is
1.4.2 or above, the Network Connect client will install and run on your PC.
If you do not see a Coffee Cup icon in your Control Panel, then Java is not installed
on your PC. To install java on your PC, please go to www.java.com and click on
the Free Java Download button. Please follow the instructions on the webpage
to install the Sun Java runtime environment. After you successfully installed Java,
please trying logging in the SSL VPN Gateway again.
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
13
4.13 Why do I receive a Network Connect Timeout/Terminate
Error or Network Connect Error 23711/23712 message
when trying to connect to the SSL VPN Gateway?
First check to make sure you do not have Bonjour software loaded on you PC.
Please follow the steps in point 3.11 to determine this. If Bonjour is not loaded,
please the steps below.
The common reason you are receiving the 23711/23712 error message or your
Network Connect client is timing out is due to a problem with your McAfee
anti-virus/firewall software. Currently, there is a setting missing on your PC for
McAfee to allow the Network Connect client to add the proper TCP/IP setting to
the Windows’ registry. To solve the issue, please do the following steps:
1. Uninstall the Juniper Network Connect (NC) client program from your PC.
2. Open a DOS/Command window by clicking Start> Run, type in cmd and click
Ok.
3. In the DOS/Command window, do the following at the prompt (C:\>):
a. Type reg add HKLM\System\CurrentControlSet\Services\FireHook
b. Hit the enter key.
c. Close the DOS/Command window.
Now re-connect to the SSL VPN Gateway and let the Juniper Network Connect
client reinstall.
Now the NC client should connect to the SSL VPN Gateway without any problems.
4.14 Can I access my home network resources while connecting
to the Avaya network using the SSL VPN Client?
Yes, you have the ability to access your local home network when connected to
the SSL VPN gateway.
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
14
4.15 Uninstalling the Juniper Software
If you need to uninstall the Network Connect software, do the following:
Windows 7
1. Close all programs that are running on your PC.
2. From your Desktop click on the Start button, select All Programs, select Juniper
Networks, select Network Connect x.x.x and click Uninstall Network
Connect.
3. The Network Connect client software will uninstall itself automatically.
Windows XP
1. Close all programs that are running on your PC.
2. From your Desktop click on the Start button, select Programs, select Juniper
Networks, select Network Connect x.x.x and click Uninstall Network
Connect.
3. The Network Connect client software will uninstall itself automatically.
Avaya Inc. – Public.
Use pursuant to the terms of your signed agreement or Avaya policy.
15
5. Support for SSL VPN Network Connect Client
If you experience issues with the SSL VPN Network Connect software, please contact the
Avaya IT Customer Care Center (AICCC) for assistance.
If possible please visit the IT Self Service tool (ITSS) to obtain the latest knowledge
articles and log a ticket.
US or Canada Employees:
call +1 866 AVAYA IT (+1-866-282-9248) or 720-444-0130
International Employees:
Avaya Office: call 0/9 (outside line prefix) followed by '1234'.
Associates in Germany, please dial '1234'. Users located in Leipzig, Düsseldorf,
Augsburg, Hannover must dial '9' then '1234'.
Outside of Avaya Office: EMEA Associates should call +44 1483 309800, Canada,
APAC and CALA Regions call +1 720 444 0130.
Associates in Germany should call +49 69 7505 1234
Avaya Inc. – Proprietary.
Use pursuant to the terms of your signed agreement or Avaya policy.
16
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising