iPassConnect 3.66 Administrator's Guide
Version: 5.0; February, 2009
Corporate Headquarters iPass Inc. 3800 Bridge Parkway Redwood Shores, CA 94065 USA www.ipass.com +1 650-232-4100 +1 650-232-0227 fx
Introduction 5
Types of Network Service 6
iPass Networks ......................................................................................................................................... 6
Customer Networks .................................................................................................................................. 6
Personal Wi-Fi Networks .......................................................................................................................... 6
Connectivity Types 7
Wi-Fi (also known as WLAN) ................................................................................................................... 7
Summary of actions (WZC): ............................................................................................................. 7
Auto-Connect .................................................................................................................................... 8
Ethernet .................................................................................................................................................... 9
Mobile Data .............................................................................................................................................. 9
Digital Subscriber Line (DSL) ................................................................................................................. 10
Home Broadband ................................................................................................................................... 10
Dial-up .................................................................................................................................................... 11
Dial Options .................................................................................................................................... 11
The iPassConnect Interface 12
Launching iPassConnect ........................................................................................................................ 13
Selecting a Connection........................................................................................................................... 13
Available Networks ......................................................................................................................... 13
Phonebook Search by Location ...................................................................................................... 14
Default Country ............................................................................................................................... 14
Local Number Lookup..................................................................................................................... 14
Search by Keyword......................................................................................................................... 15
Bookmarks ...................................................................................................................................... 15
Phonebooks 16
Filtering Content ..................................................................................................................................... 16
Custom Phonebooks .............................................................................................................................. 16
Connection Information 17
Connection Status .................................................................................................................................. 17
Status tab ........................................................................................................................................ 18
Usage tab ....................................................................................................................................... 18
Offline Cumulative Usage ............................................................................................................... 19
Connection Log ...................................................................................................................................... 19
SQM Data ............................................................................................................................................... 20
Appearance 21
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. iii
Banner Image ......................................................................................................................................... 21
Desktop Shortcut Name ......................................................................................................................... 21
Default Installation Path.......................................................................................................................... 21
Custom Help Menu Items ....................................................................................................................... 21
Technical Support Message ........................................................................................................... 21
Supplementary Help ....................................................................................................................... 22
Display Dial-up Pricing ........................................................................................................................... 22
Configuration Options 23
Profiles .................................................................................................................................................... 23
About iPassConnect ............................................................................................................................... 23
Languages Supported ............................................................................................................................ 24
Selecting Installation Language ...................................................................................................... 24
Session Management Options ............................................................................................................... 24
Idle Timeout .................................................................................................................................... 24
Session Limit .................................................................................................................................. 25
Username Options .................................................................................................................................. 25
Domains .......................................................................................................................................... 25
Non-editable Domain ...................................................................................................................... 25
Domain Hidden ............................................................................................................................... 25
Department/Project Code ............................................................................................................... 25
Password Options .................................................................................................................................. 26
Save Password ............................................................................................................................... 26
Cache Password ............................................................................................................................. 26
iPass Encrypted Login (formerly iSEEL) ........................................................................................ 26
Unique Session ID (USID) ...................................................................................................................... 26
Certificate Authentication ....................................................................................................................... 27
Trusted Root CAs ........................................................................................................................... 27
PEAP-GTC Protocol ....................................................................................................................... 27
TTLS-PAP Protocol ........................................................................................................................ 28
TTLS-GTC Protocol ........................................................................................................................ 28
Live Logon .............................................................................................................................................. 29
Live Logon feature for Windows Vista ............................................................................................ 29
Timeout ........................................................................................................................................... 29
Single Sign On ................................................................................................................................ 29
Mobile Data Features ............................................................................................................................. 30
PIN Management ............................................................................................................................ 30
Administrator-Provisioned Networks .............................................................................................. 30
User-Configured Networks ............................................................................................................. 31
Admin Network Control ................................................................................................................... 31
Phonebook and Software Updates 32
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. iv
Background Updates .............................................................................................................................. 32
Software Updates ................................................................................................................................... 32
Speed Prioritized Update ................................................................................................................ 32
Integration 33
Connect Actions ..................................................................................................................................... 33
Connect Action Types..................................................................................................................... 33
Connect Action Parameters ............................................................................................................ 34
FlexVPN ................................................................................................................................................. 34
User-Defined Post Connect Actions ............................................................................................... 35
Supported Third Party Applications ........................................................................................................ 35
VPN Integration .............................................................................................................................. 35
VPN Gateway Selection ................................................................................................................. 36
Personal Firewall (PFW) Integration ...................................................................................................... 36
Antivirus (AV) Integration........................................................................................................................ 36
Copyright © 2009, iPass Inc. All rights reserved.
Trademarks
iPass, iPassConnect , and the iPass logo are trademarks of iPass Inc. All other brand or product names are trademarks or registered
trademarks of their respective companies.
Warranty
No part of this document may be reproduced, disclosed, electronically distributed, or used without the prior consent of the copyright
holder.
Use of the software and documentation is governed by the terms and conditions of the iPass Corporate Remote Access Agreement, or
Channel Partner Reseller Agreement.
Information in this guide is subject to change without notice.
Every effort has been made to use fictional companies and locations in this manual. Any actual company names or locations are strictly
coincidental and do not constitute endorsement.
Introduction
iPassConnect 3.66 Administra tor 's Guide 5
2009 iPass Inc.
Introduction
iPassConnect™ makes secure, simple and effective network connectivity a reality. No matter the
location or access type, iPassConnect users have on-demand connectivity to the corporate network
through thousands of WLAN, Ethernet, Dial-up, ISDN, PHS, GSM, and Mobile Broadband access
points in over 100 countries. This comprehensive network includes over 100,000 Wi-Fi and Ethernet
access points in iPass-enabled airports, hotels, conference centers and coffee shops.
The iPassConnect universal client enables professionals to access corporate networks using virtually
any computing device, and connect to Wi-Fi securely. IT managers can implement centrally-managed
policies for access, security and usage to control how the users connect to the Internet.
What's more, iPassConnect allows the IT staff to deploy the client with minimal user intervention and
at lower total enterprise cost.
This document gives an overview of the capabilities of iPassConnect 3.66 for Windows. You will find
information on general usage, product features and benefits, installation and upgrading, configuration
options, and administrator-controlled policies.
Types of Network Service
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 6
Types of Network Service
iPassConnect is configurable for a wide variety of service types. This includes the iPass networks,
customer networks and personal Wi-Fi hotspots as defined by the user.
iPass Networks
Enterprise users can rely on highly available, secure, global iPass network connections. iPass
maintains agreements with service providers worldwide, aggregating networks into a single virtual
network with over 100,000 Wi-Fi access points.
Customer Networks
Customers may add their own access points to iPassConnect by providing the list of customer
networks to be added to their specific profile. A list of customer networks is also known as a CBook.
Inclusion of customer networks in iPassConnect is subject to commercial agreement.
The customer networks can be accessed in the same way as standard iPass access points.
The iPassConnect user interface sniffs and automatically displays the available Wi-Fi, Ethernet and
Mobile Broadband networks under the Available Networks section on the iPassConnect main
window. Users can search for any of these networks by location, by local number (Dial-up), or by
keyword.
The customer administrator can specify the order in which the access points are to be displayed.
Customer networks can include the full range of iPassConnect connection technologies and security
options, including Auto-Connect to customer Wi-Fi and 802.1X Ethernet.
Please raise a Support Ticket for any further assistance.
Personal Wi-Fi Networks
Administrators may allow users to include their own personally selected Wi-Fi access points in
iPassConnect. Users can easily access home services and other frequently used access points other
than the iPass networks and customer networks.
Examples of personal Wi-Fi networks may include a home, hotspot at a local coffee shop without
iPass service. iPassConnect supports display of both broadcast and non-broadcast Wi-Fi networks.
An Internet connectivity test at connection time determines whether Internet access is available, or if a Web browser should be launched to allow the user to navigate out of a walled garden (for example, by signing up for service at a non-iPass venue).
An administrator can choose to allow personal networks to Auto-Connect. See the Auto-Connect
section for more information.
Connect ivi ty Types
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 7
Connectivity Types
You can configure iPassConnect with any combination of the connection types available in
iPassConnect. (Subject to commercial agreement)
Wi-Fi (also known as WLAN)
iPassConnect is a full service Wi-Fi connection manager and 802.1X supplicant. The client supports
all 802.11b and 802.11g devices which offer an NDIS 5.1 interface. iPassConnect can connect to
public iPass hotspots, private administrator-provisioned (CBook) services or personal (user-defined)
services.
iPassConnect
automatically detects
locally broadcast Service
Set Identifiers (SSIDs), as
well as specified non-
broadcast SSIDs. The
Available Networks list
displays
SSID
Security level of each automatically detected hotspot
Signal strength
The icon for iPass network
On clicking icon, it displays all details about the network.
On launch, iPassConnect unbinds the Windows Zero Configuration (WZC) WLAN utility from the
interface. If there is already an association in place (when iPassConnect starts up), then active
detection of non-broadcast networks is suppressed, so as not to disrupt the existing connection. WZC
will be restored to its initial state when the user exits iPassConnect.
Summary of actions (WZC):
On Startup:
iPassConnect unbinds the WZC utility from the interface.
WZC service is not stopped or disabled.
On Connect:
WZC service is not stopped.
Unbinding is done only with respect to that specific network adapter.
On Disconnect:
Connect ivi ty Types
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 8
No actions.
On Exit:
iPassConnect binds the WZC utility to the interface.
WZC service is not restarted.
The available networks can be seen by clicking the “Refresh Networks” link in the WZC screen.
Auto-Connect
Auto-Connect is a configurable option that simplifies the Wi-Fi connection process, by automatically
initiating a connection attempt to networks from a pre-defined list of preferred networks. This feature
can be configured:
In the customer access point list.
As a Personal Wi-Fi service (indicated by the icon).
iPassConnect also Auto-Connects to customer-defined 802.1X Ethernet services.
You may configure any number of your Personal and Customer Wi-Fi networks for Auto-Connect.
However, only one of these configured networks can be connected at a time.
All services with a common SSID must be configured with the same Auto-Connect behavior.
Auto-Connect will commence only when iPassConnect detects an eligible network; and when the
current state of the client indicates a connection would be appropriate.
For instance, iPassConnect will not Auto-Connect
If an Ethernet connection with open Internet access is detected.
If an explicit disconnect has occurred since the last connection or restart of iPassConnect (a
user disconnect or VPN teardown).
When multiple Auto-Connect networks are detected simultaneously, iPassConnect will determine
which one to connect to, based on prioritization logic.
Customer networks are each defined with a relative priority, from 0 (lowest priority) to 255 (highest). If
multiple customer networks have the same priority, then the network with the highest signal strength
will be selected. Customer networks always take priority over personal networks, which are prioritized
by signal strength alone.
Currently, the Auto-Connect feature can only be applied to campus and personal Wi-Fi and 802.1X
Ethernet services.
Connect ivi ty Types
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 9
To enable Auto-Connect,
Select Connection Settings > WLAN and then check Automatically connect to preferred
networks.
Ethernet
When the user connects an Ethernet cable to the laptop, iPassConnect automatically detects the
Ethernet connection. It then characterizes the network, by displaying it at the top of the Available
Networks list as any one of the following:
Ethernet (802.1X): This indicates that iPassConnect detected a service that responds to an
EAPOL Start request.
There must be one or more access points in the customer access point list for 802.1X over Ethernet.
If Auto-Connect is active, then the user will be automatically connected.
Ethernet (iPass): iPassConnect received a response from the access point indicating the
option to authenticate using a known access procedure (such as GIS) and iPassConnect is
able to establish the availability of the iPass authentication infrastructure.
Ethernet (Authentication Required): If authentication is required, one of the following is
true:
iPassConnect received a response from the access point indicating the option to
authenticate using a known access procedure (such as GIS) but could not authoritatively
establish a link to the iPass authentication infrastructure. iPassConnect will prompt the
user to connect using iPass credentials.
iPassConnect received a response from the access point indicating a walled garden
without a known access procedure. iPassConnect will launch a Web browser when
connecting, and continue to test for Internet connectivity to assist the user in navigating
out of the walled garden.
Ethernet (Open): iPassConnect detected live Internet connectivity after receiving expected
content from a known Web service. The user can usually connect to this service without
credentials although iPassConnect will still prompt for them if needed, for possible use in a
VPN launch command or other integration action.
When iPassConnect is in the process of determining the Ethernet type (this may take a few
moments), it displays Ethernet (Identifying).
In addition to automatically detecting the Ethernet, iPassConnect lists Ethernet services in the iPass
Phonebook for manual selection by the user.
Mobile Data
Mobile Data connectivity supports both the 3GSM (such as GPRS, EDGE, UMTS and
HSDPA/HSUPA) and cdma2000 (1xRTT, CDMA, EVDO) families of networks.
Connect ivi ty Types
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 10
In order to use Mobile Data connectivity, you must have an active subscription with a Mobile Data
provider. iPass offers Mobile Data subscriptions in several major markets, including the US, UK,
Netherlands, Japan, China, Hong Kong and Singapore.
iPassConnect will automatically detect Mobile Data devices that are connected to a user’s laptop.
Around 100 different cards/devices are currently supported and new cards are added frequently.
If the user has a Mobile Data service, and a card is installed in the laptop, then locally detected
Mobile Data networks are by default displayed at the bottom of the Available Networks list. There
are no Phonebook entries for Mobile Data services although for 3GSM networks, an Access Point
Name (APN) configuration is required. iPassConnect contains APN settings for many known
networks around the world and iPassConnect 3.66 allows users and administrators to create and
customize APN configurations to suit their own carrier relationships.
See the “List of Supported Mobile Broadband Devices” document for the current list of supported Mobile Data cards.
Unlike other services in the iPass footprint, the default Mobile Data configuration involves
authentication by the cellular provider only, using either authentication from the device or SIM,
although authentication using iPass user credentials is also supported. If your provider supports
authentication through the iPass network, you may choose to submit the iPass credentials for this
authentication.
Digital Subscriber Line (DSL)
DSL allows connection to the MS-DUN PPPoE interface for MSCHAP authentication to a compatible
DSL provider. These authentication requests do not necessarily traverse the iPass authentication
infrastructure.
The iPass DSL integration is limited in scope and therefore not enabled by default.
Please contact your Account Manager and DSL provider regarding the suitability of this offering for your needs.
Home Broadband
You can use iPassConnect to connect to the iPass network through an existing broadband Internet
connection, such as cable modem or WLAN router. In this case, iPassConnect does not establish a
new connection to the Internet, since your broadband connection is already connected. However,
iPassConnect will launch your VPN and other integrated applications like your personal firewall.
Although this is referred to as a Home Broadband connection, it can include any pre-existing Internet
connection, such as a connection over an office LAN or hotel Ethernet port.
For example: A telecommuter may already be connected to the Internet using a cable modem at
home. By launching iPassConnect and using the Home Broadband feature, the VPN client and
personal firewall can be launched, giving the telecommuter a secure connection to company
resources over the existing connection.
Connect ivi ty Types
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 11
Dial-up
Supported iPassConnect Dial-up technologies include standard modem, ISDN, GSM, and PHS.
Modem v.90/v.92. (Modem on hold not supported)
ISDN Single or dual channel PPP/MLPPP ISDN access
GSM Support for v.110 capable dial providers
PHS Support for PIAFS 2.1 standards
iPass uses Dial-up Networking (DUN), a standard component of the Windows operating system, to
ensure consistent access across different modems. The client establishes a Dial-up session by
creating and invoking a DUN connectoid, typically named "iPassConnect".
iPassConnect overrides Microsoft Telephony Application Programming Interface (TAPI) dialing rules,
because dialing rules such as US 7, 10 and 11 digit dialing and international dialing rules change
frequently and do not offer sufficient flexibility for global dialing of all cities and toll free numbering
schemes. Dialing rules are published as part of the regular Phonebook update process and are
overlaid on top of the regular TAPI rules. If an iPassConnect dialing rule is not present then the
underlying TAPI rule is used.
Dial Options
iPassConnect supports the following configurable options for all Dial-up connections:
Dial Properties Support for outside lines, disabling of call waiting, tone or pulse dialing, dialing from a different location
Dialing Rules Supports 7,10 and 11 digit dialing, including area code
Calling cards Can store information about a single calling card
Redialing attempts Can set number of redial attempts on failed connection
Smart Redial Automatically tries another access point in the same city and the same area code if the previous connection attempt failed. Saves the user time by connecting to the next access point in the Phonebook without user intervention.
City-level dialing Can attempt to connect to a set of access points in a city, one after another, until connected. Specific modem numbers will not be displayed. Helpful if you do not have a particular access point in mind but simply wish to connect to any nearby one. (This feature is disabled by default.)
The iPassConnect Inter face
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 12
The iPassConnect Interface
See iPassConnect User Guide for installation procedure. This document is available on iPass portal.
The iPassConnect Inter face
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 13
Launching iPassConnect
iPassConnect can be configured to launch at Windows startup. This can be done by setting the “Run
iPC at startup” option to “yes” while creating the customer profile. The client runs in the
background, and an iPassConnect icon ( ) is displayed in the Windows system tray.
Please note that, “Launch at startup” option is only configurable through iPass Customer Care. Please open a support ticket to enable this option.
To launch the application,
Double-click the icon in system tray.
OR
Start > All Programs >iPass > iPassConnect.
Upon launch, iPassConnect begins scanning for available broadband networks, including Wi-Fi,
Mobile Data and Ethernet, and displays the scan results under Available Networks. If Auto-Connect
is configured, iPassConnect will immediately connect to any of the detected networks that are
designated as preferred. (See Auto-Connect for more information.)
When a user disconnects from a connection, iPassConnect will continue to run in the system tray
unless the user exits the application.
Software Update: The iPassConnect update service runs on system startup independently of the
iPassConnect application. (See Phonebook and Software Updates for more information on Updates.)
Selecting a Connection
iPassConnect presents a variety of methods for users to select a connection.
Available Networks
The Available Networks list makes it easy to connect to automatically detected networks. The
display of WLAN hotspots, Mobile Data networks, and Ethernet connections depends on the
Connectivity Type that is enabled for the profile.
iPassConnect scans for available networks without the user’s intervention. A pop-up bubble informs
the presence of available networks. The user can select the desired access point, login using
required credentials, and get connected.
The iPassConnect Inter face
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 14
Phonebook Search by Location
An alternate method for connecting to an access point is to Search the Phonebook by location. In
most countries, the user selects the country
and city. (In the US, Australia, Canada and
Japan, the user can also select the state,
territory, province or prefecture.)
iPassConnect will scan the Phonebook for
access points meeting the geographic
selection criteria and present them for
connection. This includes modem, ISDN,
GSM, WLAN, PHS, and Ethernet access
points.
Search by location is generally used for
connecting to networks that cannot be
automatically detected, for example:
modem, ISDN, PHS, GSM, and DSL. It is
helpful for trip planning purposes. Roaming
users can search the Phonebook before a trip, to find local access points near their destination, and
plan their itinerary accordingly.
Mobile Data services and some types of automatically detected Ethernet service are not shown in the
Phonebook search but are presented in Available Networks when detected.
Default Country
Users can set a default country for Phonebook searches, which will pre-populate the Country drop-
down in the Search criteria. (Users can select a different country if needed.) This is helpful for users
who roam primarily within a single country.
Local Number Lookup
Local Number Lookup helps users find a
local Dial-up access point in the United
States. Users enter the area code and
phone number of the US location they
are connecting from and iPassConnect
will return a list of the closest dial access
points.
If no local access points are found, any
available US Toll-Free numbers will be
displayed instead.
If the customer has filtered Toll-Free
numbers out of the Phonebook, the user
will be informed that no local access is
The iPassConnect Inter face
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 15
available.
iPassConnect can be configured to display customer access points located in a Local Number
Lookup search at the top of the list of returned access points.
(See Custom Phonebooks for more information on customer access points.)
Search by Keyword
The Keyword search helps the users to
search a given country for broadband
access points containing one or more
specified keywords.
A keyword may be a complete word
(e.g. "Starbucks") or a partial word (e.g.
"bucks").
Multiple keywords may be combined by
typing them with a space between each
one to create a more specific search
(e.g. "Starbucks San Fran Sutter").
The Keyword field remains disabled
until a country is selected. A keyword
search can be further constrained by the
state and city fields if desired.
Keyword search and Local Number
Lookup are mutually exclusive. If a
value is typed in one of these fields, the
other will be disabled.
Bookmarks
Bookmarks provide a convenient method for users to store their favorite access points for quick
retrieval. The Bookmarks menu displays all of the user’s Bookmarks for easy selection. In addition,
the user can right-click the System Tray icon to access the Bookmarks list.
You can bookmark both Dial-up and Wi-Fi access points. Bookmarks for Dial-up access points also
include the access point dialing rules.
By bookmarking a non-broadcast access point, a user can quickly initiate a new connection from the Bookmark menu without waiting for iPassConnect to detect the service.
Phonebooks
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 16
Phonebooks
The complete collection of global iPass access points is known as a Phonebook. It includes
thousands of worldwide Dial-up, ISDN, PHS, GSM, WLAN, Mobile Data, and Ethernet access points.
In addition, customers can add their own access points to the standard Phonebook.
Filtering Content
It is possible to filter the Phonebook content to display a subset of all access points to users and
thereby restrict connections to some access points. Customers may request removal of access points
in specific cities or countries, at certain price points, or removal of toll-free access points.
Custom Phonebooks
You can add your own list of custom access points to the standard iPassConnect Phonebook. This
list of customer access points is sometimes known as a CBook.
The list of customer access points includes the following information:
Access types: modem, ISDN, PHS, GSM, Wi-Fi, Ethernet
Access procedure: includes PAP, CHAP, GIS, 802.1X
Encryption mode: includes WEP, WPA, WPA2
Presentation details: before or after standard iPass access points
Authentication rules: includes user login format, certificate requirements
For instructions on how to create a list of customer access points, see the document - Creating a Customer Access Point List, available on the iPass Portal.
iPass Customer Care is not equipped to help in creating CBooks.
Connect ion Information
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 17
Connection Information
iPassConnect displays and stores a wide variety of information about user connections.
Connection Status
The Connection Status window displays the details of the current user connection. The details
include activity, link type, duration, and signal strength.
Activity: This field indicates the traffic generated by this connection at a given point in time.
i.e. data being transmitted or received or both. There are four possible states:
No activity
Download (Receive) only
Upload (Transmit) only
Simultaneous Download and Upload
Link Type: This field is displayed as label to the link speed. For Mobile Data connections, the
network bearer type is displayed instead of link speed.
Duration: This field displays the duration of the current connection.
Signal strength: This field displays the same signal strength information seen in the
Available Networks area of the main iPassConnect dialog. This field is visible only for
wireless connections, WLAN and Mobile Data.
Connect ion Information
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 18
Status tab
The Status tab displays the username, the name of the access point, and the status of the
connection.
Usage tab
The Usage tab displays the usage details.
This session: This
column displays usage
for the current
connection. Data
sent/received for
current session is sent
in the SQM record at
the end of the session.
Cumulative: This
column displays the
cumulative usage for
this device interface.
For 3GSM Mobile
Data devices,
cumulative usage is
tracked per device and SIM card combination, allowing users with multiple subscriptions to
track activity independently. The cumulative usage per device can be reviewed and reset
from the Settings menu when not connected.
Data Rate: This column displays the current data rate per second as reported by Windows.
Duration: This row displays duration of connection for This session and Cumulative.
Sent: This row displays the number of bytes sent in this session and cumulative sent since
the last reset.
Received: This row displays the number of bytes received in this session and cumulative
received since the last reset.
Total: This row displays the total number of bytes sent/received in this session and
cumulative data sent/received since the last reset.
Reset: The Reset button will reset all statistics for the device currently in use.
A note has been included in Connection Status dialog, to inform the user that, “Data routed through some VPNs via virtual adapter may not be displayed in iPassConnect.”
Connect ion Information
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 19
Offline Cumulative Usage
The Cumulative Usage dialog displays the cumulative usage statistics for every network interface
when the user is not connected. This is very useful to Mobile Data users for planning their usage. You
can review and also reset the cumulative
statistics.
The statistics include:
Choose Network Media: This list-box
displays a list of devices and network
entries that were used to make a
connection using iPassConnect. The
client will automatically add a device or
network to this list when the user makes
a connection. The user can remove any
network media using the Delete button.
Cumulative usage for selected
device: This group box contains the
usage for selected network media from
the list box. It contains the following
fields.
Network Name: It is populated only
for GSM Mobile Data connections.
Duration: Displays the sum of
duration for all the connections that are made from Since timestamp.
Send: Displays the cumulative number of bytes sent since the last reset.
Received: Displays the cumulative number of bytes received since last reset.
Total: Displays the cumulative number of bytes sent and received totally since last reset.
Since: Displays the Timestamp when the usage data was last reset.
Connection Log
iPassConnect tracks connection information in a Connection Log, viewable in iPassConnect on the
Help menu. The connection log displays the details of the most recent successful connections and
connection attempts. Error codes are included for failed connections. This information can be useful
for troubleshooting user connection issues.
Connect ion Information
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 20
SQM Data
Service Quality Management (SQM) is an iPassConnect software module that lets iPass measure
service delivery proactively, to identify potential user training issues or access point issues. SQM
tracks and logs all user connection attempts. These results are periodically sent to an iPass
database, which generates statistics showing the connection performance of every access point. The
SQM data is made available to customers through an optional iPass service called IOQ (Intelligent
Online Quality.)
Data is sent to iPass for every successful connection through iPassConnect client. If the user has previously made attempts to connect to the Internet using the client but was unsuccessful, then the data will be sent to iPass on the next successful connection, even if that connection is not facilitated by iPassConnect client.
Appearance
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 21
Appearance
The appearance of iPassConnect can be configured in several ways.
Banner Image
The standard iPass banner image appears at the top of the main iPassConnect interface and takes
up two-thirds of the width of the dialog.
Customers can replace the default banner with a banner image of their own choosing. The new
banner must be a Windows bitmap (.bmp) file 267 pixels wide by 59 pixels high.
Customers can also add a second image to the right of the first image. This is called a partner brand
image and is a Windows bitmap (.bmp) file 152 pixels wide by 59 pixels high.
In place of the banner and partner brand images, customers may elect to use a single banner image
across the entire width of the main dialog. This is called a full co-brand image and is a Windows
bitmap (.bmp) file 419 pixels wide by 59 pixels high.
Desktop Shortcut Name
The label of the iPassConnect desktop shortcut name can be modified with an
additional suffix to the name iPassConnect. iPassConnect <Your Choice>.
For example, iPassConnect Acme, or iPassConnect Cisco VPN.
Default Installation Path
You can customize the iPassConnect default installation path. The default is: C:\Program
Files\iPass\iPassConnect
Custom Help Menu Items
Help content in iPassConnect cannot be customized. However, customers have two alternate
methods to add customized help information.
Technical Support Message
iPassConnect can be configured with a custom support message (found in Help > Technical
Support). See the Tech Note: Customizing the iPassConnect Technical Support Message, on the
iPass Portal, for more information.
One tech support message can be uploaded per supported language; the appropriate message will
be displayed with English used where there is no other match. The customer is responsible for
providing the localized tech support messages.
Appearance
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 22
Supplementary Help
Customer can submit an HTML Help (.chm) file which will be linked to the standard iPassConnect
Help file. This optional file, which must be created and compiled by the customer, can contain special
instructions or contact information for your own users. See the Tech Note: Creating a Supplementary
Help File, on the iPass Portal, for more information.
Display Dial-up Pricing
iPassConnect can be configured to display modem, ISDN, PHS and GSM pricing for each Dial-up
access point. The currency symbol and conversion rate from US dollars are both configurable.
iPassConnect users can choose any one of the following currency types for pricing:
Dollar ($)
Pound (£)
Yen (¥)
iPass offers a range of options for customized pricing. Please raise a Support Ticket for more information.
Pricing display is disabled by default. iPass does not offer pricing display for other network access
types.
Configurat ion Options
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 23
Configuration Options
iPassConnect is highly configurable and includes many features that can be adapted for customer
requirements.
Configuration of some features or services may incur an additional fee. Please contact your Account Manager for more details.
Profiles
A profile describes the complete set of options included in your build of iPassConnect. Each profile is
distinguished by a unique identifying number called the profile ID.
A customer may have multiple iPassConnect profiles which is Subject to commercial agreement. This
allows for testing of different configuration options and new releases. It also assists user communities
with different configurations within the customer's user base. For example, you could create distinct
profiles which uses specific authentication for end-points, or you could also assign VPN integrations
to separate user communities.
You can view the options included in a particular profile using the Profile Viewer tool on the iPass
Portal. To make changes to your profile, submit a Support Ticket on the Portal.
About iPassConnect
You can view the complete technical details for a given version of iPassConnect.
Select Help > About iPassConnect.
The User Interface includes the Mobile Data build numbers for Services and Device Support in the
About iPassConnect dialog.
Configurat ion Options
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 24
In addition, the iPassConnect version and build date, profile number, Phonebook number, and
Copyright are included.
The Mobile Data build number is visible only when the client is configured for Mobile Data, GSM and/or 3G-Mobile connections.
The version number, profile ID, Phonebook ID and timestamp of the last Phonebook update are all
critical information, which are needed to be included in any support ticket when contacting iPass
Customer Care.
Languages Supported
iPassConnect supports nine languages:
Brazilian Portuguese
English
French
German
Japanese
Korean
Simplified Chinese
Spanish
Traditional Chinese
Selecting Installation Language
A single installer executable supports all nine languages. iPassConnect can be configured for one of
three language installation options:
Automatic: The locale setting on the end user’s PC will be used as the language for
installation.
User select: Allows the end user to determine which language to use for installation.
Force language install: The application will force the user to install in a chosen language.
Session Management Options
Idle Timeout
The idle timeout option automatically disconnects the session, if the network traffic consistently
remains below a given threshold for a pre-determined period. (1024 bps is recommended for Dial-up,
2048 bps for broadband connections).
After the pre-determined time period (2 minutes), the user will be prompted with a warning message.
The user can either choose to stay connected to the Internet or terminate the existing connection, by
Configurat ion Options
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 25
selecting the appropriate option from the warning message box. If the user does not respond to this
warning message within the specified time, the Internet connection will be terminated.
The Idle Timeout settings can be configured while creating the customer profile.
Session Limit
The session limit option automatically disconnects the session, if the connection duration exceeds a
given time limit.
An optional countdown warning message can be displayed after the predetermined period has
elapsed. This feature is disabled by default.
Username Options
These options allow configuration of the username (or NAI: network access identifier).
Domains
The domain name, also known as a realm, is used to uniquely identify a user with a specific customer
or group within an enterprise. (An example would be @example.com).
Customers may choose to have multiple domains to segment user communities or to display extra
information in Call Detail Records (CDRs). These domains can be selected from a list of preset
domains, or the domain list can be configured to be editable by users.
The default for domain is a single non-editable domain, which can be hidden from the user view and
will not appear in the user interface.
Non-editable Domain
iPassConnect can be configured to make the domain non-editable. In fact, to limit the use of the client
profile to a particular customer account, it is strongly recommended that the domain list be non
editable. This configuration may prevent a user from accidentally changing or deleting the domain
and having difficulty connecting. The domain will appear disabled. The customer can only have one
preset domain while using this feature.
Domain Hidden
iPassConnect can be configured to completely hide the domain. This feature requires one valid
preset roaming domain name. This feature can be used to avoid confusion when a user’s e-mail
address is not the same as iPass logon information.
Department/Project Code
iPassConnect supports the use of optional department/project codes, sometimes referred to as billing
codes. Some enterprises use these codes to uniquely identify departments or subsets of users, such
as Sales or Product Marketing, especially when billing back charges to individual departments.
Configurat ion Options
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 26
At the end of each month, iPass will provide call detail records (CDRs), indicating connections used
by the various billing codes to allow for easy segmentation and dissemination (for example,
[email protected]). Department/project codes are not used in the authentication process.
Each code can be a maximum of 16 single-byte alphanumeric characters and has a 1024 character
limit. As with domains, department codes can be selected from a list of preset domains, or the domain
list can be configured to be editable by users.
Password Options
Save Password
iPassConnect can be configured to save the user’s password to disk in encrypted form for future use.
Save Password option is disabled by default.
The Save Password check box will be enabled in Login Information dialog only if
AllowSavePassword attribute is set to Yes in config.ini file.
Cache Password
The Cache Password feature allows iPassConnect to retain the user’s password in memory for re-
use on further connections attempts within the same iPassConnect session (defined as the period
between startup and shutdown of the iPassConnect client application), Cache Password is enabled
by default.
iPass Encrypted Login (formerly iSEEL)
iPass Encrypted Login, an optional, fee-based service, uses public key cryptography to further
encrypt passwords while in transit over the iPass authentication infrastructure. iPass encrypts the
user password at the client using elliptic curve cryptography and the password remains encrypted
until it reaches the iPass Transaction Center.
Not all iPass access points support iPass Encrypted Login, as some providers do not support the
username and password lengths and special characters utilized by the encryption algorithm.
iPass Encrypted Login can be configured in one of the following modes:
Mixed Mode Enabled: iPassConnect will use iPass Encrypted Login with all access points
that are known to support it, but will fall back to regular authentication on other iPass services
Mixed Mode Disabled: iPassConnect will only display access points known to support iPass
Encrypted Login
Mandatory Mode: As an extension to Mixed Mode disabled, the iPass Transaction Centers
can optionally be configured to accept only iPass Encrypted Login authentication requests.
Unique Session ID (USID)
USID is a non-configurable feature of iPassConnect which inserts a unique 11 character serial
number into each authentication request for the purposes of matching individual billing records (CDRs
Configurat ion Options
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 27
: Call Detail Records) and IOQ records. iPassConnect retrieves the seed of the unique serial number
from an iPass server at the earliest opportunity following initial installation.
Certificate Authentication
iPassConnect can use EAP-TLS and PEAP-TLS authentication
methods for authentication of private Wi-Fi and Ethernet connections
using mutual certificate authentication.
When configured, iPassConnect will display a Certificates tab on
the Login Information dialog to allow the user to select the
certificate, and optionally the certificate identity, to be used for each
connect attempt. This uses the Internet Explorer certificate store.
Normally, this is applicable for the current user, but in Live Logon, it would be applicable for the local machine.
Trusted Root CAs
The administrator can specify that only a subset of available trusted root certificate authorities (CAs)
be used for TLS authentication modes, by defining rules for them in iPassConnect.
For instructions on how to create a list of customer access points, see the document - Creating a Customer Access Point List, available on the iPass Portal.
PEAP-GTC Protocol
iPassConnect supports PEAP-GTC protocol thereby ensuring secured private enterprise network
connectivity. In the client, this is being established with the support of One Time Password (OTP)
tokens.
Token Integration is not GA feature. Please contact iPass Professional Services to enable this feature.
The PEAP-GTC protocol is supported on:
Windows XP (Professional) Service Pack 2 and Service Pack 3.
Windows Vista (All versions) Service Pack 1
Only Static Password and RSA token/ One Time Password (OTP) are supported on Windows Vista. However, RSA Next Token is not supported in Vista platform.
Testing involved validation on both Standard and Administrative user account privileges. The authentication parameters have not been validated for Windows Vista Home editions.
While connecting to a PEAP-GTC enabled hotspot, the server challenges the user with a response
window. The user interface of iPassConnect client has been enhanced with this Provide Response
dialog.
Configurat ion Options
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 28
Here, the challenge message is sent by the server and user is required to enter the response. Based
on the response, the user is re-authenticated for valid credentials.
Please raise a Support Ticket for any clarifications with respect to the server message settings.
TTLS-PAP Protocol
iPassConnect supports Tunneled Transport Layer Security-Password Authentication Protocol (TTLS-
PAP) protocol which ensures secured private enterprise network connectivity and provides two factor
authentication. The Tunneled Transport Layer Security (TTLS) protocol helps to secure the outer
tunnel and PAP secures the inner tunnel. The authentication process is simple, since only the Server
is authenticated by the client. It supports the use of static and dynamic passwords.
The logon procedure for using the hot spot with TTLS-PAP is similar to the normal iPassConnect
logon process.
TTLS-GTC Protocol
TTLS- GTC protocol provides secure two factor authentication for connectivity to private networks.
The TTLS protocol provides the security for the inner tunnel and the Generic Token Card provides the
security for the outer tunnel.
The logon process for TTLS-GTC protocol is similar to the logon process of PEAP-GTC
Token Integration is not GA feature. Please contact iPass Professional Services to enable this feature.
Please note that TTLS-PAP and TTLS-GTC are not supported when used with Live Logon mode on the Windows Vista.
Configurat ion Options
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 29
Live Logon
iPassConnect offers the Windows Live Logon option. This option inserts a new GINA (Graphical
Identification and Authentication) module at the start of the Windows logon sequence, which includes
an option to logon with iPassConnect (in place of the Log on using Dial-up Networking option in the
regular Windows GINA).
When selected, iPassConnect will be launched before the
Win Logon sequence, to allow a live Windows domain
logon without further user input.
This fully-featured GINA offers fully configurable credential
handling, including Single Sign On (SSO).
Live Logon feature for Windows Vista
Windows Vista does not support the GINA module.
Hence, the Windows Live Logon option is achieved by creating a DLL which is a Credential Provider
(CP) or a Pre-Logon Access Provider (PLAP). The Live Logon DLL will behave as a CP or a PLAP
based on how it is registered with the OS.
When Vista Live Logon implementation collects the OS credentials, the DLL is implemented
as a Credential Provider (CP). The CP DLL will work in the same way as the iPass GINA on
Windows XP.
When Vista Live Logon implementation does not collect the OS credentials, the DLL is
implemented as a PLAP. The PLAP DLL will invoke iPassConnect to make a connection and
the Logon process is done by Credential Provider.
The Live Logon feature is not supported for 802.1X CBook access points on Windows Vista.
Timeout
Windows Live Logon includes a configurable timeout option. If the user presses Ctrl+Alt+Del and
does not login within the specified timeout interval (default 5 minutes), the iPassConnect session is
terminated and Windows reverts to the welcome screen.
Single Sign On
With Single Sign On, iPassConnect can be configured to reuse the Windows username or network
username and password for authentication of network connectivity. It can also be configured to use
the Windows username and password to authenticate a VPN connection.
To ensure security, by default, the Windows password is not retained by iPassConnect and is not
propagated to a VPN client. If iPassConnect is configured to reuse the password then it will store it in
encrypted form and will decrypt for the shortest possible interval when needed.
Configurat ion Options
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 30
Mobile Data Features
PIN Management
When a user inserts a SIM-based 3GSM device, iPassConnect automatically displays the PIN menu
to allow the user to perform all PIN management functions from within the iPass interface. The
options include:
Enable PIN
Unlock the SIM
Unblock (sometimes called "un-PUK") the SIM
Disable PIN (subject to administrator approval)
Change PIN (subject to administrator approval)
Save PIN (subject to administrator approval)
The current SIM lock status is shown on the Info dialog, under connection settings, and by implication
from the available menu options.
Administrator-Provisioned Networks
iPass supplies an extensive directory of global 3GSM Mobile Data services (CDMA service
information is contained within the device and is not exposed to the client) and iPassConnect will
generally select the appropriate configuration for the detected network in the supplied APN file.
The APN settings may include any of the following configuration elements:
Network number
Network name
APN server access point
Bearer network credentials
Bearer network domain
DNS information
QOS levels
The dial string for access
Configurat ion Options
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 31
In some situations, the administrator may wish to customize these settings to suit specific
requirements e.g. a private network contract between the customer and the carrier.
This can be achieved by supplying iPass Customer Care with an "adminapn.ini" file describing the
custom configuration elements. In instances where the same network is defined twice, the
administrator-supplied file takes precedence over the iPass default file.
User-Configured Networks
The user may also create a custom network
definition by filling-out the "Network
Information" settings under the Mobile Data
Connection Settings dialog. The information
shown here is essentially the same as
described for administrator-provisioned
networks above.
Users are initially presented with the iPass
"public APN" configuration settings for
modification although a "Default" button is
available in case the user needs to revert to
the original iPass settings.
This option is useful in situations where a user
has a subscription to a Mobile Data service not
yet covered by the iPass APN file.
Please raise a Support Ticket for any further assistance
Admin Network Control
Administrators have the option to control whether
Users can use a given iPassConnect profile to attach to the networks, described in the iPass
public APN file.
Users are constrained to use only the admin-supplied network configurations.
By default, users are permitted to connect to all networks subject to a suitable subscription.
Administrators can also control whether users can use a given iPassConnect profile to connect to
networks flagged as "roaming networks". This feature is intended to provide the option to limit access
to high-cost international roaming services when travelling abroad but an important footnote is
needed here:
iPass has observed that the Mobile Data roaming flag is often enabled for the home service on US-based 3GSM networks. Disabling roaming would prevent access to the home service in such a situation.
Roaming control is therefore recommended only for administrators with explicit knowledge of the
roaming settings that apply to their user community's home networks.
Phonebook and Software Updates
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 32
Phonebook and Software Updates
A key feature in iPassConnect is its capability to automatically receive Phonebook and configuration
updates. iPass typically publishes a new version of the Phonebook each week.
Background Updates
iPassConnect has an update mechanism called background update. This runs as a separate service
distinct from the iPassConnect client. It periodically checks for Phonebook updates or SQM data to
upload using any connection available at that time (even those that are not made using
iPassConnect). In particular, the feature enables automatic updates over the LAN. Updates are
downloaded and installed in the background, using trickle download technology with bandwidth
throttling and support for interrupted downloads.
The background update module automatically discovers proxy settings as needed. iPassConnect
works with the full range of proxy configurations that can be specified through the Internet Explorer
interface, and will display a dialog to request user proxy credentials or allow the user to defer the
update attempt.
For updates, iPassConnect tries establish outbound network sessions to iPass servers using HTTP
on port 80 and HTTPS on port 443.
For broadband connections (other than 802.1X), HTTP and HTTPS are also used but some providers
use redirectors to non-standard ports. iPass therefore recommends outbound access is permitted on
all TCP ports for the following iPassConnect service components: iPassConnectEngine.exe,
BrowserLogin.exe, iPassPeriodicUpdateApp.exe and iPCCheck.exe. iPass may add other
network-aware components in the future.
Software Updates
Users of earlier releases of iPassConnect can upgrade to version 3.66 using the integral software
update capabilities. The software upgrade process automatically uninstalls the old version and
installs the new one, while preserving user configuration settings such as saved passwords,
Bookmarks, Personal Wi-Fi networks and user preferences.
Please raise a Support Ticket for any further assistance on Software updates.
Speed Prioritized Update
This feature allows iPassConnect to take advantage of the times when the user is connected over a
broadband connection, to optimize the update experience. If enabled, iPassConnect will only perform
a software update when the user is connected to a high-speed connection (the threshold is
configurable). Typically this is a LAN or broadband connection connected at 128kbps or greater.
Integrat ion
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 33
Integration
Connect Actions
Connect actions are program activities that execute at predetermined points in the iPassConnect
connection sequence. A typical connect action would involve the launch of a VPN application
following a successful connection to the Internet. Administrators may specify as many connect
actions as needed for a given client profile.
Connect Action Types
You can specify any of the following types of connect actions.
Action Type Runs when... Comments
OnStartup During the iPassConnect startup sequence
PreDial Immediately before connection dial attempt.
PreTunnel Immediately after IP connectivity is established.
If configured, BrowserLogin and Policy Enforcement integrations run as PreTunnel actions
Tunnel After PreTunnel actions. Recommended for VPN integrations where configured.
PostConnect After a connection is established and following updates and VPN launch.
Steady state. Recommended for most network- aware customer applications.
Disconnect Before a controlled disconnect occurs (for example, when the user clicks Disconnect or after a VPN teardown event.) Also, on a Windows suspend event.
Disconnect events can be triggered if the user clicks Disconnect, through teardown events, or due to unexpected errors (such as an unplugged cable).
OnCancel User clicks Cancel.
OnError A connection attempt fails.
Miscellaneous N/A Usually used to include files needed by other actions to run properly. For example, if certain connect action requires a DLL, and then a Miscellaneous action would be used.
OnExit During the iPassConnect shutdown sequence
Integrat ion
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 34
Connect Action Parameters
This table lists several parameters that can be defined for each connect action. Connect actions are
implemented by iPass Customer Care.
Parameter Definition
Description Short description of the Connect Action you are adding.
Sequence # Indicates the relative order in which synchronous Connect Actions will execute. Sequence numbers are needed for version management, so never leave this field blank. Sequence numbers must be unique within each Connect Action type.
Program Path name of the program that will be launched with this Connect Action (if any). You may use the Browse button to locate this program and specify a path.
Include Program with Dialer
This option, allows the users to include a specific file, which will be included along with the iPassConnect client.
Run Mode Run Mode defines when how the action will execute.
A synchronous action will execute and wait for the return value before
proceeding to the next action. If one action has trouble running or completing,
the actions after it cannot run. A synchronous action is also called a Launch and
Wait action.
An asynchronous action will execute in sequence but not wait for a return value.
However, OS multitasking and the complexity of binary will determine which
action completes first. An asynchronous action is also called a Launch and
Proceed action.
Target Target indicates the access point type associated with a given connect action. You may
choose iPass POPs, Customer POPs, or Both. In iPassConnect 3.66, the scope can be
further modified by the FlexVPN Network Types options.
Monitor iPassConnect can be configured to respond to the return code of the called application by
either skipping the VPN launch (in response to a return code of 1) or initiating a complete
disconnect (in the event of a return code of -1). You should contact your iPass technical
representative for further details
Type This is a label used to indicate types such as "VPN", "PFW" and "AV" and is used in to ensure accurate user messaging.
Run Context iPassConnect can run applications in the context of the logged-in user or in the SYSTEM
context. For security reasons, the former should be used whenever possible.
FlexVPN
FlexVPN provides the fine-grained control necessary for determining when a VPN (or any other
connect action integration) should be invoked, according to the network type used for the connection.
One example of this feature’s use would be to launch a VPN in all instances except on a private
secure Wi-Fi connection (such as an 802.1X authenticated WPA2 service).
There are eight distinct network types that can be independently configured as required.
Integrat ion
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 35
iPass Broadband
iPass Dial
Customer Dial
Customer Encrypted 802.1X Wi-Fi
Customer Wi-Fi other
Customer Ethernet
Mobile Data: The FlexVPN has been enhanced to provide distinct options for different
treatment of Private and Public Mobile Data networks.
All Other Networks
User-Defined Post Connect Actions
iPassConnect can be configured to allow users to enter their own post-connect actions. These are
usually used to launch useful Internet applications. User-defined post-connect actions can include
launching the default Web browser, or launching any application on
a user’s computer, such as an email client.
User-defined connect actions are applied following all successful
connections, regardless of whether a user accesses a customer-
owned access point or an iPass access point, and regardless of
connection type.
To configure post-connect actions, the user clicks Connection
Settings > General, and then selects the appropriate actions as
needed.
Supported Third Party Applications
iPassConnect supports a wide and ever-increasing variety of VPN, Anti-Virus and Personal Firewall
products. See the iPass Portal for the latest information on compatible integrations.
VPN Integration
VPN integration allows different procedures for entering user credentials into iPassConnect and the
VPN client. This table describes the various kinds of VPN Integration possible in iPassConnect.
Type Description
VPN Auto-connect
User enters only one set of credentials into iPassConnect, to establish both the Internet and the VPN connection. The iPass RoamServer authentication and the VPN switch authentication must either point to the same common user database, or else must have the identical active username and password resident in each respective user database.
VPN Auto-Launch
User enters credentials into iPassConnect, and then can choose which server to connect to using the VPN client, but must enter VPN credentials separately. This allows the customer to use separate credentials for iPassConnect and VPN
Integrat ion
iPassConnect 3.66 Administra tor 's Guide 2009 iPass Inc. 36
authentication.
VPN Monitor Following an initial grace period, iPassConnect can monitor for the continued presence of a VPN tunnel and can be configured to gracefully disconnect the network connection if the VPN tunnel should drop.
VPN Graceful Disconnect
iPassConnect can be configured to gracefully terminate the VPN connection before the network is disconnected in response to a user disconnect request.
VPN Gateway Selection
iPassConnect currently supports VPN gateway selection from the iPassConnect Login Information
dialog for Cisco and Nortel VPN services.
Personal Firewall (PFW) Integration
iPassConnect can be integrated with a number of personal firewall (PFW) solutions to allow for
increased security while using remote access. If this feature is enabled, the client will monitor the
user's firewall solution to guarantee protection while connected. The protection is guaranteed in the
two following ways:
iPassConnect will require the user to have the selected firewall software loaded and running
before initiating a connection. (Subject to user permissions, iPassConnect can also launch
the PFW software at connect time.)
iPassConnect will terminate the session if the firewall goes down while the user is connected.
Antivirus (AV) Integration
iPassConnect can be integrated with a number of AV products to allow for increased security while
using remote access.
If this feature is enabled, the client will launch and monitor a user's antivirus solution to guarantee
protection while connected and to disconnect the connection if the AV client should cease to respond.
E N D O F D O C U M E N T