Table Of Contents
WebVPN End User Set-up
Usernames and Passwords
Security Tips
Browser Caching and Security Implications
Configuring Remote Systems to Use WebVPN Features
Starting WebVPN
Using Applications (Port Forwarding)
Using Other WebVPN Features
The WebVPN Floating Toolbar
Application Access: Recovering from Hosts File Errors
How WebVPN Uses the Hosts File
What Happens When You Stop Application Access Improperly
What to Do
Reconfigure Hosts File Automatically Using WebVPN
Reconfigure Hosts File Manually
E-mail Proxy
Example Configuration
Outlook Express on Windows 2000
Configuring Outlook Express
Eudora 5.2 on Windows 2000
Configuring Eudora
Netscape Mail 7 on Windows 2000
Sending and Receiving E-mail
WebVPN End User Set-up
This appendix is for the system administrator who sets up WebVPN for end users. It summarizes configuration requirements and tasks for the user's remote system. It also specifies information to communicate to users to get them started using WebVPN.
Note 
We assume you have already configured the VPN Concentrator for WebVPN.
This appendix includes information on the following topics:
•Usernames and Passwords
•Security Tips
•Configuring Remote Systems to Use WebVPN Features
•The WebVPN Floating Toolbar
•Application Access: Recovering from Hosts File Errors
•E-mail Proxy
Usernames and Passwords
Depending on your organization's network, during a remote session users might have to log in to any or all of the following: the computer itself, an Internet provider, WebVPN, mail or file servers, or corporate applications. Users might have to authenticate in many different contexts, requiring different information, such as a unique username, password, or pincode.
Table C-1 lists the type of usernames and passwords that WebVPN users might need to know.
Table C-1 Usernames and Passwords to Tell WebVPN Users
Login Username/
Password Type
|
Purpose
|
Entered When
|
Computer
|
Access the computer
|
Starting the computer
|
Internet Provider
|
Access the Internet
|
Connecting to an Internet provider
|
WebVPN
|
Access remote network
|
Starting WebVPN
|
File Server
|
Access remote file server
|
Using the WebVPN file browsing feature to access a remote file server
|
Corporate Application Login
|
Access firewall-protected internal server
|
Using the WebVPN web browsing feature to access an internal protected website
|
Mail Server
|
Access remote mail server via WebVPN
|
Sending or receiving e-mail messages
|
Security Tips
Advise users always to log out from the WebVPN session when they are done. (To log out of WebVPN, click on the logout icon on the WebVPN toolbar or quit the browser.)
Advise users that using WebVPN does not ensure that communication with every site is secure. WebVPN ensures the security of data transmission between the remote user's PC or workstation and the VPN Concentrator on the corporate network. If the user then accesses a non-HTTPS web resource (located on the Internet or on the internal network), the communication from the corporate VPN Concentrator to the destination web server is not secured.
Browser Caching and Security Implications
If you use WebVPN through a public or shared Internet system, such as at an Internet cafe or kiosk, to ensure the security of your information after terminating or logging out of the WebVPN session, delete all files that you saved on the PC during the WebVPN session. These files are not removed automatically upon disconnect. After logging out, you should also clear the browser's cache (CSCec78671).
Note WebVPN does not save the content of Web pages viewed during the session. However, for additional security, we recommend that you also clear the browser's cache. Deleting content from a PC does not ensure that it cannot be recovered; please keep this in mind when downloading sensitive data.
Configuring Remote Systems to Use WebVPN Features
This section summarizes:
•WebVPN requirements, by feature
•WebVPN supported applications
•Client application installation and configuration requirements
•Information you might need to provide end users
•Tips and use suggestions for end users
It is possible you have configured users accounts differently and that different WebVPN features are available to each user. We have organized the informationthat follows by feature, so you can skip over the information for unavailable features.
Starting WebVPN
The following are required to start WebVPN on a user's remote system.
•A connection to the Internet — Any Internet connection is supported, including:
–Home DSL, cable, or dial-ups
–Public kiosks
–Hotel hook-ups
–Airport wireless nodes
–Internet cafes
•A WebVPN-supported browser — The following browsers have been verified for WebVPN. Other browsers might not fully support WebVPN features.
On Microsoft Windows:
–Internet Explorer version 6.0 SP1 (SP2 required for Windows XP)
–Netscape version 7.2
–Mozilla version 1.73
–Firefox 1.0
On Linux:
–Netscape version 7.2
–Mozilla version 1.73
–Firefox 1.0
On Macintosh OS X:
–Safari version 1.24
–Firefox 1.0
On Solaris:
–Netscape version 7.2
–Mozilla version 1.73
•Cookies enabled — Cookies must be enabled on the browser in order to access applications via port forwarding.
•Pop-ups enabled — Pop-ups should be enabled on the browser to allow it to display the floating WebVPN toolbar and timeout warnings. If pop-ups are blocked, change the browser setting and click the WebVPN floating toolbar icon on the in-page toolbar to display the floating toolbar.
If pop-ups are disabled on the browser, WebVPN will not warn the user before disconnecting due to idle timeout or maximum connect time.
•The URL for WebVPN — An https address in the following form:
https://address
where address is the IP address or DNS hostname of an interface of the VPN Concentrator (or load balancing cluster) on which Allow WebVPN HTTPS Sessions has been enabled. For example: https://10.89.192.163 or https://vpn.company.com.
•A WebVPN username and password
•[Optional] A local printer — WebVPN does not support printing from a web browser to a network printer. Printing to a local printer is supported.
Using Applications (Port Forwarding)
Port Forwarding supports only Sun Microsystems Java™. Microsoft Java is not supported. To run Port Forwarding, the client needs only the Java Runtime Environment (JRE) portion of J2SE version 1.4.1 or greater.
Tip We strongly suggest that you manually download the JRE from java.sun.com instead of allowing the applet to do it automatically for you.
•The JRE is only 10 MB.
•The J2SE is 90+ MB (or higher).
Because this feature requires installing JRE and configuring the local clients, and because doing so requires administrator permissions on the local system, it is unlikely that users will be able to use applications when they connect from public remote systems.
On Macintosh OS X, only the Safari browser supports this feature.
Note When you launch Application Access, your system may prompt you regarding digital certificates, and this dialog box may appear behind other browser windows. If your connection appears hung, minimize your browser windows to check for this dialog box.
Caution Users should always close the Application Access window when they finish using applications by clicking the close icon. Failure to quit the window properly can cause Application Access or the applications themselves to be disabled. See
Application Access: Recovering from Hosts File Errors for details.
The following are required to start Application Access (Port Forwarding) on a user's remote system.
Table C-2 WebVPN Remote System Application Access Requirements
Remote System or End User Requirements
|
Specifications or Use Suggestions
|
Client applications installed
|
|
Cookies enabled on browser
|
|
Administrator privileges
|
User must be local administrator on his or her PC.
|
Sun Microsystems Java Runtime Environment (JRE) version 1.4 or later installed
|
WebVPN automatically checks for JRE whenever the user starts Application Access. If it is necessary to install JRE, a pop-up window displays, directing users to a site where it is available.
|
|
Client applications configured, if necessary.
Note The Microsoft Outlook client does not require this configuration step.
All non-Windows client applications require configuration.
To see if configuration is necessary for a Windows application, check the value of the Remote Server field on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | Servers and URLs | Add or Modify screen.
•If the Remote Server field contains the server's hostname, you do not need to configure the client application.
•If the Remote Server field contains an IP address, you must configure the client application.
|
To configure the client application, use the server's locally mapped IP address and port number. To find this information:
1. Start WebVPN on the remote system and click the Application Access link on the WebVPN home page. The Application Access window displays.
2. In the Name column, find the name of the server you want to use, then identify its corresponding client IP address and port number (in the Local column).
3. Use this IP address and port number to configure the client application. Configuration steps vary for each client application.
|
|
Windows XP SP2 patch
|
Users running Windows XP SP2 must install a patch from Microsoft, available at the following address:
http://support.microsoft.com/?kbid=884020
This is a known Microsoft issue.
|
Using Other WebVPN Features
The following table lists the requirements for various WebVPN features.
Table C-3 WebVPN Remote System Configuration and End User Requirements
Task
|
Remote System or End User Requirements
|
Specifications or Use Suggestions
|
Web Browsing
|
Usernames and passwords for protected websites
|
Using WebVPN does not ensure that communication with every site is secure. See the Security Tips section.
|
|
| |
The look and feel of web browsing with WebVPN might be different from what users are accustomed to. For example, when using WebVPN:
•The WebVPN title bar appears above each web page
•You access websites by:
–Entering the URL in the Enter Web Address field on the WebVPN home page
–Clicking on a pre-configured website link on the WebVPN home page
–Clicking a link on a webpage accessed via one of the previous two methods
Also, depending on how you configured a particular account, it might be that:
•Some websites are blocked
•Only the websites that appear as links on the WebVPN home page are available
|
Network Browsing and File Management
|
File permissions configured for shared remote access
|
Only shared folders and files are accessible via WebVPN.
|
Server name and passwords for protected file servers
|
|
Domain, workgroup, and server names where folders and files reside
|
Users might not be familiar with how to locate their files through your organization's network.
|
Patience
|
Do not interrupt the Copy File to Server command or navigate to a different screen while the copying is in progress. Interrupting the operation can cause an incomplete file to be saved on the server.
|
Using E-mail:
Via Application Access
|
Fulfill requirements for Application Access (See Using Applications)
|
To use mail, start Application Access from the WebVPN home page. The mail client is then available for use.
|
Note If you are using an IMAP client and you lose your mail server connection or are unable to make a new connection, close the IMAP application and restart WebVPN.
|
Other Mail Clients
|
Cisco has tested Microsoft Outlook Express versions 5.5 and 6.0.
WebVPN should support other SMTPS, POP3S, or IMAP4S e-mail programs, such as Netscape Mail, Lotus Notes, and Eudora, but Cisco has not verified them.
|
Using E-mail:
Web Access
|
Web-based email product installed
|
Supported products include:
•Outlook Web Access (OWA) 5.5, 2000, and 2003
Netscape, Mozilla, and Internet Explorer are supported with OWA 5.5 and 2000.
You must use Internet Explorer 6.0 or higher with OWA 2003. Netscape and Mozilla are not supported with OWA 2003.
You can use OWA through WebVPN to a Microsoft Exchange 5.5, 2000, or 2003 server.
•Lotus iNotes
Other web-based e-mail products should also work, but Cisco has not verified them.
|
Using E-mail:
E-mail Proxy
|
SSL-enabled mail application installed
|
Supported mail applications:
•Microsoft Outlook
•Microsoft Outlook Express versions 5.5 and 6.0
•Netscape Mail version 7
•Eudora 4.2 for Windows 2000
Other SSL-enabled mail clients should also work, but Cisco has not verified them.
|
Mail application configured
|
See instructions and examples for your mail application in the "E-mail Proxy" section.
|
Using the WebVPN floating toolbar
|
Most platforms except for PocketPC
|
To paste text into a text field, use Ctrl-V. Right-clicking is disabled in the floating toolbar.
|
Using the Cisco SSL VPN Client (for WebVPN)
|
|
Users can retrieve SSL VPN Client log messages using the Windows Event Viewer. Go to Program Files > Administrative Tools > Event Viewer in Windows.
|
Using Secure Desktop Manager
|
A Secure Desktop Manager-supported browser
|
On Microsoft Windows:
•Internet Explorer version 6.0
•Netscape version 7.2
•Mozilla version 1.7
On Linux:
•Mozilla version 1.7
•Netscape version 7.2
On Solaris:
•Netscape version 7.2
|
Using Cache Cleaner or Secure Desktop
|
A Cisco Secure Desktop-supported browser
|
Any browser supported for Secure Desktop Manager. In addition, on Macintosh OS X:
•Safari version 1.22
|
The WebVPN Floating Toolbar
A floating toolbar is available to simplify the use of WebVPN. The toolbar lets you enter URLs, browse file locations, and choose pre-configured web connections without interfering with your main browser window.
The floating toobar does not appear when you connect using a Pocket PC PDA, because multiple browser windows are not supported on Pocket PC.
The floating toolbar represents your WebVPN session. If you click the window's Close button, the VPN Concentrator prompts you to confirm that you want to close your session.
Note Clicking the Home icon when viewing certain web pages, such as Hotmail.com and CNN.com, opens a new browser window. This is because these sites rename the WebVPN browser window as part of how they function.
Tip To paste text into a text field, use Ctrl-V. Right-clicking is disabled in the WebVPN toolbar.
Application Access: Recovering from Hosts File Errors
It is very important to close the Application Access window properly. When you finish using Application Access, click the close icon. If you do not close the window properly:
•The next time you try to start Application Access, it might be disabled; you receive a Backup HOSTS File Found error message
•The applications themselves might be disabled or might malfunction, even when you are running them locally
These errors can result from terminating the Application Access window in any improper way. For example:
•Your browser crashes while you are using Application Access
•A power outage or system shutdown occurs while you are using Application Access
•You minimize the Application Access window while you are working, then shut down your computer with the window active (but minimized)
How WebVPN Uses the Hosts File
The hosts file on your local system maps IP addresses to host names. When you start Application Access, WebVPN modifies the hosts file, adding WebVPN-specific entries. Stopping Application Access by properly closing the Application Access window returns the file to its original state.
Before invoking Application Access...
|
hosts file is in original state.
|
When Application Access starts....
|
•WebVPN copies the hosts file to hosts.webvpn, thus creating a backup.
•WebVPN then edits the hosts file, inserting WebVPN-specific information.
|
When Application Access stops...
|
•WebVPN copies the backup file to the hosts file, thus restoring the hosts file to its original state.
•WebVPN deletes hosts.webvpn.
|
After finishing Application Access...
|
hosts file is in original state.
|
What Happens When You Stop Application Access Improperly
Once Application Access terminates abnormally, the hosts file is left in a WebVPN-customized state. WebVPN checks for this possibility the next time you start Application Access by searching for a hosts.webvpn file. If it finds one, you receive a Backup HOSTS File Found error message, and Application Access is temporarily disabled.
Once you shut down Application Access improperly, you leave your remote access client/server applications in limbo. If you try to start these applications without using WebVPN, they might malfunction. You might find that hosts that you normally connect to are unavailable. This situation could commonly occur if you run applications remotely from home, fail to quit the Application Access window before shutting down the computer, then try to run the applications later from the office.
What to Do
To re-enable Application Access or malfunctioning applications:
•If you are able to connect to your remote access server, follow the steps in the section "Reconfigure Hosts File Automatically Using WebVPN."
•If you are unable to connect to your remote access server from your current location or if you have made custom edits to the hosts file, follow the steps in the section "Reconfigure Hosts File Manually."
Reconfigure Hosts File Automatically Using WebVPN
If you are able to connect to your remote access server, follow these steps to reconfigure the hosts file and re-enable both Application Access and the applications.
Step 1 Start WebVPN and log in. Your home page opens.
Step 2 Click the Applications Access link. A Backup HOSTS File Found message displays.
Step 3 Choose one of the following options:
•Restore from backup = WebVPN forces a proper shutdown. WebVPN copies the hosts.webvpn backup file to the hosts file, restoring it to its original state, then deletes hosts.webvpn. You then have to restart Application Access.
•Do nothing = Application Access does not start. You return to your remote access home page.
•Delete backup = WebVPN deletes the hosts.webvpn file, leaving the hosts file in its WebVPN-customized state. The original hosts file settings are lost. Then Application Access starts, using the WebVPN-customized hosts file as the new original. Choose this option only if you are unconcerned about losing hosts file settings. If you or a program you use might have edited the hosts file after Application Access has shut down improperly, choose one of the other options, or edit the hosts file manually. (See the "Reconfigure Hosts File Manually" section.)
Reconfigure Hosts File Manually
If you are not able to connect to your remote access server from your current location, or if you have customized the hosts file and do not want to lose your edits, follow these steps to reconfigure the hosts file and re-enable both Application Access and the applications.
Step 1 Locate and edit your hosts file.
Step 2 Check if any lines contain the string: added by WebVpnPortForward
If any lines contain this string, your hosts file is WebVPN-customized. If your hosts file is WebVPN-customized, it looks similar to the following example:
123.0.0.3 server1 # added by WebVpnPortForward
123.0.0.3 server1.example.com vpn3000.com # added by WebVpnPortForward
123.0.0.4 server2 # added by WebVpnPortForward
123.0.0.4 server2.example.com.vpn3000.com # added by WebVpnPortForward
123.0.0.5 server3 # added by WebVpnPortForward
123.0.0.5 server3.example.com vpn3000.com # added by WebVpnPortForward
# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
Step 3 Delete the lines that contain the string: # added by WebVpnPortForward
Step 4 Save and close the file.
Step 5 Start WebVPN and log in. Your home page appears.
Step 6 Click the Application Access link. The Application Access window appears. Application Access in now enabled.
E-mail Proxy
WebVPN lets you set up native mail applications on remote systems for automatic access to office e-mail. This feature, called E-mail Proxy, uses the VPN Concentrator as a proxy to the mail server. You need to configure E-mail Proxy on both the VPN Concentrator and the user's mail application. For more information on configuring E-mail Proxy on the VPN Concentrator, see the Configuration | Tunneling and Security | WebVPN | E-Mail Proxy section.
The following instructions explain how to configure the most commonly used e-mail applications: Outlook Express, Netscape, and Eudora.
Example Configuration
Figure C-1 shows the network environment used in the example.
Figure C-1 A Typical E-Mail Proxy Network Scenario
To configure the mail application on the remote system to participate in e-mail proxy, you need to know certain information about the user, the VPN Concentrator, and the e-mail server. Table C-4 shows the information needed, as well as sample values used in the example configurations.
Table C-4 Sample Values Used in the Example E-mail Proxy Configuration
User
|
VPN Concentrator
|
E-mail Server
|
Name: Alice Smith
E-mail address: alice@wonderland.com
Outgoing Mail Port (SMTPS): 988
Incoming Mail Port (POP3S): 995
|
Username: AliceSmith
Password: 12345
Public IP Address: 90.160.80.15
Outgoing Mail Port (SMTPS): 988
Incoming Mail Port (POP3S): 995
Incoming Mail Port (IMAP4S): 993
|
Username: alice
Password: abcde
Server Name: madhatter
|
Figure C-2 shows the VPN Concentrator E-mail Proxy configuration used in the examples that follow.
Figure C-2 Example VPN Concentrator E-mail Proxy Configuration
Note You can use any VPN Concentrator interface for WebVPN. This example uses the Public interface.
Outlook Express on Windows 2000
These instructions explain how to configure an Outlook Express client running on Windows 2000 to participate in E-mail Proxy.
Configuring Outlook Express
Step 1 Click Start-->Programs-->Outlook Express on the Windows 2000 desktop toolbar. The Outlook Express main window appears. (See Figure C-3.)
Figure C-3 Outlook Express Main Window
Step 2 Select Accounts... from the Tools drop down menu. The Internet Accounts window displays.
Figure C-4 Internet Accounts Window
Step 3 Click the Add button and choose Mail from the menu. The Internet Connection Wizard Your Name window displays. (See Figure C-5.)
Figure C-5 Internet Connection Wizard: Your Name Window
Step 4 Enter a Display Name for the user. This name will appear in the From header of e-mails the user sends. Click Next. The Internet E-mail Address window appears. (See Figure C-6.)
Figure C-6 Internet E-mail Address Window
Step 5 Choose the option: I already have an e-mail address that I'd like to use. Enter the user's e-mail address at the prompt. Click Next. The E-mail Server Names window appears (See Figure C-7.)
Figure C-7 E-mail Server Names Window
Step 6 Choose the e-mail protocol you configured for E-mail Proxy on the VPN Concentrator.
Step 7 Enter in both the Incoming and the Outgoing Mail fields the IP address of the interface of the VPN Concentrator on which you enabled E-mail Proxy protocols. (Our example uses the Public interface.)
Step 8 Click Next. The Internet Mail Logon window appears. (See Figure C-8.)
Figure C-8 Internet Mail Logon Window
Step 9 If the user's VPN Concentrator username and mail server username are the same, enter this name at the prompt, in the form:
(E-Mail Username)[E-mail Server Delimiter][E-mail Server Name]
Where:
•E-mail Username = The user's e-mail login name.
•E-mail Server Delimiter = The server delimiter you set on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail screen to separate the mail username from the server name. (The default e-mail server delimiter is the @ sign.) The delimiter is necessary only if a server name is present.
•E-mail Server Name = The name of the user's e-mail server. You can omit this field if using the default mail server.
For example: alice@wonderland.com
If the user's VPN Concentrator username and mail server username are different, enter both usernames in the following form:
(VPN Concentrator Username)(VPN Name Delimiter) (E-mail Username) [E-mail Server Delimiter][E-mail Server Name]
Where:
•VPN Concentrator Username = The user's VPN Concentrator login name.
•VPN Name Delimiter = The delimiter you set on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail screen that separates the VPN username from the e-mail username. (The default VPN Name Delimiter is a colon.)
•E-mail Username = The name of the user's e-mail account.
•E-mail Server Delimiter = The server delimiter you set on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail screen to separate the mail username from the server name. (The default e-mail server delimiter is the @ sign.) The delimiter is necessary only if a server name is present.
•E-mail Server Name = The name of the user's e-mail server. You can omit this field if using the default mail server.
Step 10 Enter the user's e-mail password, in the form:
[VPN Concentrator Password] [VPN Name Delimiter] [E-mail Password]
Where:
•VPN Concentrator Password = The user's VPN Concentrator login password. If the VPN Concentrator password and the mail password are the same, you can omit this field.
•VPN Name Delimiter = The delimiter you configured on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail that separates the VPN username from the e-mail username. (The default VPN NAme Delimiter is a colon.) This delimiter is necessary only if the VPN Concentrator password is present.
•E-mail Password = The password for the user's e-mail account.
For example, 12345:abcde.
Step 11 Click Next. A final window appears. Click Finish.
Figure C-9 Final Wizard Window
Step 12 In the Internet Accounts window, click the Mail tab. (See Figure C-10.)
Figure C-10 Internet Accounts Window: Mail Tab
Step 13 Select the new mail account, then click the Properties button. The Properties window appears. (See Figure C-11.)
Figure C-11 Properties Window: General Tab
Step 14 [Optional] Fill in a server name and add additional user information.
Step 15 Click the Servers tab. (See Figure C-12.)
Figure C-12 Properties Window: Server Tab
Step 16 Under Outgoing Mail Server, check the check box for the option: My server requires authentication. Click the Settings... button. The Outgoing Mail Server window appears. (See Figure C-13.)
Figure C-13 Outgoing Mail Server Window
Step 17 Click Use same settings as my incoming mail server. Click OK.
Step 18 Click the Advanced tab in the Properties window. (See Figure C-14.)
Figure C-14 Properties Window: Advanced Tab
Step 19 Under Server Port Numbers:
a. For the Outgoing Mail field:
–Enter the SMTPS port number you configured on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail screen.
–Check the check box: This server requires a secure connection (SSL).
b. For the Incoming Mail field:
–Enter the POP3S or IMAP4S port numbers you configured on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail screen.
–Check the check box: This server requires a secure connection (SSL).
Step 20 Click Apply.
Step 21 Click OK.
The configuration is complete.
To test the configuration, send or receive e-mail. If the test fails, refer to the Outlook Express error messages and check EMAILPROXY events in the VPN Concentrator error log.
Eudora 5.2 on Windows 2000
These instructions explain how to configure an Eudora 5.2 client running on Windows 2000 to participate in E-mail Proxy.
Configuring Eudora
Configuring Eudora to participate in E-Mail Proxy has two steps:
•Configure the client application
•Edit the eudora.ini file
Configuring the Client Application
Step 1 Start Eudora. The Eudora Main Window displays. (See Figure C-15.)
Figure C-15 Eudora Main Window
Step 2 Choose Options... from the Tools drop down menu. The Options window displays. Click the Getting Started icon. (See Figure C-16.)
Figure C-16 Eudora Options Window, Getting Started
a. In the Real Name field, enter the name of the user.
b. In the Return Address field, enter a return e-mail address for the user; for example, alice@wonderland.com. Replies to mail sent by this user go to this address.
c. In the Mail Server (Incoming) field, enter the hostname or IP of the VPN Concentrator interface on which you enabled (POP3 or IMAP) E-mail Proxy protocols.
d. If the user's VPN Concentrator username and mail server username are the same, enter this name in the Login Name field in the form:
(E-Mail Username)[E-mail Server Delimiter][E-mail Server Name]
Where:
–E-mail Username = The user's e-mail login name.
–E-mail Server Delimiter = The server delimiter you set on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail screen to separate the mail username from the server name. (The default e-mail server delimiter is the @ sign.) The delimiter is necessary only if a server name is present.
–E-mail Server Name = The name of the user's e-mail server. You can omit this field if using the default mail server.
For example: alice@wonderland.com
If the user's VPN Concentrator username and mail server username are different, enter both usernames in the following form:
(VPN Concentrator Username)(VPN Name Delimiter) (E-mail Username) [E-mail Server Delimiter][E-mail Server Name]
Where:
–VPN Concentrator Username = The user's VPN Concentrator login name.
–VPN Name Delimiter = The delimiter you set on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail screen that separates the VPN username from the e-mail username. (The default VPN Name Delimiter is a colon.)
–E-mail Username = The name of the user's e-mail account.
–E-mail Server Delimiter = The server delimiter you set on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail screen to separate the mail username from the server name. (The default e-mail server delimiter is the @ sign.) The delimiter is necessary only if a server name is present.
–E-mail Server Name = The name of the user's e-mail server. You can omit this field if using the default mail server.
e. In the SMTP Server (Outgoing) field, enter the hostname or IP of the VPN Concentrator interface on which you enabled the SMTP E-mail Proxy protocol.
f. Check the Allow Authentication check box.
Step 3 Click the Checking Mail icon. (See Figure C-17.) Under Secure Sockets when Receiving, choose Required, Alternate Port from the drop down menu.
Figure C-17 Eudora Options Window, Checking Mail
Step 4 Click the Incoming Mail icon. (See Figure C-18.) Choose your server configuration type: POP or IMAP.
Figure C-18 Eudora Options Window, Incoming Mail
Step 5 Click the Sending Mail icon. (See Figure C-19.) Under Secure Sockets when Receiving, choose Required, Alternate Port from the drop down menu.
Figure C-19 Eudora Options Window, Sending Mail
Step 6 Click the OK button. The Options window closes.
Step 7 Quit Eudora by choosing Exit from the File menu.
Editing the eudora.ini File
Step 1 Locate the eudora.ini file in the Eudora default installation directory.
Note If you do not have an eudora.ini file on your system, copy the deudora.ini file and rename it eudora.in.
Step 2 Open eudora.ini in any text editor.
Step 3 Find the following line of text:
Step 4 Beneath this line, add the following three lines:
SSLPOPAlternatePort=[POP Port]
SSLIMAPAlternatePort=[IMAP Port]
SSLSMTPAlternatePort=[SMTP Port]
Where:
•POP Port = The POP3S port configured on the Configuration | Tunneling and Security | WebVPN | E-mail screen of the VPN Concentrator. The default is 995.
•IMAP Port = The IMAP4S port configured on the Configuration | Tunneling and Security | WebVPN | E-mail screen of the VPN Concentrator. The default is 993.
•SMTP Port = The SMTPS port configured on the Configuration | Tunneling and Security | WebVPN | E-mail screen of the VPN Concentrator. The default is 988.
For example:
The configuration is complete.
Using Eudora with E-Mail Proxy
When the user sends or receives mail, Eudora prompts for a password.
•If the user's VPN Concentrator password and e-mail password are the same, enter that password.
•If the VPN Concentrator password and e-mail password are different, enter them both in the form:
[VPN Concentrator Password] [VPN Name Delimiter] [E-mail Password]
Where:
–VPN Concentrator Password = The user's VPN Concentrator login password.
–VPN Name Delimiter = The delimiter you configured on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail that separates the VPN username from the e-mail username. (The default VPN NAme Delimiter is a colon.)
–E-mail Password = The password for the user's e-mail account.
For example, 12345:abcde.
Netscape Mail 7 on Windows 2000
These instructions explain how to configure a Netscape client running on Windows 2000 to participate in E-mail Proxy.
Step 1 Start the Netscape Mail & Newsgroups program. The Netscape Mail window appears. (See Figure C-20.)
Figure C-20 Netscape Mail Window
Step 2 Choose default on mail from the Name list in the frame on the left. The Default on Mail window appears. (See Figure C-21.)
Figure C-21 Default on Mail Window
Step 3 Under Accounts, click the Create a New Account link. The Account Wizard New Account Setup window appears. (See Figure C-22.)
Figure C-22 Account Wizard: New Account Setup Window
Step 4 Choose the Email account option. Click Next. The Identity window appears. (See Figure C-23.)
Figure C-23 Account Wizard: Identity Window
Step 5 In the Your Name field, enter the user's name. This name will appear in the From header of e-mails the user sends.
Step 6 In the Email Address field, enter the user's e-mail address. Click Next. The Server Information window appears. (See Figure C-24.)
Figure C-24 Account Wizard: Server Information Window
Step 7 Choose the mail protocol you are using for incoming mail (POP or IMAP).
Step 8 Enter the IP address of the interface of the VPN Concentrator on which you enabled the POP or IMAP E-mail Proxy protocol. Click Next. The User Name window appears. (See Figure C-25.)
Figure C-25 Account Wizard: User Name Window
Step 9 Enter the user's mail server username at the prompt. If the user's VPN Concentrator username and mail server username are the same, enter this name in the form:
(E-Mail Username)(E-mail Server Delimiter)[E-mail Server Name]
Where:
–E-mail Username = The user's e-mail login name.
–E-mail Server Delimiter = The server delimiter you set on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail screen to separate the mail username from the server name. (The default e-mail server delimiter is the @ sign.) The delimiter is necessary only if a server name is present.
–E-mail Server Name = The name of the user's e-mail server. You can omit this field if using the default mail server.
For example: alice@wonderland.com
If the user's VPN Concentrator username and mail server username are different, enter both usernames in the following form:
(VPN Concentrator Username)(VPN Name Delimiter) (E-mail Username) (E-mail Server Delimiter) (E-mail Server Name)
Where:
–VPN Concentrator Username = The user's VPN Concentrator login name.
–VPN Name Delimiter = The delimiter you set on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail screen that separates the VPN username from the e-mail username. (The default VPN Name Delimiter is a colon.)
–E-mail Username = The name of the user's e-mail account.
–E-mail Server Delimiter = The server delimiter you set on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail screen to separate the mail username from the server name. (The default e-mail server delimiter is the @ sign.) The delimiter is necessary only if a server name is present.
–E-mail Server Name = The name of the user's e-mail server. You can omit this field if using the default mail server.
For example: AliceSmith:alice@madhatter
Step 10 Click Next. The Account Name window appears. (See Figure C-26.)
Figure C-26 Account Wizard: Account Name
Step 11 Enter a name for this account. Click Next. The Account Wizard displays a final window. (See Figure C-27.)
Figure C-27 Account Wizard: Final Window
Step 12 Click Finish. The Account Wizard window closes.
Step 13 Click the name of the account you just created from the Name list on the left of the Netscape Mail window. (See Figure C-28.) The Netscape Mail window appears. (See Figure C-29.)
Figure C-28 Netscape Mail Window
Step 14 Click the View settings for this account link. The Account Settings window appears. (See Figure C-29.)
Figure C-29 Account Settings
Step 15 Choose Server Settings from the list at the left of the window. The Server Settings window appears. (See Figure C-30.)
Figure C-30 Server Settings Window
Step 16 In the Port field, enter the POP3S or IMAP4S port number you configured on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail screen.
Step 17 Check the Use Secure Connection (SSL) check box.
Step 18 On the left side of the window, choose Outgoing Server (SMTP). The Outgoing Server Settings window appears. (See Figure C-31.)
Figure C-31 Outgoing Server Settings Window
Step 19 In the Server Name field, enter the IP address of the interface of the VPN Concentrator on which you enabled the SMTP E-mail Proxy protocol.
Step 20 In the Port field, enter the SMTP port number you configured on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail screen.
Step 21 Check the Use Name and password check box, and enter the user's e-mail account name, in the same format you used in Step 9.)
Step 22 Choose Use secure Settings (SSL): Always.
Step 23 Click OK.
Configuration is complete.
Sending and Receiving E-mail
When users send or receive e-mail, Netscape prompts for a password. Enter the password, in the form:
[VPN Concentrator Password] [VPN Name Delimiter] [E-mail Password]
Where:
•VPN Concentrator Password = The user's VPN Concentrator login password. If the VPN Concentrator password and the mail password are the same, you can omit this field.
•VPN Name Delimiter = The delimiter you configured on the VPN Concentrator Configuration | Tunneling and Security | WebVPN | E-mail that separates the VPN username from the e-mail username. (The default VPN Name Delimiter is a colon.) This delimiter is necessary only if the VPN Concentrator password is present.
•E-mail Password = The password for the user's e-mail account.
For example, 12345:abcde.
