+ All Categories
Home > Documents > Juniper Network Connect SSL VPN Client Windows Quick ...

Juniper Network Connect SSL VPN Client Windows Quick ...

Date post: 09-Apr-2022
Category:
Upload: others
View: 18 times
Download: 0 times
Share this document with a friend
16
Juniper Network Connect SSL VPN Client Windows Quick Reference Guide for Avaya Employees For Avaya Remote Access (ARA) Service SSL VPN Version 1.2 December 20, 2013
Transcript
Page 1: Juniper Network Connect SSL VPN Client Windows Quick ...

Juniper Network Connect SSL VPN Client Windows Quick Reference Guide for Avaya Employees For Avaya Remote Access (ARA) Service –SSL VPN

Version 1.2

December 20, 2013

Page 2: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 2

Table of Contents

1. Prerequisites .................................................................................................................. 3

2. Using Avaya Remote Access Landing Webpage ............................................................... 3

3. Login Process ................................................................................................................. 3

3.1 Remote UserID/Password Employee Users..................................................................... 3

3.2 Remote UserID/Password Contractor Users ................................................................... 4

3.3 MFA Soft Token Employee Users .................................................................................... 5

3.4 MFA Soft Token Contractor Users ................................................................................... 5

3.5 Remaining Steps for All Users ......................................................................................... 6

4. Frequently Asked Questions (FAQs) ................................................................................ 8

4.1 Why can I only have one SSL VPN Connection per User ID, per Gateway? ..................... 8

4.2 What is the best way to connect to the SSL VPN Gateways? ......................................... 9

4.3 What web browsers are supported by the SSL VPN Gateways? ..................................... 9

4.4 Can I connect to the SSL VPN Gateway with my personal computer? ............................. 9

4.5 Is IP Softphone Supported? ............................................................................................. 9

4.6 Can I run Network Connect over a Satellite ISP or Dial-up Connection? ........................ 9

4.7 Why does my Network Connect session timeout after being connected for a short period of time? ............................................................................................................................ 9

4.8 How do I sign out of the SSL VPN Gateway? ................................................................. 10

4.9 How do I select an alternate SSL VPN Gateway to log into? ........................................ 10

4.10 Why do I receive a “Limited Network Access” message when logging into the SSL VPN service? .......................................................................................................................... 10

4.11 Why does Network Connect rapidly disconnect after logging into the Avaya network? 10

4.12 Why doesn’t Network Connect client load on my PC? .................................................. 11

4.13 Why do I receive a Network Connect Timeout/Terminate Error or Network Connect Error 23711/23712 message when trying to connect to the SSL VPN Gateway? ........ 14

4.14 Can I access my home network resources while connecting to the Avaya network using the SSL VPN Client? ....................................................................................................... 14

4.15 Uninstalling the Juniper Software ................................................................................. 15

5. Support for SSL VPN Network Connect Client ............................................................... 16

Page 3: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 3

1. Prerequisites The following prerequisites must be met in order to use this service:

• The User’s PC must be running Windows 7. • Public Internet access [NOTE: please make sure your PC is connected to the public

Internet at home or at a public WiFi hotspot. The directions provided here will not work if your PC is connected to the Avaya corporate network in an Avaya office.]

• Microsoft Internet Explorer 8.0 or the newest IT recommended browser and version installed on your PC.

• You must have Sun Java installed. It is recommended that you use Sun Java 1.6.36 or the newest IT recommended version installed on your PC.

• The User’s PC Logon ID must have Administrator privileges/permissions in order to install the Network Connect software.

• The user must have an active Multi Factor Authentication (MFA) account or ARA ID and Password.

2. Using Avaya Remote Access Landing Webpage To assure a smooth and sufficient remote access service using Juniper SSL VPN solution, you should always access this service through the Avaya Remote Access Landing webpage. This webpage provides you with a listing of gateways you can use for your region and assure that your Network Connect client is always up-to-date.

3. Login Process Depending on how you will authenticate, UserID/password or MFA Soft Token, you will see different login pages.

Please select the appropriate primary SSL VPN Gateway based on your region under Avaya Employee Class.

APAC = Asia and Pacific Regions EMEA= Europe, Middle East, and Africa Regions NA East = North America East Coast Region NA West = North America West Coast Region CALA = Central and Latin America

3.1 Remote UserID/Password Employee Users You will now find yourself at the The Avaya Remote Access (ARA) Service login page.

Page 4: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 4

Please type in your ARA username and password. Assure that the Default VPN Domain is selected, and then click the Log In button. . If you can’t see the SSL VPN login page, please return to the Avaya Remote Access web page and select the Secondary SSL VPN Gateway based on your region.

3.2 Remote UserID/Password Contractor Users You will now find yourself at the Contractor Secure Access login page.

Please type in your ARA username and password. Make sure that the CT-ACLUnrestirct ACL Group is selected, and then click the Sign In button. If you can’t see the SSL VPN login page, please return to the Avaya Remote Access web

Page 5: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 5

page and select the Secondary SSL VPN Gateway based on your region.

3.3 MFA Soft Token Employee Users

You will now find yourself at the Avaya SSL VPN Remote Access login page.

Select the MFA Default VPN Domain Realm from the drop down list, type in your ARA username and PVN and Token Code, and click the Sign In button. If you can’t see the SSL VPN login page, please return to the Avaya Remote Access web page and select the Secondary SSL VPN Gateway based on your region.

3.4 MFA Soft Token Contractor Users You will now find yourself at the Avaya SSL VPN Remote Access login page.

Page 6: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 6

Select the MFA CT-ACLUnrestrict Realmfrom the drop down list, type in your ARA username and PVN and Token Code, and click the Sign In button. If you can’t see the SSL VPN login page, please return to the Avaya Remote Access web page and select the Secondary SSL VPN Gateway based on your region.

3.5 Remaining Steps for All Users 1. Once the Network Connect application obtains an IP address, a new Network

Connect icon will be displayed in you system tray. This is the Network Connect system tray icon looks like a lock with two blinking lights. Also, this means that you are connected to the Avaya corporate network.

Page 7: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 7

Page 8: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 8

2. To ensure that you have obtained an IP address, you can double click on the

Network Connect system tray icon and that will reopen the Network Connect application client. The Assigned IP: is your Avaya corporate IP address.

3. At this point, you can minimize this screen, close your web browser screen

and begin working online. 4. When you complete your work and want to shutdown your PC, make sure

that your first sign out of the SSL VPN gateway. To sign out of the SSL VPN Gateway double click on the Network Connect icon in the System tray which popup the Network Connect client screen and click the Sign Out button.

By signing out you release the user license you have been using on the SSL VPN Gateway and puts the license back into the Gateway’s license pool so other users can use the license.

4. Frequently Asked Questions (FAQs) This section answers some frequently asked questions regarding the Network Connect software and SSL VPN Service:

4.1 Why can I only have one SSL VPN Connection per User ID, per Gateway?

Users can only establish one connection per domain on the SSL VPN Gateway. This means can connect one Apple, one Linux and one Windows PC to the same SSL VPN Gateway simultaneously, but you cannot connect two or more of the

Page 9: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 9

same type of PC to a SSL VPN Gateway.

4.2 What is the best way to connect to the SSL VPN Gateways?

It is strongly recommended that you use a web browser to access the SSL VPN Gateways. Connecting with a web browser will ensure that you are using the most current version of the Network Connect client. You can use Microsoft’s Internet Explorer 8.0 and above web browsers or Firefox 25.x and above web browsers when connecting to the SSL VPN Gateways.

4.3 What web browsers are supported by the SSL VPN Gateways?

Microsoft’s Internet Explorer 8.0 and above web browsers or Firefox 25.x and above web browsers are supported by the SSL VPN Gateways.

4.4 Can I connect to the SSL VPN Gateway with my personal computer?

Personal PCs can be connected to SSL VPN provided an exception is approved. To request and exception go to the ITSS site > Support Request > Passwords and Security > Security Exception Request - Personally Owned Devices.

4.5 Is IP Softphone Supported? IP Softphone can be used in two modes, the Telecommuter mode and the Road Warrior mode. The Telecommuter mode uses regular POTS lines to place voice calls and as a result should work fine if the IP Softphone and PBX options are set correctly. The Road Warrior mode uses Voice over IP to carry a voice call over the public Internet. Even though it will work for some Users, IT does not recommend or support this configuration. This is because there’s no control over performance or consistency given that the traffic/call rides over the public Internet.

4.6 Can I run Network Connect over a Satellite ISP or Dial-up Connection?

Network Connect can be used to connect to the Avaya network on a dial-up (modem) or satellite connection, but it is not recommended or supported. This is due to the high latency/delay experienced over a dial-up or satellite connection. This delay can cause problems with the Network Connect client and other applications.

4.7 Why does my Network Connect session timeout after being connected for a short period of time?

The SSL VPN session is based on how long your ARA ID has been logged into the

Page 10: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 10

SSL VPN Gateway; it is not based on how long your current Network Connect session up and running. The configured Network Connect session time allows a user to be logged in for 5 days. Let say you logged in 4 3/4 days ago and you did not click the Sign Out button; your ID is still active on the SSL VPN Gateway. When you log into the SSL Gateway next time, you might see a page displayed stating do you want to continue with the current session. If you click the Continue button, that will pick up where you left off last time you were connected to the Gateway, thus you might only have a couple of hours remaining for the session. The best practice is to click the Sign Out button when you disconnect from the SSL VPN Gateway. Now when you login next time, you will start off with a fresh 5 day session.

4.8 How do I sign out of the SSL VPN Gateway? You can sign out of the SSL VPN Gateway by double clicking on the Network Connect icon in the System tray which popup the Network Connect client screen and clicking the Sign Out button. It is strongly recommended that you click the Sign Out button before logging out your PC for the night. By doing this will release the user license you have been using on the SSL VPN Gateway and puts the license back into the Gateway’s license pool so other users can use the license.

4.9 How do I select an alternate SSL VPN Gateway to log into? The SSL VPN service has been installed in four separate Internet Gateway locations to provide the service with location redundancy. If your primary SSL VPN Gateway location is experiencing problems, you can select another SSL VPN Gateway by going to the Main SSL VPN Gateway landing page where you can select different SSL VPN Gateway locations.

4.10 Why do I receive a “Limited Network Access” message when logging into the SSL VPN service?

This means that the PC you have is a legitimate Avaya PC asset but needs to be added to the Avaya Global domain. Once your PC is added to the Avaya Global domain, you will have full access to the Avaya network. You can review the Adding a PC to the Avaya Global domain quick reference guide on how to do this.

4.11 Why does Network Connect rapidly disconnect after logging into the Avaya network?

Bonjour (an application that modifies the routing table) and mDNSResponder (a Bonjour system service) can trigger the nc.windows.app.23711, nc.windows.app.23712, nc.windows.app.23791, nc.windows.app.23792 Network Connect errors. You will know that the application is active on your PC if your

Page 11: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 11

Network Connect session continually disconnects a few seconds after successfully logging in. There are two ways to resolve this issue:

1. Update the Bonjour software to version 1.0.6 or later 2. Remove the software. Updating Bonjour Software

Please download the new Bonjour software from the URL link below: http://www.apple.com/downloads/macosx/apple/windows/bonjourforwindows.html If the link above does not work, please go to http://www.apple.com , search for Bonjour for Windows, and download the latest Bonjour version for Windows.

Once you saved this file to your PC, please double click on the file and follow the instructions to install the updated software.

Removing the Bonjour Software a. Open a Windows command (MSDOS) prompt and type the following

command:

cd \Program Files\Bonjour

mDNSResponder.exe –remove

b. Navigate to the following folder in Windows Explorer: C:\Program Files\Bonjour.

c. Rename the mdnsNSP.dll file in that folder to mdnsNSP.old

d. Restart your computer.

e. Delete the Program Files\Bonjour folder.

f. Please proceed to point 3.15 if you are still receiving the nc.windows.app.23711 or nc.windows.app.23712 error message.

4.12 Why doesn’t Network Connect client load on my PC?

If the Network Connect software does not load on your PC, you might not have Sun Java installed on your PC. First, check to see if you have Sun Java installed on your PC. You can do this by clicking on the Start button, select Settings and click on Control Panel.

Page 12: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 12

Now you will be in your Control Panel. Please look for an icon that looks like a Coffee Cup and says Java underneath it; double click on this icon.

You will now see a Java Control Panel on your screen, click the About button.

Page 13: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 13

A new screen will popup showing your Java version. As long as you Java version is 1.4.2 or above, the Network Connect client will install and run on your PC.

If you do not see a Coffee Cup icon in your Control Panel, then Java is not installed on your PC. To install java on your PC, please go to www.java.com and click on the Free Java Download button. Please follow the instructions on the webpage to install the Sun Java runtime environment. After you successfully installed Java, please trying logging in the SSL VPN Gateway again.

Page 14: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 14

4.13 Why do I receive a Network Connect Timeout/Terminate Error or Network Connect Error 23711/23712 message when trying to connect to the SSL VPN Gateway?

First check to make sure you do not have Bonjour software loaded on you PC. Please follow the steps in point 3.11 to determine this. If Bonjour is not loaded, please the steps below.

The common reason you are receiving the 23711/23712 error message or your Network Connect client is timing out is due to a problem with your McAfee anti-virus/firewall software. Currently, there is a setting missing on your PC for McAfee to allow the Network Connect client to add the proper TCP/IP setting to the Windows’ registry. To solve the issue, please do the following steps:

1. Uninstall the Juniper Network Connect (NC) client program from your PC.

2. Open a DOS/Command window by clicking Start> Run, type in cmd and click Ok.

3. In the DOS/Command window, do the following at the prompt (C:\>):

a. Type reg add HKLM\System\CurrentControlSet\Services\FireHook

b. Hit the enter key.

c. Close the DOS/Command window.

Now re-connect to the SSL VPN Gateway and let the Juniper Network Connect client reinstall.

Now the NC client should connect to the SSL VPN Gateway without any problems.

4.14 Can I access my home network resources while connecting to the Avaya network using the SSL VPN Client?

Yes, you have the ability to access your local home network when connected to the SSL VPN gateway.

Page 15: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Public. Use pursuant to the terms of your signed agreement or Avaya policy. 15

4.15 Uninstalling the Juniper Software

If you need to uninstall the Network Connect software, do the following: Windows 7

1. Close all programs that are running on your PC. 2. From your Desktop click on the Start button, select All Programs, select Juniper

Networks, select Network Connect x.x.x and click Uninstall Network Connect.

3. The Network Connect client software will uninstall itself automatically.

Windows XP

1. Close all programs that are running on your PC. 2. From your Desktop click on the Start button, select Programs, select Juniper

Networks, select Network Connect x.x.x and click Uninstall Network Connect.

3. The Network Connect client software will uninstall itself automatically.

Page 16: Juniper Network Connect SSL VPN Client Windows Quick ...

Avaya Inc. – Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy. 16

5. Support for SSL VPN Network Connect Client If you experience issues with the SSL VPN Network Connect software, please contact the Avaya IT Customer Care Center (AICCC) for assistance. If possible please visit the IT Self Service tool (ITSS) to obtain the latest knowledge articles and log a ticket. US or Canada Employees: call +1 866 AVAYA IT (+1-866-282-9248) or 720-444-0130 International Employees: Avaya Office: call 0/9 (outside line prefix) followed by '1234'. Associates in Germany, please dial '1234'. Users located in Leipzig, Düsseldorf, Augsburg, Hannover must dial '9' then '1234'. Outside of Avaya Office: EMEA Associates should call +44 1483 309800, Canada, APAC and CALA Regions call +1 720 444 0130. Associates in Germany should call +49 69 7505 1234


Recommended