Extranet Connect Services
There is no 100% safe solution. If you are not sure about the consequences for your environment you might need to consult a security expert. A good rule is to regularly check for updates of the used applications and operation systems. Additional security can be implemented with firewalls, packet filter routers, antivirus and personal firewall software etc.
One reason can be that your ISP uses dynamic IP-addressing on the ISDN circuit. Whenever the ISDN connection drops (due to idle timeouts) and reconnects it most likely won't have the same IP-address assigned for your router. The VPN gateway can't associate the established VPN tunnels with this new assigned IP-address. Our suggestion is to expand the idle timeout (but be aware of cost!) or try to find an ISP who offer fixed assigned IP-addresses for the ISDN line.
No, not today because the authentication method used by ECS involves the proprietary IKE Hybrid mode feature.
No, the ECS service only protect the communication between the computer and the Volvo Extranet. When connecting your PC or LAN to the Internet you also expose your PC or LAN for attacks.
The ECS service use the following protocols and port numbers:
No, it is not possible without some modifications in the server to bypass the Proxy server application. The proxy server uses SOCKS to communicate between the client and the proxy server. SOCKS configuration file controls what to run through the Proxy server before data is passed to the IP-stack where the ECS client is working. If the user use the SOCKS-client to access the Internet, then the data passed to the ECS client will look like SOCKS data destined for the proxy server, and will not be detect that traffic as going to Volvo.
The ECS client will pass this data transparent to the proxy server. NT-servers can make use of the free software add-on from Microsoft called Microsoft Routing and Remote Access Service (RRAS) to be able route the ECS data beside the proxy-server application. RRAS offer a lot of filering capabilities (read more on Microsoft knowledge base).
No, because the ECS service demands user interaction for authentication.
No, the ECS service is only for single user PC's. The ECS service can't control that not someone else on this server can access Volvo Extranet without authentication.
Applications are more or less sensible for how long timeout they accept before they want feedback from the server side. Before the data can be sent from the client to the server it is stored locally in the client until the VPN-tunnel is established. If the authentication process takes to long time it will fail. To avoid this scenario, use the manual icon to bring up the tunnel before running your business applications.
The installation adds a deamon in the PC which listen for interesting packets. Which packets to route via ECS is described in a configuration file received by the client after a successful "update of site".
VPN clients can interfere with each other and cause problems. The latest ECS version works better with other new VPN clients (eq Cisco VPN clients). We can't test all other clients therefore it's recomended to uninstall other VPN client software before the ECS client is installed.
SMS-OTP (SMS-One Time Password) is an service to ECS, which makes it possible to receive a one time password to your cellphone. The SMS-OTP service can be used instead of Digipass.
For more information on how to use SMS-OTP, download the instructions: