What can I do to prevent intrusion attacks when I use ECS via Internet?
There is no 100% safe solution. If you are not sure about the consequences for your environment you might need to consult a security expert. A good rule is to regularly check for updates of the used applications and operation systems. Additional security can be implemented with firewalls, packet filter routers, antivirus and personal firewall software etc.
Why does my Internet connection work unpredictably when used from behind an ISDN router?
One reason can be that your ISP uses dynamic IP-addressing on the ISDN circuit. Whenever the ISDN connection drops (due to idle timeouts) and reconnects it most likely won’t have the same IP-address assigned for your router. The VPN gateway can’t associate the established VPN tunnels with this new assigned IP-address. Our suggestion is to expand the idle timeout (but be aware of cost!) or try to find an ISP who offer fixed assigned IP-addresses for the ISDN line.
Can I use other IPSec compliant clients from other vendors to access ECS?
No, not today because the authentication method used by ECS involves the proprietary IKE Hybrid mode feature.
What protocols and ports is used by the ECS service?
The ECS service use the following protocols and port numbers:
- HTTPS: TCP port 443
- The topology fetching: TCP port 264 (source port)
- IKE exchange: UDP port 500 (both source and destination ports)
- UDP encapsulated ESP datagram: UDP port 2746 (both source and destionation ports)
I’m using a Microsoft proxy server to access the Internet. Can I use ECS?
No, it is not possible without some modifications in the server to bypass the Proxy server application.
Is ECS a tool for secure server to server communication?
No, because the ECS service demands user interaction for authentication.
I’m using my applications on a terminal server. Can I use the ECS service?
No, the ECS service is only for single user PC’s.
Sometimes I get application timeouts. Why?
Applications are more or less sensible for how long timeout they accept before they want feedback from the server side. Before the data can be sent from the client to the server it is stored locally in the client until the VPN-tunnel is established. If the authentication process takes to long time it will fail. To avoid this scenario, use the manual icon to bring up the tunnel before running your business applications.
How does the ECS client know when to bring up the tunnel?
The installation adds a deamon in the PC which listen for interesting packets. Which packets to route via ECS is described in a configuration file received by the client after a successful “update of site”.
I have installed another VPN client on my PC. Can I use ECS?
VPN clients can interfere with each other and cause problems. We can’t test all other clients therefore it’s recommended to uninstall other VPN client software before the ECS client is installed.
What is SMS-OTP and how do I use it?
SMS-OTP (SMS-One Time Password) is a 2-factor authentication service utilized by ECS, which makes it possible to receive a onetime password to your cellphone. The SMS-OTP service can be used instead of hardware tokens. The supplier for SMS-OTP authentication service is the Swedish company Mideye AB. Their responsibility is to deliver text message to end user.
Important information about SMS-OTP service
For smartphone users is strongly recommended to use Mideye+. The main idea of Mideye+ is that it is primarily passing the traffic to data channel (mobile or Wi-Fi) which makes login less sensitive for SMS delays and other SMS delivery issues. Security is higher compared to a regular text message and on top of that Mideye+ works in offline mode (as a token) as well.