Professional Documents
Culture Documents
Setup Guide
COMPATIBLE NOKIA SMARTPHONES Devices with Symbian OS (Symbian^3) / Symbian Anna and Belle are
compatible with Nokia Mobile VPN 4.3. You can check your device OS
from Device specifications
GENERAL CONSIDERATIONS In order to use the Nokia Mobile VPN client you need to have available
the following:
– Compatible Nokia device with Nokia Mobile VPN client
– A VPN gateway compatible with Nokia Mobile VPN
– A VPN policy file
Related Links
Nokia mobile VPN in Nokia Store
Security information on the Nokia for business pages
Device specifications
Nokia Expert Centre, VPN resource hub
Note that Nokia Mobile VPN is not a separately launchable application. When Nokia Mobile VPN client
is installed the VPN management UI is visible in Settings > Connectivity > VPN.
There are numerous combinations when it comes to configuring Nokia Mobile VPN parameters. XAuth
with preshared key will be used as configuration options in this guide as it is the most typical VPN
configuration used with IPsec / IKE. For other configuration options, see the Policy Specification section
in Nokia Mobile VPN IT Admin Guide (Nokia Expert Centre).
Before you start the configuration make sure you have the following information available:
This information may be available from your IT Manager in case you work in an enterprise, Internet
Service Provider (ISP), or the provider of VPN gateway service.
For end user the easiest way to configure Nokia Mobile VPN client is to use Nokia Configuration Tool
(NCT). This step-by-step guide shows how to configure and transfer the policy file to your device using
NCT. Download and install Nokia Configuration Tool v.6.3 installation package.
We will use file My_mVPN_config.vpn as base for the configuration. The My_mVPN_config.vpn file
can be downloaded from Nokia Expert Centre's VPN resource hub.
1. Start Nokia Configuration Tool and select Tools > VPN Configuration….
2. Open My_mVPN_config.vpn from the location you saved the file to when you downloaded it. Select
Load button to load the file.
4. Change the Policy name if you want to use your own. Then add Identity value which is also called
Group Name. It is an optional value and it is not always given, e.g. the value can be left empty.
5. Add the correct VPN gateway address and select Tab Preshared Key and enter the Key (also called
Secret, Preshared Key or Group Password). The VPN gateway address needs to be either a host name
or an IP address.
6. Select Tab Proxy in case you also want to configure the HTTP proxy settings. The proxy setting is
optional. The Proxy address is a host name or an IP address. When port is not defined, port 8080 is
used.
8. Open the file with File Manager to install the VPN policy. Go to Menu > Office to launch the File
Manager. Select C: Phone memory.
9. Select folder Other and click on the *.vpn file. In this case My_mVPN_config.vpn. Note that you need
to have the Nokia Mobile VPN client installed on the device before installing then VPN policy file.
Now you are ready to browse using Nokia Mobile VPN. Start the web browser by selecting Web. In VPN
toggle version, switch VPN toggle ON. Select Intranet with the name of the policy that you have just
installed. You will be asked for your VPN username and VPN password. Key in your credentials and your
device is connected to the gateway and you can start browsing your Intranet.
See Advanced instructions in case you have problems when connecting to the gateway.
In case you still do not manage to connect to the gateway then please contact your IT Manager in case
you work in an enterprise, Internet Service Provider (ISP), or provider of VPN gateway service.
In case you do not get the VPN username and password query, then your IKE parameters might be
incorrect. Use NCT to try other combinations:
Select Advanced button in NCT to go the advanced parameter settings. Select IKE, Proposals and
AES128-CBC and then try different combinations with Encryption algorithm and Hash algorithm. Try to
connect to the gateway with each of these combinations to find the right one. When you get VPN
username and password query the IKE part of the authentication is fine.
In case you still have problems to connect to the gateway then you might have issues with the IPsec
parameters. To change the IPsec parameters use the NCT tool and select Advanced in NCT. Select
IPsec, SAs, My_mVPN_config_1 (name of the policy file) and try different combinations with Encryption
algorithm and Hash algorithm. In addition, try with combinations of Perfect Forward Secrecy set ON
and OFF.
You can also check the VPN log in case you have problem to see where the problem lies. To check the
VPN log select Settings > Connectivity > VPN > VPN log.
If you still are not able to get the VPN to work, please contact Nokia Support for assistance.
Additional information
In some cases you might also change other parameters. See the Policy Specification section in Nokia
Mobile VPN IT Admin Guide (Nokia Expert Centre's VPN resource hub) for details.
Note that a VPN policy file (*.vpn) is a Zip format file consisting of:
– a policy file and a policy information file, which are just plain text files
– Optional files: user’s private key file, user’s certificate file and CA certificate file. (Certificates are
required for other authentication methods besides IKE pre-shared keys (Optional)
Advanced instructions 6
The new Mobile VPN Client comes with new VPN UI components and a new VPN access method. The
target has been to create an easier way to connect via VPN and also to provide means to quickly check
if VPN Connection is active. New features include:
VPN Toggle
Forces connections to VPN, no need to choose Intranet anymore.
VPN Toggle is a new concept that makes it easy to use VPN connection. When Toggle is Off,
connections are created normally. When Toggle is set On, all subsequent connections created to
Internet Destination are diverted to the Intranet Destination, which contains the VPN Access Point.
Also, all existing connections to Internet Destination are disconnected, and when application
reconnects, the connection will be created via Intranet Destination. Conversely, when Toggle is set
from ON to OFF, all existing Intranet connections created by VPN Toggle are disconnected. VPN
Toggle can be accessed at Settings > Connectivity > VPN.
Otherwise the new version is functionally equivalent with the previous version 4.3 used in Symbian Anna
products. The new features are explained in detail in VPN connection using VPN toggle.
VPN Toggle does not itself create any VPN connection. It only forces subsequent connections to be
rerouted via VPN, or actually via Intranet Destination. If there are any existing connections via Internet
Destination when VPN Toggle is set ON, they are disconnected, and any application using the
connection needs to reconnect, which is then done via VPN. Depending on the application, it may cause
a notable break in the application behaviour. Depending on the VPN Policy used, it is also possible that
the service used in the Internet is not at all available in the Intranet. Consult your network administrator
to check the availability of Internet services in the Intranet you are using.
Some applications, like for instance small widgets or messengers may create a lot of short-lived
connections. Also, some applications may create connections at background. If such applications are
using Internet Destination, their behaviour is impacted by VPN Toggle, and their connections are
rerouted via VPN. If VPN Policy requires user to give credentials during the connection establishment,
that may cause problems, since user needs to frequently enter the requested username/password or
even worse, user may even miss the whole query, if he is not looking at the phone at the time. In such
cases silent policies (Certificates, Silent Xauth), if possible, are better options or user can configure
the applications to use other connection method or user should use VPN Toggle only when VPN
connection is specifically needed.
Mobile VPN Client still supports legacy connection methods, i.e. applications can use directly VPN
Access Points and Intranet Destination. In some cases it may be desirable. If some application is always
using Intranet connection, it is better to configure it to use directly VPN Access Point. Then VPN Toggle
is not needed to be used for that application. Also, in that case switching VPN Toggle ON/OFF does not
interrupt the existing VPN Connection from that application.