Nokia Mobile VPN

Setup Guide

Document version 1.0

 Contents
Nokia Mobile VPN client setup 3
Prerequisites for installing Nokia mobile VPN client 3
Install and configure Nokia Mobile VPN client 4
Advanced instructions 6
Nokia Mobile VPN Client for Symbian Belle 7
VPN connection using VPN toggle 8

© 2012 Nokia. All rights reserved.

 Nokia Mobile VPN client setup
This document is a practical step-by-step guide to setup and configure Nokia Mobile VPN client version
4.3 and later. The guide applies to Nokia smartphones with Symbian OS and Symbian Belle and Anna
software. It walks through the most common configuration options.
An IPsec VPN allows a user to use the mobile network and the Internet to safely connect from
smartphones to the company network. You can also protect your communication from your device to
an open WLAN network.

Prerequisites for installing Nokia mobile VPN client

SUPPORTED GATEWAYS AND
AUTHENTICATION METHODS
Nokia Mobile VPN client uses standard protocols and therefore any
IPsec / IKE compliant gateway should be compatible with Nokia Mobile
VPN client 4.3.
For more info on supported gateways and authentication methods
please see Nokia Mobile VPN datasheet.

COMPATIBLE NOKIA SMARTPHONES Devices with Symbian OS (Symbian^3) / Symbian Anna and Belle are
compatible with Nokia Mobile VPN 4.3. You can check your device OS
from Device specifications

GENERAL CONSIDERATIONS
In order to use the Nokia Mobile VPN client you need to have available
the following:
– Compatible Nokia device with Nokia Mobile VPN client
– A VPN gateway compatible with Nokia Mobile VPN
– A VPN policy file

Related Links
Nokia mobile VPN in Nokia Store
Security information on the Nokia for business pages
Device specifications
Nokia Expert Centre, VPN resource hub

Nokia Mobile VPN client setup 3

© 2012 Nokia. All rights reserved.

 Install and configure Nokia Mobile VPN client
The Nokia Mobile VPN client needs to be installed before setting up the client. Load the client from
Nokia Store to ensure you have the latest version in use.

Note that Nokia Mobile VPN is not a separately launchable application. When Nokia Mobile VPN client
is installed the VPN management UI is visible in Settings > Connectivity > VPN.

There are numerous combinations when it comes to configuring Nokia Mobile VPN parameters. XAuth
with preshared key will be used as configuration options in this guide as it is the most typical VPN
configuration used with IPsec / IKE. For other configuration options, see the Policy Specification section
in Nokia Mobile VPN IT Admin Guide (Nokia Expert Centre).

Before you start the configuration make sure you have the following information available:

– VPN Gateway address (IP address or host name)

– Pre-shared Key, also called Secret or Group password

– Group name (optional)

This information may be available from your IT Manager in case you work in an enterprise, Internet
Service Provider (ISP), or the provider of VPN gateway service.

For end user the easiest way to configure Nokia Mobile VPN client is to use Nokia Configuration Tool
(NCT). This step-by-step guide shows how to configure and transfer the policy file to your device using
NCT. Download and install Nokia Configuration Tool v.6.3 installation package.

We will use file My_mVPN_config.vpn as base for the configuration. The My_mVPN_config.vpn file
can be downloaded from Nokia Expert Centre's VPN resource hub.

1. Start Nokia Configuration Tool and select Tools > VPN Configuration….

2. Open My_mVPN_config.vpn from the location you saved the file to when you downloaded it. Select
Load button to load the file.

3. Select My_mVPN_config.vpn and select Open.

4. Change the Policy name if you want to use your own. Then add Identity value which is also called
Group Name. It is an optional value and it is not always given, e.g. the value can be left empty.

5. Add the correct VPN gateway address and select Tab Preshared Key and enter the Key (also called
Secret, Preshared Key or Group Password). The VPN gateway address needs to be either a host name
or an IP address.

6. Select Tab Proxy in case you also want to configure the HTTP proxy settings. The proxy setting is
optional. The Proxy address is a host name or an IP address. When port is not defined, port 8080 is
used.

7. Transfer the policy to your phone.

– Select Save button to save policy file to your local storage device, e.g. hard disk). The file name
will be the Policy Name with extension *.vpn. You can then transfer the file to your phone via
Bluetooth, USB or memory card and open it with the File Manager in your phone.

Install and configure Nokia Mobile VPN client 4

© 2012 Nokia. All rights reserved.

 – Alternatively, you can select Send button to send the policy directly to device that is connected
to NCT. Note that this button is grayed if phone is not connected. See instructions in Nokia
Configuration Tool how to connect your device. You will find the downloaded file in folder C:/
Other/ in your device.

8. Open the file with File Manager to install the VPN policy. Go to Menu > Office to launch the File
Manager. Select C: Phone memory.

9. Select folder Other and click on the *.vpn file. In this case My_mVPN_config.vpn. Note that you need
to have the Nokia Mobile VPN client installed on the device before installing then VPN policy file.

10.Answer Yes to the Install request.

Now you are ready to browse using Nokia Mobile VPN. Start the web browser by selecting Web. In VPN
toggle version, switch VPN toggle ON. Select Intranet with the name of the policy that you have just
installed. You will be asked for your VPN username and VPN password. Key in your credentials and your
device is connected to the gateway and you can start browsing your Intranet.

See Advanced instructions in case you have problems when connecting to the gateway.

Install and configure Nokia Mobile VPN client 5

© 2012 Nokia. All rights reserved.

 Advanced instructions
In case you do not manage to connect to the gateway please check that you have keyed in the parameter
values correctly in Nokia Configuration Tool (NCT).

In case you still do not manage to connect to the gateway then please contact your IT Manager in case
you work in an enterprise, Internet Service Provider (ISP), or provider of VPN gateway service.

In case you do not get the VPN username and password query, then your IKE parameters might be
incorrect. Use NCT to try other combinations:

Select Advanced button in NCT to go the advanced parameter settings. Select IKE, Proposals and
AES128-CBC and then try different combinations with Encryption algorithm and Hash algorithm. Try to
connect to the gateway with each of these combinations to find the right one. When you get VPN
username and password query the IKE part of the authentication is fine.

In case you still have problems to connect to the gateway then you might have issues with the IPsec
parameters. To change the IPsec parameters use the NCT tool and select Advanced in NCT. Select
IPsec, SAs, My_mVPN_config_1 (name of the policy file) and try different combinations with Encryption
algorithm and Hash algorithm. In addition, try with combinations of Perfect Forward Secrecy set ON
and OFF.

You can also check the VPN log in case you have problem to see where the problem lies. To check the
VPN log select Settings > Connectivity > VPN > VPN log.

If you still are not able to get the VPN to work, please contact Nokia Support for assistance.

Additional information
In some cases you might also change other parameters. See the Policy Specification section in Nokia
Mobile VPN IT Admin Guide (Nokia Expert Centre's VPN resource hub) for details.

Note that a VPN policy file (*.vpn) is a Zip format file consisting of:

– a policy file and a policy information file, which are just plain text files

– Optional files: user’s private key file, user’s certificate file and CA certificate file. (Certificates are
required for other authentication methods besides IKE pre-shared keys (Optional)

Advanced instructions 6

© 2012 Nokia. All rights reserved.

 Nokia Mobile VPN Client for Symbian Belle
The new Mobile VPN Client for Symbian Belle provides an easier way to connect via VPN and makes it
possible to quickly check if the VPN connection is active.
The new Nokia Mobile VPN client is available for Symbian Belle products using software update or from
Nokia Store. At a later phase it will be included in the phone firmware. The version number of the first
released revision of Nokia Mobile VPN Client is 44.1.3, which can be checked from VPN Log view in
Settings > Connectivity > VPN > VPN log. The version number is shown as 44.x.y, where x and y denote
subrevisions including latest fixes.

The new Mobile VPN Client comes with new VPN UI components and a new VPN access method. The
target has been to create an easier way to connect via VPN and also to provide means to quickly check
if VPN Connection is active. New features include:

VPN Indicator in Status Bar

Indicates to the user when VPN Connection is active. When present, VPN Indicator replaces the GSM/
3G/WLAN Connectivity Indicator.

VPN Toggle
Forces connections to VPN, no need to choose Intranet anymore.

VPN Toggle is a new concept that makes it easy to use VPN connection. When Toggle is Off,
connections are created normally. When Toggle is set On, all subsequent connections created to
Internet Destination are diverted to the Intranet Destination, which contains the VPN Access Point.
Also, all existing connections to Internet Destination are disconnected, and when application
reconnects, the connection will be created via Intranet Destination. Conversely, when Toggle is set
from ON to OFF, all existing Intranet connections created by VPN Toggle are disconnected. VPN
Toggle can be accessed at Settings > Connectivity > VPN.

VPN shortcut in Status Pane

VPN shortcut in the Status Pane provides an easy access to check VPN Toggle status and to go to
VPN Management UI.

VPN Management UI move up

Makes VPN UI access easier. VPN Management UI has moved up one level at the settings tree for
making the access to it easier. It can be now found directly at Settings > Connectivity.

VPN Homescreen Widget

The VPN Homescreen Widget provides an easy access to VPN Toggle right from the Homescreen.
To use it user needs to first install it in the Homescreen by tapping a couple of seconds in the
Homescreen area and then adding the VPN on/off widget. The Widget then appears in the
Homescreen. Widget shows the VPN Toggle status and by clicking it the status can be changed.

Otherwise the new version is functionally equivalent with the previous version 4.3 used in Symbian Anna
products. The new features are explained in detail in VPN connection using VPN toggle.

Nokia Mobile VPN Client for Symbian Belle 7

© 2012 Nokia. All rights reserved.

 VPN connection using VPN toggle
The new VPN Toggle changes the way how VPN Connections are created. When VPN Toggle is ON, all
subsequent connections requested to Internet Destination are diverted to Intranet Destination, which
contains the VPN access point(s).
Most of the applications using Internet connections usually connect via Internet Destination or via
Default destination, which itself is by default Internet Destination. Thus, VPN Toggle automatically
reroutes those connections via VPN. There may be, however, applications that use directly some
Internet Access Point, like WLAN or 3G, and those connections are not affected by VPN Toggle.

VPN Toggle does not itself create any VPN connection. It only forces subsequent connections to be
rerouted via VPN, or actually via Intranet Destination. If there are any existing connections via Internet
Destination when VPN Toggle is set ON, they are disconnected, and any application using the
connection needs to reconnect, which is then done via VPN. Depending on the application, it may cause
a notable break in the application behaviour. Depending on the VPN Policy used, it is also possible that
the service used in the Internet is not at all available in the Intranet. Consult your network administrator
to check the availability of Internet services in the Intranet you are using.

Some applications, like for instance small widgets or messengers may create a lot of short-lived
connections. Also, some applications may create connections at background. If such applications are
using Internet Destination, their behaviour is impacted by VPN Toggle, and their connections are
rerouted via VPN. If VPN Policy requires user to give credentials during the connection establishment,
that may cause problems, since user needs to frequently enter the requested username/password or
even worse, user may even miss the whole query, if he is not looking at the phone at the time. In such
cases silent policies (Certificates, Silent Xauth), if possible, are better options or user can configure
the applications to use other connection method or user should use VPN Toggle only when VPN
connection is specifically needed.

Mobile VPN Client still supports legacy connection methods, i.e. applications can use directly VPN
Access Points and Intranet Destination. In some cases it may be desirable. If some application is always
using Intranet connection, it is better to configure it to use directly VPN Access Point. Then VPN Toggle
is not needed to be used for that application. Also, in that case switching VPN Toggle ON/OFF does not
interrupt the existing VPN Connection from that application.

For additional support contact your country’s Nokia Support Center.

Nokia Mobile VPN Client for Symbian Belle 8

© 2012 Nokia. All rights reserved.