Release notes for Symantec Mobile VPN for Windows Mobile 5.1

Article:TECH104459  |  Created: 2008-01-24  |  Updated: 2008-01-25  |  Article URL http://www.symantec.com/docs/TECH104459
Article Type
Technical Solution


Issue



This document describes the new features and known problems in Symantec Mobile VPN for Windows Mobile 5.1.


Solution



New features in this release
This release of Symantec Mobile VPN includes the following new features.

Compatibility improvements
Symantec Mobile VPN is now compatible with the following applications:
  • RSA SecurID Software Authenticator for Windows Mobile devices, version 2.2
  • The Alcatel - Lucent gateway
  • The Juniper / Netscreen gateway

Authentication improvements
This release of Symantec Mobile VPN includes the following improvements to the authentication processes.
  • Certificate authentication with RSA and DSA signatures is now available.
  • You can now save the user authentication password, if the VPN concentrator allows it.
  • Domain information now persists in the user authentication dialog box.
  • On Cisco concentrators, user authentication is automatically negotiated.
  • On Nortel concentrators, you can change authentication types.

For more information, see the Symantec Mobile VPN Implementation Guide.

Performance improvements
This release of Symantec Mobile VPN includes the following performance improvements:
  • Reduced usage of storage memory and main memory
  • Support for more devices
  • Dead Peer Detection, implemented according to Cisco RFC 3706

Usability improvements
This release of Symantec Mobile VPN includes the following improvements to the user experience:
  • You can browse by host name if the VPN gateway provides the domain.
  • You can use a fully qualified domain name to configure a VPN gateway, instead of an IP address.
  • You can edit more quickly with a tabbed edit dialog box.


Known problems
This release of Symantec Mobile VPN includes the following known problems. Workarounds are provided where available.

Installation and upgrade problems
The following known problems are related to installation and upgrade of the software.
    Problem: If you install an evaluation copy of Symantec Mobile VPN, and then advance the clock on your computer, the license may expire early.
    Workaround: Set the clock to the current date and time before you install the software.

    Problem: If you deploy an incompatible connection configuration file (VPNClientStartup.xml), you may receive a message that you must update the configuration file before the VPN can connect.
    Workaround: To update the configuration file, go to Menu > Policy > Update.

    Problem: If you install on a storage device, and if there is not enough available memory, the installation fails and directory errors appear.
    Workaround: Check available memory before you install on a storage device.

    Problem: If you cancel the upgrade process, and then immediately start it again, the upgrade may fail.
    Workaround: Wait for a minute, and then perform the upgrade.

    Problem: Information on how to upgrade the software is missing from the Symantec Mobile VPN Implementation Guide.
      To upgrade Symantec Mobile VPN to version 5.1 from previous versions
      1. Double-click one of the following files:
        • The most recent extract file on the desktop, if the user synchronizes the device with the computer.
        • The most recent .cab file on the device, if the user installs directly on the device.
      2. Follow the instructions on the screen.
      Alternately, if users synchronize their devices with their computers, they can double-click the extract file on the desktop.


General device problems
The following known problems are related to the software on some or all devices.
    Problem: A security risk exists if you include key security parameters in a VPNClientStartup.xml file for distribution to remote users.
    Workaround: To protect system security, do not include security parameters in .xml files, even if the files are encrypted. These parameters include the IPSec group password, the authentication user name, and the authentication password.

    Problem: To browse the Web on a VPN connection, Automatically detect settings must be checked in Pocket Internet Explorer.
    Workaround: Go to Pocket Internet Explorer > Menu > Options > Connections, and check Automatically detect settings.

    Problem: If you open the VPN server settings dialog box while the VPN is connected, the connection settings are permanently compromised.
    Workaround: Make sure that all device connection settings dialog boxes are closed before you connect the VPN.

    Problem: The VPN connects, but you may lose your browser connection. This scenario occurs if you connect to the VPN over a cellular network while a page is loading in Internet Explorer.
    Workaround: Close the VPN connection, and exit the VPN user interface. Start the VPN, and reconnect.

    Problem: The user authentication screen closes after 60 seconds if no information is entered.
    Workaround: If the user authentication screen closes, open the connection again.

    Problem: On some devices, if the device is suspended or turned off during a VPN connection, when the device is turned on, WiFi may be disabled.
    Workaround: Exit the WiFi connection and then start it again.

    Problem: Connection problems may occur if a server banner is open when the program is exited abruptly.
    Workaround: Always close server banners before you turn off the device, reset the device, or exit the VPN software. Server banners may appear after you establish a VPN connection. They close automatically in 60 seconds.

    Problem: On a device that includes WiFi and cellular connections, if you disable the device connection that is not in use, the VPN connection closes. The VPN display may not indicate that the connection is closed.
    Workaround: Disconnect the VPN, and then reconnect it.

    Problem: On some devices, if you open a WiFi connection while the VPN is connected over a cellular network, you may experience problems with subsequent connections. The problems may not be resolved if you turn the device off and then turn it on again.
    Workaround: Close the WiFi connection, and then open it again. If this action does not solve the problem, perform a soft reset of the device.

    Problem: If you use the Update Configuration function, the saved user authentication passwords are lost. This function is available at Menu > Policy > Update.
    Workaround: Update the configuration, reconnect to the concentrator, and then save the password.

    Problem: Soft token settings do not persist when you export or import the connection settings. If an exported connection setting contains "use soft token" in the User Auth setting, it is imported with the previously used User Auth setting. It is not imported with the "use soft token" setting.
    Workaround: After import, edit the connection setting by selecting the "use soft token" option.

    Problem: On a Smartphone device, you cannot use soft keys to enter symbol characters in the password field of the user authentication dialog box.
    Workaround: If a password includes symbol characters, use the keyboard to enter the password.

    Problem: On a Smartphone device, if you import data, and if the import file is not found in the My Documents folder, a wait cursor appears.
    Workaround: Press OK to close the cursor screen.

    Problem: Version 2.2 of the RSA SecurID Software Authenticator application for Windows Mobile devices is not compatible with the Smartphone version of the VPN software. Users cannot select a soft token in the VPN UI.
    Workaround: Not available, except for the Motorola Q device. On this device, if the soft token does not appear in the user authentication dialog box, exit the VPN and start it again.


Device-specific problems
The following known problems are related to the software on specific devices.

PocketPC
    Cingular HP 6915: To create a VPN connection, the connection settings must be changed from MEDia Net to My ISP.
    Workaround: To change the connection settings, go to Settings > Connections > Connections > Advanced > Select Networks. Change the MEDia Net dropdown selection to My ISP. Go to Edit > New, and then follow your mobile service provider's instructions to add a new connection.

    Cingular HP 6915: If the VPN software is installed with WiFi off, WiFi may not immediately connect when enabled.
    Workaround: Go to Settings > Connections > iPAQ Wireless > Wi-Fi, and then click View Wi-Fi Networks. Right-click the desired connection, and then click Connect.

    Sprint PPC 6700: If you turn off the device while a VPN tunnel is established over WiFi, you may experience connection problems.
    Workaround: Disconnect and reconnect the VPN.

    Sprint PPC 6700: The device does not obtain an IP address if WiFi is turned on while the VPN tunnel is connected over a cellular network. This problem can occur even if the VPN is subsequently disconnected.
    Workaround: Disconnect the VPN, and then turn WiFi off and on again.

    Dell X51: When you install or uninstall the software, the WiFi connection is dropped.
    Workaround: Turn WiFi off and on again to regain functionality.

    Symbol MC 70: If an existing tunnel is dropped, re-establishing the connection may fail.
    Workaround: Turn WiFi or the device radio off and on again, and then reconnect the VPN.

    Symbol MC 70: If the VPN is installed with an active WiFi connection, WiFi may fail to re-initialize after the soft reset.
    Workaround: Turn WiFi off and on again to regain connectivity.

Smartphone
    HP iPAQ 510: This device is not supported.

    Sprint HTC 6800: The Sprint WiFi application to manage connections does not work with the VPN installed. After VPN installation, WiFi turns on and off sporadically, which causes a VPN tunnel to be disabled at random.
    Workaround: Modify the WiFi settings by using Microsoft Wireless Zero Configuration, which is built into the operating system. Until you modify the WiFi settings, the Sprint WiFi application reports that WiFi is turned off.

    T-Mobile Dash: This device disconnects a WiFi connection if the connection is idle for a few minutes. If the WiFi connection is disconnected, the VPN connection is also disconnected.






Legacy ID



2008032410525448


Article URL http://www.symantec.com/docs/TECH104459


Terms of use for this information are found in Legal Notices