Extranet Connect Services
Frequently Asked Questions (FAQ)
What can I do to prevent intrusion attacks when I use ECS via Internet?
There is no 100% safe solution. If you are not sure about the consequences for your environment you might need to consult a security expert. A good rule is to regularly check for updates of the used applications and operation systems. Additional security can be implemented with firewalls, packet filter routers, antivirus and personal firewall software etc.
Why does my Internet connection work unpredictably when used from behind an ISDN router?
One reason can be that your ISP uses dynamic IP-addressing on the ISDN circuit. Whenever the ISDN connection drops (due to idle timeouts) and reconnects it most likely won't have the same IP-address assigned for your router. The VPN gateway can't associate the established VPN tunnels with this new assigned IP-address. Our suggestion is to expand the idle timeout (but be aware of cost!) or try to find an ISP who offer fixed assigned IP-addresses for the ISDN line.
Can I use other IPSec compliant clients from other vendors to access ECS?
No, not today because the authentication method used by ECS involves the proprietary IKE Hybrid mode feature.
Does ECS protect my PC or LAN when I'm using Internet to connect to the Volvo Extranet?
No, the ECS service only protect the communication between the computer and the Volvo Extranet. When connecting your PC or LAN to the Internet you also expose your PC or LAN for attacks.
What protocols and ports is used by the ECS service?
The ECS service use the following protocols and port numbers:
- The topology fetching: TCP port 264 (source port)
- IKE exchange: UDP port 500 (both source and destination ports)
- UDP encapsulated ESP datagram: UDP port 2746 (both source and destionation ports)
I'm using a Microsoft proxy server to access the Internet. Can I use ECS?
No, it is not possible without some modifications in the server to bypass the Proxy server application. The proxy server uses SOCKS to communicate between the client and the proxy server. SOCKS configuration file controls what to run through the Proxy server before data is passed to the IP-stack where the ECS client is working. If the user use the SOCKS-client to access the Internet, then the data passed to the ECS client will look like SOCKS data destined for the proxy server, and will not be detect that traffic as going to Volvo.
The ECS client will pass this data transparent to the proxy server. NT-servers can make use of the free software add-on from Microsoft called Microsoft Routing and Remote Access Service (RRAS) to be able route the ECS data beside the proxy-server application. RRAS offer a lot of filering capabilities (read more on Microsoft knowledge base).
Is ECS a tool for secure server to server communication?
No, because the ECS service demands user interaction for authentication.
I'm using my applications on a terminal server. Can I use the ECS service?
No, the ECS service is only for single user PC's. The ECS service can't control that not someone else on this server can access Volvo Extranet without authentication.
Sometimes when I'm accessing the Volvo Extranet I get application timeouts. Why?
Applications are more or less sensible for how long timeout they accept before they want feedback from the server side. Before the data can be sent from the client to the server it is stored locally in the client until the VPN-tunnel is established. If the authentication process takes to long time it will fail. To avoid this scenario, use the manual icon to bring up the tunnel before running your business applications.
How does the ECS client know when to bring up the tunnel?
The installation adds a deamon in the PC which listen for interesting packets. Which packets to route via ECS is described in a configuration file received by the client after a successful "update of site".
I have installed another VPN client on my PC. Can I use ECS?
VPN clients can interfere with each other and cause problems. The latest ECS version works better with other new VPN clients (eq Cisco VPN clients). We can't test all other clients therefore it's recomended to uninstall other VPN client software before the ECS client is installed.
What is SMS-OTP and how do I use it?
SMS-OTP (SMS-One Time Password) is an service to ECS, which makes it possible to receive a one time password to your cellphone. The SMS-OTP service can be used instead of Digipass.
For more information on how to use SMS-OTP, download the instructions:?