Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

ipUnplugged

Certified for use with: Check Point VPN-1 and SecureClient

Product Description:
The ipUnplugged solution is built on open standards such as Mobile IP. Mobile IP provides seamless mobility for users, whether they are within their enterprise networks or away from home.

The Roaming Gateway is a highly advanced mobility gateway. The Roaming Client is an add-on software to be installed on the mobile device, providing a seamless and secure tunnel to the Roaming Gateway. The Roaming Server is an advanced still intuitive service- and user-provisioning system. The Roaming Server enables automatic distribution of client software and user configurations, making the service easy to administer and maintain.

Benefits

  • Always Connected
  • Always Secure
  • Easy to Use

Without requiring any manual intervention, The ipUnplugged solution ensures that a user is always connected to the best network available. Combined with the policy to always encrypt traffic where needed, this give the user an Easy to Use secure access.
 
Key Features and Benefits
OPSEC Integration		 Clear Arbor
 
Company Description: IpUnplugged is the leading developer of mobility software for secure and seamless roaming across public and enterprise LANs, WLANs, GPRS, CDMA and 3G networks. IpUnplugged´s Roaming Client, Roaming Gateway and Roaming Server software enables users to roam securely and seamlessly from one network to another without having to reconnect, change settings or lose connectivity at any point in time. The products are based upon industry standards and technology like Mobile IP, IPsec and standard AAA. IpUnplugged AB is privately held. The corporate headquarters is located in Stockholm, Sweden. For more information on ipUnplugged their website.
 
Key Features and Benefits
  • Provides enterprise customers with an integrated Mobile IP and VPN solution, offering the best possible benefits from both the mobility and security perspectives.
  • Offers a remote access (RA) VPN solution for desktop and laptop users with mobility capabilities, enabling them to roam through different locations with a choice of access method into the public network, such as: GPRS, CDMA, 3G, Wi-Fi and LAN.
  • Provides connection awareness, whether the Mobile Node (MN) is located outside or inside the corporate network, and activates the VPN remote access client accordingly.
  • Offers security for the Mobile IP protocol and secures the Home Agent (HA) module.
OPSEC Integration

The VPN-1 product provides perimeter security for the corporate network and enables VPN Remote Access for the mobile users. The gateway has a number of networks directly connected to its physical interfaces, for instance: Corporate LAN network via layer 2 switch and DMZ network.

The ipUnplugged Roaming Client, residing on the mobile node, provides seamless mobility for the mobile node and automatic switching between different network infrastructures without user intervention.

The ipUnplugged Roaming Gateway (RGW) is deployed in the DMZ network and communicates directly with the VPN-1 device. The RGW is responsible for Mobile Node authentication and registration. The device should establish a Mobile IP tunnel between the Mobile Node and the RGW’s interface. It is possible to deploy the RGW so that it communicates with the Roaming Server, in order to perform RADIUS authentication of users, download profiles and configure the RGW.

Diagram

Solution Concept
The client is able to communicate with the corporate network elements over the secured tunnel and preserve connectivity while roaming.

The secured tunnel is an IPSec tunnel established between a Mobile Node (MN) and the VPN-1 getaway. All user traffic, released from the MN, should be encrypted and sent towards the VPN gateway’s IPSec end-point interface, where it is decrypted and routed to the corporate LAN.

The VPN gateway becomes a single VPN terminator in this scenario.

The RGW is not involved in VPN activities.

The roaming/handover is a procedure where the Mobile Node is moving across different networks and stays always connected to the corporate network without losing active connections. The client preserves its local interface’s IP address during the handover procedure.

The roaming/handover is achieved by Mobile IP technology.

The client communicates with the Roaming Gateway using the Mobile IP protocol and tunneling. Mobile IP Collocated Care-Of Address (CCoA) mode is used to provide mobility for the client, and there is no need for a Foreign Agent (FA) component.

The Mobile Node benefits from IPSec over Mobile IP tunneling, where the MIP tunnel is terminated by the Roaming Gateway and the IPSec tunnel is terminated by the VPN-1 gateway.
Additional Information

Product Documentation