Call a Specialist Today! 800-886-5369

NCP Secure Entry Client for Android
Simple and Highly Secure Remote Access via Internet

NCP Secure Entry Client for Android

NCP Products
NCP Universal VPN Client Suite
NCP Secure Android Client Volume Edition, 5 to 24 users
Including License Management (VLS)
*Price per user. Quantity must be 5 or greater
#VNWAPC1
Our Price: $46.00
NCP Secure Android Client Volume Edition, 25 to 49 users
Including License Management (VLS)
*Price per user. Quantity must be 25 or greater
#VNWAPC2
Our Price: $42.55
NCP Secure Android Client Volume Edition, 50 to 99 users
Including License Management (VLS)
*Price per user. Quantity must be 50 or greater
#VNWAPC3
Our Price: $40.25

Pricing notes:

Overview:

NCP's Secure Clients for Android are available for mobile end-devices with the Android 5.x "Lollipop" and 4.x "Ice Cream Sandwich" operating systems. The clients are easy to use and provide highly secure Remote Access to the company network. They are compatible with all common third-party IPsec VPN gateways including Cisco, Juniper, Check Point, Fortinet, SonicWALL, Netgear, D-Link, Microsoft Server 2008 R2, Sophos (Astaro), and ADTRAN. The NCP Secure Android clients are also available with the NCP Volume License Server.

You can choose between two versions:

  • NCP Secure VPN Client for Android
  • NCP Secure VPN Client Premium for Android

Features:

  • Support of Widgets
  • IKEv1 (Main Mode, Aggressive Mode), IKEv2 support
  • IP address assignment via local IP address/manually or IKE config mode
  • XAUTH on/off
  • Split/full tunneling network access
  • Pre-shared key
  • PKCS#12 certificate support
  • One-time-password support (OTP support)
  • Auto reconnect mode - After starting the VPN connection the client will always try to reconnect after interruption of a Wi-Fi or cellular connection, until the connection is manually disconnected by the user.
  • Configurable connection mode (always, auto-reconnect)
  • Profile import of .pcf, .wgx, .ini or .spd files
  • NCP VPN Path Finder® Technology
  • FIPS Inside

Benefits:

  • Easy administration
  • Low training costs
  • Modularity and scalability
  • Fast availability of cutting-edge technologies through software updates
  • Fast return on investment (ROI) through low operating costs (total cost of ownership (TCO)).
  • High usability for users and administrators
  • NCP Path Finder Technology: Remote Access despite blocked IPsec connections
  • License management

Technical Data:

Secure Entry Client for Android: Technical Data
Operating System Android 4.0 and above
License Management Distribution of licenses by the Volume License Server
Standards Support of all Internet Society IPsec Standards
Virtual Private Networking IPsec (Layer 3 Tunneling), RFC conformant; IPsec proposals can be determined by the IPsec Gateway (IKE, IPsec Phase 2); Event log; Communication only in tunnel; MTU Size Fragmentation und Reassembly; DPD; NAT-Traversal (NAT-T); IPsec Tunnel Mode
Encryption Symmetric processes: AES 128,192,256 bits; Blowfish 128,448 bits; Triple DES 112,168 bits; Dynamic processes for key exchange: RSA to 2048 bits; Seamless Rekeying (PFS); Hash Algorithms: SHA-256, SHA-384, SHA-512, MD5, DH Groups 1, 2, 5, 14-18
FIPS Inside The NCP Secure Android Client uses an embedded FIPS 140-2-validated cryptographic module (Certificate #1747) running on an Android platform per FIPS 140-2 Implementation Guidance section G.5 guidelines. FIPS conformance will always be maintained when any of the following algorithms are used for establishment and encryption of the IPsec connection:
  • Diffie Hellman Group: Group 2 or higher (DH starting from a length of 1024 bits)
  • Hash Algorithms: SHA1, SHA 256, SHA 384 or SHA 512 bits
  • Encryption Algorithms: AES with 128, 192 or 256 bits or Triple DES
Authentication Processes IKEv1 (Aggressive und Main Mode), Quick Mode; XAUTH for extended user authentication;
IKE Config Mode for the dynamic assignment of a virtual address from an internal pool
(private IP) ; PFS
IKEv2
Pre-Shared Secrets
Strong Authentication PKCS#12 Interface for using User (Soft) Certificates
Multi Certificate configuration
One-Time Passwords and Challenge Response System; RSA SecurID Ready
Network Protocol IP
Auto Reconnect A connection is automatically established if the Internet connection has been interrupted or the communication medium has changed from WiFi to mobile data transmission. Configurable connection mode (always, manual)
VPN Path Finder NCP VPN Path Finder Technology, Fallback IPsec /HTTPS (Port 443) when port 500 or UDP encapsulation can not be used (prerequisite: NCP VPN Path Finder Technology required at the VPN Gateway)
IP Address Assignment DHCP (Dynamic Host Control Protocol); DNS: central VPN gateway selection using public IP address allocated by querying a DNS server
Line Management DPD (Dead Peer Detection) with configurable polling interval; Short Hold Mode; WLANRoaming (Handover); Timeout
Data Compression IPCOMP (lzs), Deflate
Other Features
  • UDP encapsulation
  • Import function supporting file formats:*.ini, *.pcf, *.wgx und *.spd
Internet Society RFCs and drafts RFC 2401 –2409 (IPsec), RFC 3947 (NAT-T negotiations), RFC 3948 (UDP encapsulation), IP Security Architecture, ESP, ISAKMP/Oakley, IKE, XAUTH, IKECFG, DPD, NAT Traversal (NATT), UDP encapsulation, IPCOMP
Client Monitor
Intuitive GUI
English; Connection control and management, connection statistics, log files; trace tool for error diagnosis; traffic light icon indicates connection status

Comparison:

Technical Features VPN Client Premium Enterprise
Operating System
Operating System
Central Management
Security Features
Security Features
Virtual Private Networking
Encryption
FIPS Inside
Authentication Process
PKCS#12 Interface for private key in soft certificates Multi Certificate configuration
IKEv2
Pre-Shared Secrets
Strong Authentication
PKCS#12 Interface for private key in soft certificates Multi Certificate configuration
One-Time Passwords and Challenge Response System; RSA SecurID Ready
Networking Features
Network Protocol
Auto Reconnect
VPN Path Finder
IP Address Assignment
Line Management
Data Compression
Other Features
UDP encapsulation
import function supporting file formats:*.ini, *.pcf, *.wgx und *.spd
Internet Society RFCs and Drafts
Internet Society RFCs and Drafts
Client Monitor
Intuitive GUI

Android Devices and NCP Solutions:

Universal VPN Clients for companies of all scales for Android Tablets and Smartphones

Do you own a mobile end device running on the Android 4.x operating system? Would you like to use it to securely access data on the company network via VPN? If your answer to both questions is "yes", NCP developed the perfect software for you: the NCP Secure VPN Clients for Android.

The following VPN clients for Android end-devices are available:

NCP managed Android Clients
NCP Secure Enterprise Android VPN Client NCP Secure Android Client Volume Edition NCP Secure VPN Clients for Android
How to buy specialist retailer / invoice specialist retailer / invoice Google Play / credit card
License Management Yes Yes No
Configuration Management Yes No No
Certificate Management Yes No No
Multi-Tenancy Yes Yes No
User About 50 ot more About 5 -50 Workstation
Management-Tool Secure Enterprise Management Volume License Server No Tool

Managed Android VPN Clients

NCP's Secure Enterprise Android Client is part of the NCP Enterprise series and can be comfortably managed with NCP's Secure Enterprise Management. The client allows comfortable and highly secure remote access to the company network and it is compatible to IPsec gateways of various producers.

NCP's Volume License Server (VLS) is an additional tool for the Android VPN Client Volume Edition which is available for 5 + User. This tool simplifies license management.

NCP VPN Clients on Google Play

The VPN Clients NCP Secure VPN Client for Android and NCP Secure VPN Client Premium for Android are available on Google Play. The two IPsec VPN clients have been designed for private use or use in small scale environments containing only a small number of Android Smartphones or Tablet PCs. They are also compatible to all major IPsec VPN Gateways. Further information on NCP Google Play Store VPN Clients.

FAQs:

Can I import configuration files?

Yes, you can directly import configuration files (*.pcf, *.spd, *.wgx, *.ini) from other manufacturers or files (*.ini) exported by the NCP configuration exporter.

You further have the option to import the configuration file "ncpphone.cfg". Please note that this configuration file only contains the VPN profile for the communication medium LAN.

Please copy the file "ncpphone.cfg" to the "\NCP\Import" directory on the internal or external SD card of the Android phone. In Windows Clients this file is usually located in "C:\Program Files (x86)\NCP\Secure Client\". You can now import the configuration data from that file into the Android Client via the "Import / Export" option. If the file is located in the correct directory, the system displays the entry "ncpphone.cfg" and next to it a box which can be checked. Check this box and then press the "Back" button to leave the menu. With that, the configuration data has been imported correctly and a connection can be established.

How do I import a certificate?

Currently support is provided for a certificate stored in a PKCS#12 file located on the Android phone's internal or external SD card in the "\NCP\Import" directory.

Import the certificate into the Android Client using the "Import / Export" option (menu - Import / Export); select either "Import User Certificates" or "Import CA Certificates" dependent on the type of certificate being imported.

Finally, select the certificate as "Certificate" in the Profile settings.

What does the error message:
"Ike: NOTIFY : x : RECEIVED : NO_PROPOSAL_CHOSEN : 14" mean?

This error message means that the IPsec Phase 2 encryption settings are incorrect. Currently the Client only supports a limited list of proposals. If the VPN server requires a type of encryption not in that list, this error message will be generated when the Client attempts to establish a connection to the server. The facility to fully configure the settings will be implemented in the next version of the Client. In the interim, a workaround is to create the correct configuration ("ncpphone.cfg", see above) on a Windows Client and import that into the Android Client.

Is there an NCP Secure Client for Android versions earlier than V4.0?

Manufacturer dependent restrictions mean that, on Android versions earlier than V4.0, the NCP VPN Client can not be sourced from the Android Market and then installed in the normal way. To circumvent this problem, NCP has developed an NCP Secure Client that requires either a "rooted" device or a specially adapted Android kernel. NCP only supplies this product to hardware manufacturers or system integrators or for major projects.

Where do I store the Cisco parameters "Group Password" and "Group ID"?

Save the "Group Password" parameter as the "Pre-shared Key" in the NCP Android Client. Also, with connections to Cisco servers, "Exchange Mode" is then usually set to "Aggressive Mode".

Save the "Group ID" parameter as the "IKE ID", and then set the "IKE ID Type" to "Free string used to identify groups".

Does Google Play accept other methods of payment apart from credit cards or is there another ordering process?

Google Play only accepts credit cards. However, both NCP Enterprise Versions for Android operating systems are available through our reseller and partner.

How does the configurable connection mode of the Premium Client work?

The VPN tunnel always starts automatically without interaction with the user. If connection setup fails, the client tries to establish a connection every 20 seconds. In order to permanently disconnect the tunnel, the user should select a different profile, which has been configured for the manual connection mode. Please note that after cold booting the device, the user has to manually initiate the first VPN connection setup.

NCP's Secure VPN Client Premium automatically reconnects a VPN tunnel (auto-reconnect: default setting) if a connection has been interrupted or the communication medium has been changed (3G/WiFi). Under certain circumstances, however, for example with bad 3G reception, it might happen that the VPN reconnect fails and the connection remains disconnected. Users who wish a permanent VPN connection can counter this by setting the communication mode to "always". With that setting an established VPN connection will only be permanently disconnected if the user selects a different VPN profile.

Why does NCP's Secure VPN Client not work on my Android 4.x system?

NCP's Secure VPN Client requires a VPN-API, which has to be installed on the Android 4.x operating system. If the system displays an error message after installation of the client, please contact the manufacturer of your device or install the latest systems software or Android version; you will find both on the manufacturer's support websites.