`
`fiwmmg
`
`
`
`
`
`Adm‘btmtflt”aGame
`__.'.._.._...._.._..~».. _T~ ”affirm
`—~-_1—"-
`
`A’-l’mam
`
`Aventaii "
`
`Petitioner Apple - EX. 1022, p. 1
`
`Petitioner Apple - Ex. 1022, p. 1
`
`
`
`AVENTAIL CONNECT 3.1/2.6 ADMINISTRATOR’S GUIDE
`
`© 1996-1999 Aventail Corporation. All rights reserved.
`
`808 Howell Street, Second Floor
`Seattle, WA 98101
`USA
`
`http://www.aventail.com/
`
`Printed in the United States of America.
`
`TRADEMARKS AND COPYRIGHTS
`
`Aventail is a registered trademark of Aventail Corporation. AutoSOCKS, Internet
`Policy Manager, Aventail VPN, Aventail VPN Client, Aventail ExtraNet Center,
`and Aventail ExtraNet Server are trademarks of Aventail Corporation.
`
`SocksSToolkit is a trademark of NEC Corporation. MD4 Message-Digest Algo-
`rithm and MD5 Message-Digest Algorithm are trademarks of RSA Data Security,
`inc. Microsoft, MS, Windows, VWndows 95, Windows 98, and Vifindows NT are
`either registered trademarks or trademarks of Microsoft Corporation. ReaIAudio
`is a trademark of RealNetworks. SecurID, SoftlD, ACE/Server, and SDTl are
`either registered trademarks or trademarks of Security Dynamics Technologies,
`Inc.
`
`This product includes software written by Dr. Stephen Henson.
`
`Other product names mentioned in this manual may be trademarks or registered
`trademarks of their respective companies and are the sole property of their
`respective manufacturers.
`
`© 1995-1996 NEC Corporation. All rights reserved.
`
`© 1990-1992 RSA Data Security, Inc. All rights reserved.
`
`© 1996 Hi/fn Inc, including one or more US. patents: 4701745, 5016009,
`5126739, and 5146221, and other patents pending.
`
`© 1996-1997 Consensus Development Corporation. All rights reserved.
`
`Aventail Connect 3 1/2, 6 Administrator’s Guide - 1'
`
`Petitioner Apple - EX. 1022, p. 2
`
`Petitioner Apple - Ex. 1022, p. 2
`
`
`
`Table or t'.“'£$}:‘i'i.".¥'tiiisw '*
`
`Table of Contents
`
`TROUBLESHOOTING
`
`Trademarks and Copyrights ...................................... i
`
`INTRODUCTION ................................................. 1
`
`About This Document .......................................... 3
`
`Document Organization ......................................... 3
`Document Conventions ......................................... 4
`
`Aventail Technical Support ...................................... 5
`About Aventail Corporation ...................................... 5
`
`ADMINISTRATOR’S GUIDE
`
`Getting Started ................................................ 6
`Network Security in a Nutshell .............................. 6
`What is Aventail Connect? ................................. 7
`What Does Aventail Connect Do? ........................... 9
`How Does Aventail Connect Work? ......................... 11
`
`13
`Aventail Connect Platform Requirements .....................
`Interface Features ....................................... 14
`
`Installation Source Media ................................. 14
`
`Installing Aventail Connect ..................................... 15
`Configuration Files ...................................... 15
`Customized Configuration and Distribution ....................
`16
`Individual Installation ............... v...................... 16
`Network Installation ...................................... 18
`
`Administrative Setup ..................................... 21
`Customizer ............................................ 22
`
`33
`Configuring Aventail Connect ............................. '. .....
`Define an Extranet (SOCKS) Server ......................... 35
`Define a Destination ..................................... 39
`Enter Redirection Rules .................................. 42
`Define Name Resolution .................................. 45
`
`Manage Authentication Modules ............................ 46
`Advanced Tab Options ................................... 62
`Enable Password Protection ............................... 67
`
`Multiple Firewall Traversal ................................ 68
`Example Network Configuration ................................. 76
`Configuration Using Aventail ExtraNet Server ................. 76
`
`Aventail Connect 3. 1/2. 6 Administrator’s Guide - ii
`
`Petitioner Apple - EX. 1022, p. 3
`
`Petitioner Apple - Ex. 1022, p. 3
`
`
`
`Table of Contents
`
`UTILITIES REFERENCE GUIDE
`
`............ 80
`.
`,
`t
`.
`.
`.
`System Menu Commands
`Close ................................... .
`.
`.
`.
`.
`I
`.
`.
`I 80
`Hide Icon .............................................. 81
`
`Help .................................................. 81
`About ................................................. 81
`Credentials ............................................ 81
`ConfigurationFile..............................,........, 82
`Utilities ..................................................... 83
`
`Config Tool ............................................ 84
`Logging Tool ........................................... 84
`S5 Ping ............................................... 92
`Secure Extranet Explorer ....................................... 95
`How Extranet Neighborhood Works ......................... 96
`Installing Extranet Neighborhood ........................... 97
`Configuring Extranet Neighborhood ......................... 97
`SEE Properties ........................................ 101
`
`TROUBLESHOOTING
`
`’
`
`Aventail Connect Installation Problems ........................... 107
`
`Network Connectivity Problems ................................. 108
`Aventail Connect Configuration Problems ......................... 108
`Application and TCP/IP Stack Interoperability Problems .............. 110
`Aventail Connect Trace Logging ................................ 110
`Error Messages ............................................. 111
`Reporting Aventail Connect Problems ............................ 112
`
`GLOSSARY .................................................. 113
`
`INDEX ....................................................... 117
`
`Aventail Connect 3. 1/2. 6 Administrator’s Guide - iii
`
`Petitioner Apple - EX. 1022, p. 4
`
`Petitioner Apple - Ex. 1022, p. 4
`
`
`
`Introduction
`
`_lntroduction
`
`Welcome to the Aventail Connect 3.1/2.6 secure Windows client for 16- and 32-
`
`bit Windows applications The client component of the Aventail ExtraNet Center,
`Aventail Connect is a secure proxy client based on SOCKS 5, the IETF standard
`for authenticated firewall traversal. Aventail Connect delivers enhanced security
`and simplifies SOCKS deployment for users and network managers.
`
`Aventail Connect redirects WinSock calls and reroutes them based upon a set of
`routing directives (rules) assigned when Aventail Connect is configured. (For
`more information about WinSock, TCP/lP, and general network communications,
`see “Getting Started")
`
`On larger networks, Aventail Connect can address multiple SOCKS 5 servers
`based on end destination and type of service. This feature enables network
`administrators to effectively monitor and direct network traffic.
`
`Aventail Connect is a proxy client, but when used with SSL it provides the ability
`to encrypt inbound or outbound information.
`
`Features of Aventail Connect:
`
`- Aventail Connect supports X509 client certificates for strong authenti~
`cation with SSL (when encryption is enabled)
`
`- Automated Customizer utility simplifies client configuration, distribution.
`and installation
`
`- SSL compression detects low bandwidth connections and compresses
`encrypted data (when encryption is enabled)
`
`- Secure Extranet Explorer (via Extranet Neighborhood icon on desk-
`top) allows users to securely access Windows or SMB hosts over an
`extranet connection (Windows 95, Windows 98, and Windows NT 4.0
`only)
`
`- Supports WinSock 2 (LSP) applications in Windows 98, and Windows
`NT 4.0, and VWnSock 1.1 and \MnSock 2 applications in VWndows 95
`
`- Supports VWnSock 1.1 applications in VWndows 3.1, Vifindows for Work-
`groups 311, and Windows NT 3.51
`
`- Multi Proxy feature allows you to use a SOCKS server or an HTTP
`proxy to control outbound access
`
`- Allows the use of port ranges for redirection rules
`
`~ Provides integration with SoftlDTM and SecurlDTM tokens
`- Provides automated installation and uninstallation
`
`- Credential cache timeout feature allows administrators to specify when
`credentials expire
`
`- Provides optional password protection for configuration files
`
`- Supports both SOCKS v4 and SOCKS v5 (RFC 1928 and RFC 1929)
`standards
`
`Aventail Connect 3. 1/2.6 Administrator’s Guide - 1
`
`Petitioner Apple - EX. 1022, p. 5
`
`Petitioner Apple - Ex. 1022, p. 5
`
`
`
`Introduction
`
`- Enables network redirection through successive extranet (SOCKS)
`servers
`
`-
`
`-
`
`Includes a logging utility to troubleshoot problems with network connec-
`fions
`
`Includes 3 Configuration wizard for simplified step-by-step creation of
`configuration files
`'
`
`- Allows internal network connections to pass through without interfer-
`ence
`
`- Supports multiple authentication methods including SOCKS v4 identifi—
`cation, username/password, CHAP, CRAM, HTTP Basic (username/
`password), and SSL 3.0
`
`a:
`““
`
`NOTE: Not all versions of Aventai/ Connect have encryption
`enabled.
`
`Aventail Connect 3. 1/26 Administrator’s Guide - 2
`
`Petitioner Apple - EX. 1022, p. 6
`
`Petitioner Apple - Ex. 1022, p. 6
`
`
`
`introduction
`
`ABOUT THIS DOCUMENT
`
`This Administrator’s Guide provides basic information about Aventail Connect. It
`includes entry-level data for non-technical users, plus installation, setup, and
`configuration information for network administrators. This information is also
`available via Aventail Connect Help and the Aventail Web site at
`http:l/www.aventail.comlcontentlproducts/docsl.
`
`DOCUMENT ORGANIZATION
`
`This document is divided into three main sections: Administrator’s Guide, Utili—
`ties Reference Guide, and Troubleshooting.
`
`The Administrator’s Guide describes procedures for setting up, installing, and
`configuring Aventail Connect for individual and multiple networked workstations.
`it also describes how to create a customized Aventail Connect package for distri-
`bution to multiple users.
`
`The Utilities Reference Guide describes the Aventail Connect system menu
`commands and utility programs. It contains detailed information about using the
`85 Ping utility and the Logging Tool, and documents the authentication/encryp-
`tion modules and settings.
`
`The document concludes with Troubleshooting and the Glossary.
`
`You can also use the Quick Start Card, a short document designed to help you
`install Aventail Connect to an individual workstation, and the Aventail Connect
`flowchart, at
`'
`http:llwww.aventaiI.comlcontents/solutionslpresentationslquickstartl
`vpnclient.pdf.
`
`Aventail Connecl3.1/2.6 Administrator‘s Guide - 3
`
`Petitioner Apple - EX. 1022, p. 7
`
`Petitioner Apple - Ex. 1022, p. 7
`
`
`
`DOCUMENT CONVENTIONS
`
`The following typographic conventions are used in this document. Exceptions
`may be made for online material; for instance, italics may be difficult to read
`online.
`
`Introduction
`
` Filenames. extensions, directory names,
`
`
`keynames, and pathnames.
`Command-line commands, options. and portions
`of syntax that must be typed exactly as shown.
`
`
`
`
`
`Bold
`
`Dialog box controls (Edit... buttons), e-mail
`addresses (support@aventail.com), URLs,
`(www.aventail.com), and IP addresses
`(165.121.6.26).
`
`Italic
`
`Placeholders that represent information the user
`must insert.
`
`w SEE ALSO: A reference to additional useful information.
`
`
`
`NOTE:
`
`Information the user should be aware of to increase
`
`understanding and/or efficiency of the software.
`
`Q CAUTION: An operational item that the usershould be aware ofto
`
`avoid a network pOIICy/software conflict, or/apse, which
`may create a MINOR security flaw.
`
`WARNING: An operational item that the user should be aware of to
`avoid a network policy/software conflict, or lapse, which
`may create a SERIOUS security flaw.
`
`Aventai/ Connect 3. 1/26 Administrator’s Guide . 4
`
`Petitioner Apple - EX. 1022, p. 8
`
`Petitioner Apple - Ex. 1022, p. 8
`
`
`
`Introduction
`
`AVENTAIL TECHNICAL SUPPORT
`
`Contact Aventail Technical Support If you have questions about installation, con-
`figuration, or general usage of Aventail Connect. Refer to the Aventail Support
`Web site, at http://www.aventail.comlindex.phtmllsupportl
`online_support.phtml, or the Aventail Knowledge Base, at
`http:llwww.aventail.com/index.phtml?page_id=03110000, for the latest tech-
`nical notes and information Refer to the readme . txt documentation for addi-
`tional information not included in the Administrators Guide.
`
`Aventail Technical Support:
`Web site: http://www.aventail.com/index.phtml/support/index.phtml
`. E-mail: support@aventail.com
`Phone: 206.215.0078
`Fax: 206.215.1120
`
`ABOUT AVENTAIL CORPORATION
`
`Aventail Corporation is the leading vendor of extranet software. Its extranet solu-
`tions allow organizations to secure their networked communications and man-
`age their employees’ access to the Internet. Building an extranet gives
`organizations the ability to dynamically create a private communication or data
`channel over the Internet. Aventail’s adherence to open security standards sim-
`plifies extranet deployment, enables interoperability, and leverages corporations’
`existing network investments. Its extranet solutions allow companies to extend
`the reach of their corporate extranets to customers, partners, remote offices, and
`worldwide employees.
`
`Aventail Corporation
`808 Howell Street, Second Floor
`Seattle, WA 98101
`Phone:206.215.1111
`Fax:206.215.1120
`
`http://www.aventail.com/
`info@aventail.com
`
`é?
`
`Aventail
`
`An aventail is a piece of chainmail armor worn around the neck area. In the 14th
`century, knights wore an aventail to protect themselves while in combat. Today,
`Aventail continues the tradition of protection by allowing organizations to
`securely communicate over the Internet.
`
`Aventail Connect 3. 1/26 Administrator’s Guide - 5
`
`Petitioner Apple - EX. 1022, p. 9
`
`Petitioner Apple - Ex. 1022, p. 9
`
`
`
`' "”"2i&.;,.-n.-‘si}aws Guide]
`
`Administrator’s Guide
`
`This section includes procedural and background information on installing Aven—
`tail Connect on both single and networked workstations. lt includes:
`
`-
`
`"Getting Started," with brief explanations of network security and com-
`munications
`
`- Definitions of SOCKS and Aventail Connect
`
`- Aventail Connect platform and installation requirements, with an intro-
`duction to WinSock 2 and LSP architecture
`
`-
`
`"Installing Aventail Connect," which includes network diagrams of
`Aventail ExtraNet Center and SOCKS v4—based sewer configurations
`- Directions on how to create and edit configuration files, and an intro-
`duction to the Aventail Customizer
`
`
`
`NOTE: Aventail understands the importance of a flexible, easy—to-use
`installation process. If you have feedback regarding the Aventail
`Connect installation procedures, or if there are additional features
`you want to see implemented, please e-mail comments to
`support@aventail.com. Your input is appreciated.
`
`GETTING STARTED
`
`If you are new to Aventail Connect technology, the following section will help you
`understand what Aventail Connect is and does, and its relationship to network
`security in general
`
`NETWORK SECURITY IN A NUTSHELL
`
`Escalating security threats are forcing companies to seek ways to safeguard
`their corporate networks and the information they exchange. The first response
`to these concerns has been the development of security firewalls—software bar-
`riers that control the flow of information. But firewalls are not designed to handle
`complex security issues, such as monitoring network usage, providing private
`communication over public networks, and enabling remote users to gain secure
`access to internal network resources.
`
`Enter SOCKS v5, an Internet Engineering Task Force (IETF)—approved security
`protocol targeted at securely traversing corporate firewalls. SOCKS was origi-
`nally developed in 1990, and is now maintained by NEC. SOCKS acts as a cir-
`cuit—level proxy mechanism that manages the flow and security of data traffic to
`and from your local area network (LAN) or extranet. An application whose traffic
`
`Aventail Connect 3. 1/26 Administrator’s Guide - 6
`
`Petitioner Apple - Ex. 1022, p. 10
`
`Petitioner Apple - Ex. 1022, p. 10
`
`
`
`Administrator’s Guide
`
`is proxied by SOCKS is considered "socksified." SOCKS is more than a stan-
`dard security firewall. Other features:
`
`- Client Authentication: (SOCKS v5 only) Authentication allows network
`managers to provide selected user access to internal and external
`areas of a network.
`
`- Traffic Encryption: (SOCKS v5 only) Encryption ensures that network
`traffic is private and secure.
`
`. UDP Support: (SOCKS v5 only) User Datagram Protocol (UDP) traffic
`has traditionally been difficult to proxy, with the exception of SOCKS v5.
`- Aventail Connect supports X509 client certificates within SSL.
`
`~ Cross-Platform Support: Unlike many other security solutions, SOCKS
`can be used on various platforms, such as VWndows NT. Vtfindows 95,
`Windows 98, and various forms of UNIX.
`
`
`
`NOTE: Not all versions of Aventail Connect include the SSL module for
`encryption.
`
`WHAT IS AVENTAlL CONNECT?
`
`Aventail Connect is the client component of the Aventail ExtraNet Center. Aven-
`tail Connect works with WGAVQDQU ExtraNet Server, the SOCKS 5 server com-
`ponent of‘the Aventail ExtraNet Center. You can use Aventail Connect as a
`simple proxy client for managed outbound access, and for secure inbound
`access.
`
`Aventail Connect automates the “socksiflcation” of Transmission Control Proto-
`col/Internet Protocol (TCP/IP) client applications, making it simple for worksta-
`tions to take advantage of the SOC KS v5 protocol. When you run Aventail
`Connect on your system, it, automatically routes appropriate network traffic, from
`a VlfinSock (Vlfindows sockets) application to an extranet (SOCKS) server, or,
`through successive servers, (VifinSock is a Windows, component thatconnects a,»
`Windows PC to the Internet usingTCP/l P.) The SOCKS server then sends the
`traffic to the Internet or the external network. Network administrators can define
`a set of rules that route this traffic.
`
`‘
`
`Aventail Connect is designed to run transparently on each workstation, without
`adding overhead to the user’s desktop. In most cases, users will interactwithm
`Aventail Connect only when it prompts them to enter authentication credentials
`for a connection to a secure extranet (SOCKS) server. Users may also occasion-
`ally need to start and exit Aventail Connect, although network administrators
`often configure it to run automatically at startup. Aventail Connect does not
`require administrators to manually establish an encrypted tunnel; Aventail Con-
`nect can establish an encrypted tunnel automatically.
`
`To understand Aventail Connect, you first need to understand a few basics of
`TCP/lP communications.
`
`Aventail Connect 3.1/2.6 Administrator's Guide - 7
`
`Petitioner Apple - Ex. 1022, p. 11
`
`Petitioner Apple - Ex. 1022, p. 11
`
`
`
`Administrator's Guide
`
`TCP/IP COMMUNICATIONS
`
`VWndows TCP/lP networking applications (such as telnet, e—mail, Web brOWsers;
`and ftp) use WinSock to gain access to networks or the lntemet. WmSock is the
`core component of TCP/IP under Windows. and is the interface that most Vlfin-
`dows applications use to communicate to TCP/lP.
`
`,,
`
`WINSOCK CONNECTION TO A REMOTE HOST
`
`Via WInSock,‘ an application goes through the following steps to connect to a
`remote host on the lnternet or corporate extranet:
`
`1. The application executes a Domain Name System (DNS) lockup to convert
`the hostname into an Internet Protocol (IP) address or, in rare cases, it will do
`a reverse DNS lockup to convert the IP address into a hostname. If the appli-
`cation already knows the IP address, this step is skipped.
`
`2. The applicaticnrequests a connection to the specified remote host. This
`causes the underlying stack to begin the TCP handshake, when two comput-
`ers initiate communication with each other. When the handshake is complete,
`the application is notified that the connection is established, and data can then
`be transmitted and received.
`
`3. The application sends and receives data.
`
`Aventail Connect 3. 1/26 Administrator’s Guide . 8
`
`Petitioner Apple - Ex. 1022, p. 12
`
`Petitioner Apple - Ex. 1022, p. 12
`
`
`
`Administrator‘s Guide
`
`WHAT DOES AVENTAlL CONNECT Do?
`
`Aventatl Connect slips,“ in between WinSoclsand theunderlyingTCP/JP stack”
`(See diagnambetemt Ag.enepplicetigottiateiteheMeenMnscggk.,§nd__th.e_IQP/
`$35.95.. Aventeii Canned. 3.1- i§ia.,Layered_Sv.eo/'
`Em. ‘
`c, .(L§E)~,..Ayenteii.;
`
`Connect can 9L1ea,sedatitwmpreesingit?! exempting for eXample) before .
`routing it to the TCP/lP stack for transport over the network. The routing is deter—
`mined by the rules described in the configuration file.
`-
`
`Windows TCPilP application
`(uses either WinSock 1.1 or
`WinSock 2)
`
`WirtSocK 1.1
`(coma; calls
`IaWirfSocK2]
`
`Physical network
`
`-
`Aventall Connect
`{Layered Service Provider}
`
`Multiple LSPS can
`be installed atthis
`level
`
`TCPiiP stack
`
`Windows TC P/IP applications and Aventail Connect have no direct contact with
`one another; instead, each of them communicates through WinSock. Multiple
`LSP applications can be installed at the LSP level.
`
`Aventai/ Connect 3‘ 1/26 Administrator’s Guide - 9
`
`Petitioner Apple - Ex. 1022, p. 13
`
`Petitioner Apple - Ex. 1022, p. 13
`
`
`
`
`
`NOTE: Aventail Connect does not alter or replace WinSock or any other
`core TCP/iP components (files) provided by the operating system.
`
`Administrator's Guide
`
`When the Aventail Connect LSP receives a connection request, it determines
`whether Or not the connection needsto be redirected (t0 an Aventail ExtraNet
`Server)and/or encrypted(in SSL) Vikien redirection and encryption are notnecs
`essary, Aventail Connect simply passes the connection request and any subse-
`quent transmitted data, to the TCP/iP stack.
`
`_
`
`The two most popular versions of VWnSock are versions 1.1 and 2. Aventail Con-
`nect 3.1, like all LSPs, requires VWnSocK 2; NnSock 1.1 does not support LSPs.
`WinSock 2 includes backward-compatibility with all VMnSock 1.1 applications.
`Not every platform supports WinSock 2 and its LSP structure.
`
`- V\findows 98 and VWndows NT 4.0 support VifinSock 2 natively. (Win-
`dows NT 4.0 requires Service Pack 3 or above, available from
`Microsoft.)
`
`' Wndows 95 supports VWnSock 1.1. VWndows 95 can also support Win-
`Sock 2, but you must install a patch (available from Microsoft) to add
`support for ViAnSock 2.
`
`. Vifindows 3.1, Windows for Workgroups 3.11, and Windows NT 3.51 do .
`not support WinSock 2; they support only WinSock 1.1.
`
`For those platforms that do not support NnSock 2 and LSP applications, Aven-
`tail includes Aventail Connect 2.6 on the Aventail Connect 3.1/2.6 CD. Aventail
`Connect 26 was designed for operating systems that support only WinSock 1.1.
`On Wndows 3.1, Vifindows for Workgroups 3.11, or VWndows NT 3.51 operating
`systems, setup will install Aventail Connect 2.6. lfyou are working on a Vifindows
`95 operating system, setup will detect whether you have installed the Microsoft
`Windows 95 WinSock 2 Update. If setup detects the Microsoft update, which
`upgrades Windows 95 to support VWnSock 2, setup will install Aventail Connect
`3.1. if setup does not detect the Microsoft update, it will install Aventail Connect
`26.
`
`The Aventail Connect 2. 6 user interface is identical to that of Aventail Connect
`3.1; however, AventaiiCOnnect 3.1 includes MultiProxy functionality (see “Multi—
`ple Firewall Traversal”). Aventail Connect 2. 6 does not include MultiProxy.
`
`in the future, more Windows applications may require WnSock 2.
`
`During installation, setup determines which version ofAventail Connect to install.
`On VWnSock 2 platforms, Aventail Connect 31 is installed. On VifinSock 1.1 plat-
`forms, Aventail Connect 2.6 is installed. The following table shows how setup
`determines which version of Aventail Connect to install.
`
`Aventail Connect 3. 1/2. 6 Administrator’s Guide - 10
`
`Petitioner Apple - Ex. 1022, p. 14
`
`Petitioner Apple - Ex. 1022, p. 14
`
`
`
`
`Windows 98,
`Wi—nSock 2
`..
`i Aventail Connect 3.1
`Vtfindows NT 4.0
`
`
`Windows 95
`
`Aventail Connect _3.1
`Vlfith Microsoft
`patch: WinSock 2
`
`Administrator’s Guide
`
`
`
`
`
`
`
`’
`Wit—(163;; 571'.”
`Windows for Workgroups 3.11,
`VWndows NT 3.51
`
`Vtfithout Microsoft
`patch: WinSock 1.1
`
`Aventail Connect 2.6
`
`VViftSock {.3
`
`Aventail Connect»2.6
`
`You can create custom packages that include one or both versions of Aventail
`Connect (3.1 and 2.6). Setup will determine which version to install on each
`workstation. (For more information, see “Customizer.")
`
`WINDOWS 95 AND WINSOCK
`
`The Microsoft VWndows 95 WmSock 2 Update upgrades VtfinSock 1.1 to Win-
`Sock 2 in Vtfindows 95. This patch (filename w95ws2setup . exe) is available
`from the Microsoft Web site, at http:llwww.microsoft.comNVindows95/down-
`loads/contents/wuadmintools/s_wunetworkingtoolsNV95$ocket52l
`default.asp. Unless you need specific Aventail Connect 3.1 features, Aventail
`recommends that you do not upgrade from WinSock 1.1 to WinSock 2. If you do
`not upgrade to WinSock 2, Aventail Connect 2.6 will be installed on VWndows 95
`systems,
`
`If you do need to install the Microsoft Windows 95 VWnSock 2 Update, follow the
`instructions provided by Microsoft. Reboot your computer after upgrading, prior
`to installing Aventail Connect.
`
`How DOES AVENTAIL CONNECT WORK?
`
`The following three steps are identical to standard WinSock communications
`steps described above; however, nested inside them are additional actions and
`options introduced by Aventail Connect.
`
`1. The application does a DNS lookup to convert the hostname to an ”3 address
`or, in rare cases, it will do a reverse DNS lookup to convert the IP address to a
`hostname. If the application already knows the IP address, this entire step is
`skipped. Otherwise, Aventail Connect does the following:
`
`'
`
`If the hostname matches, a local domain stringerdoesm,watcharedi-
`rection rule, Aventail Connect passes the name resolution query ,
`;
`through to theTCF’IlPStack on the local workstationt The,_,T.CP/IP stack
`performs the lookup as if Aventail Connect were not running.
`
`Aventail Connect 3. 1/2. 6 Administrator’s Guide - 11
`
`Petitioner Apple - Ex. 1022, p. 15
`
`Petitioner Apple - Ex. 1022, p. 15
`
`
`
`Administrator’s Guide
`
`-
`
`-
`
`If the destination hostname matches a redirection rule domain name
`(i.e., the host is part of a domain we are proxying traffic to) then Aventail
`Connect creates a false DNS entry (HOSTENT) that it can recognize
`during the connection request. Aventail Connect will forward the hosts
`name to the extranet (SOCKS) server in step 2 and the SOCKS server
`performs the hostname resolution.
`
`,
`
`if the DNS proxy option is enabled and the domain cannot be looked up
`directly, Aventail Connect creates a false DNS entry that it can recog-
`nize later, and returns this to the calling application. The false entry tells
`Aventail Connect that the DNS lookup must be proxied, and‘that it must“
`send the fully qualified hostname to the SOCKS sewer with the SOCKS
`connection request.
`
`Q
`
`CAUTION:
`
`The reverse DNS process can create unexpected
`delays, causing Aventail Connect to behave unpredict-
`ably. Aventail recommends that you do not enable this
`option unless you specifically require the Reverse DNS
`functionality
`
`2. The application requests a connection to the remote host. This causes the
`underlying stack to begin the TCP handshake. When the handshake is com-
`plete, the application is notified that the connection is established and that
`data may now be transmitted and received. Aventail Connect does the
`following:
`
`a. Aventail Connect checks the connection request.
`
`.
`
`-
`
`If the request contains a false DNS entry (from step 1), it will be
`proxied.
`
`If the request contains aroutable ll? address. and the, rulesin thee .
`configuration, tile sax it must be proxied. Aventailponnectwill. call...
`VifinSock to begin, the TCP handshake'with' the server designated
`in the configuration file.
`
`-
`
`If the request contains a reallP address «andrthe configuration file
`rule says that it does not need to; be proxied, the request will be
`passed to VWnSock and processing jumps to step 3 as if Aventail
`Connect were not running.
`b. When the connection is completed, Aventail Connect begins the
`SOCKS negotiation.
`
`-
`
`It sends the list of authentication methods enabled in the configu-
`ration file.
`
`.
`
`' Once the server selects an authenticationmethod, Aventail Con-
`nect executes the specified authentication processing.
`it then sends the proxy request to the' extranet (SOCKS) server.
`This includes either the IP address provided by the application or
`the DNS entry (hostname) provided in step 1.
`c. When the SOCKS negotiation is completed, Aventail Connect notifies
`the application. From the application’s point of view, the entire SOCKS
`
`Aventail Connect 3. 1/2. 6 Administrator’s Guide . 12
`
`Petitioner Apple - Ex. 1022, p. 16
`
`Petitioner Apple - Ex. 1022, p. 16
`
`
`
`Administrators Guide
`
`negotiation, including the authentication negotiation, is merely the TCP
`handshaking.
`
`3. The application transmits and receives data.
`
`if an encryption module is enabled and selected by the SOCKS server, Aven-
`tail Connect encrypts the data on its way to the serveron behalf ofthe appli-
`cation. lf data is being returned, Aventail Connect decrypts it so that the
`application Sees cleartext data.
`
`AVENTAlL CONNECT PLATFORM REQUIREMENTS
`
`The following table lists the minimum system requirements for each of the plat-
`forms that Aventail Connect supports.
`
`
`
`
`
`L
`
` i
`
`Windows 98;
`Windows NT 4.0
`(requires
`Microsofl Service
`Pack 3 or above)
`
`Windows 95;
`Windows NT 3.51
`
`Windows 3.1;
`Windows for
`Workgroups 3.11
`
`x86-based or
`Pentium personal
`computer
`
`x86—based or
`Pentium personal
`computer
`x86-based or
`Pentium personal
`computer
`
`
`
`
`
`16 MB
`
`Network-accessible
`SOCKS v4 or v5 compliant
`server
`
`8 MB
`
`4 MB
`
`A
`
`L
`
`Network-accessible
`SOCKS v4 or v5 compliant
`server
`Network-accessible
`SOCKS v4 or v5 compliant
`server
`
`.J
`
`Aventail Connect 3.1 runs on the following operating systems:
`' Windows 98
`
`~ Vlfindows NT 4.0 (with Service Pack 3 or above, available from
`Microsoft)
`
`- Windows 95, with the Microsoft VWnSock 2 update (To install Aventail
`Connect 3.1, you must upgrade Vlfindows 95 with the Microsoft Win-
`Sock 2 update prior to Aventail Connect installation and setup. lf you do
`not install the Microsoft patch, Aventail Connect 2.6 will be installed.
`For more information, see “What Does Aventail Connect Do?".)
`Aventail Connect 2.6 runs on the following operating systems:
`- Windows 3.1
`
`- Windows for Workgroups 3.11
`- VWndows NT 3.51
`
`- Vlfindows 95, without the Microsoft VWnSock 2 update (lf you do not
`upgrade VWndows 95 with the Microsoft VWnSock 2 update, Aventail
`Connect 2.6 will be installed. For more information, see “What Does
`Aventail Connect 007”.)
`
`Aventail Connect 3. 1/2. 6 Administrator’s Guide - 13
`
`Petitioner Apple - Ex. 1022, p. 17
`
`Petitioner Apple - Ex. 1022, p. 17
`
`
`
`Administrator’s Guide
`
`NOTE: A WinSock-compatible 16- or 32-bit TCP/lP application must be
`installed and configured prior to running Aventail Connect. This
`can be the Microsoft-provided TCP/IP stack or a third—party TCP/
`lP stack.
`
`INTERFACE FEATURES
`
`The following table lists the interface features for each platform. Each of these
`features is discussed in greater detail later in the Administrators Guide.
`
`..‘;,g.'
`
`u»
`
`
`
`
`
`
`Windows 95,
`StamProgra ms
`\Aventail
`Connect menu
`
`Windows 98,
`Vlfindows NT
`4.0
`
`Vlfindows 3.1, f Aventail
`Vlfindows for
`Connect icon
`Workgroups
`in Aventail
`3.11,
`Connect
`Windows NT
`program group
`3.51
`window
`
`Minimized
`on desktop
`
`I
`
`Configure
`during
`setup
`
`
`
`
`Right-click
`Double-click
`In system
`Not
`Extranet
`tray
`available
`Aventail
`Connect
`Neighborhood
`icon in
`icon on
`system tray
`desktop
`Click
`Not available
`Aventail
`Connect
`icon in
`Aventail
`Connect
`program
`group
`L
`window
`__L
`_l
`
`
`
`
`
`
`
`
`1
`
`
`
`_’
`
`INSTALLATION SOURCE MEDIA
`
`Regardless of platform, Aventail Connect can be delivered on CD or as a net-
`work—delivered, self-extracting archive file.
`
`~ CD: The CD contains the Aventail Connect setup program,
`setup. exe. The setup program allows for an administrative setup. It
`also contains the Administrator’s Guide and the User’s Guide in the
`\docs directory, formatted for Adobe® Acrobat Reader.
`
`- Network-delivered Source Media: The network-delivered source
`media is a self-extracting archive containing the required disk/directory
`structure within the archive file. The executable automatically extracts
`the Aventail Connect installation files and initiates setup. The archive
`filename will be similar to 513315 .exe. This archive, or package, will
`also be available on the CD (located in the Utilities directory) to be
`used with the Customizer application. For more information, see the
`“Customizer” section.
`
`Aventail Connect 3. 1/2. 6 Administrator’s Guide . 14
`
`Petitioner Apple - Ex. 1022, p. 18
`
`Petitioner Apple - Ex. 1022, p. 18
`
`
`
`Adm