`. ONNECT
`C
`v3.01lv2.51
`,
`
`•
`
`' .
`
`,
`
`• ,
`
`, ,
`
`Administrator's Guide
`Windows
`
`Petitioner RPX Corporation - Ex. 1007, p. 1
`
`
`
`AVENTAIL CONNECT 3.01/2.51 ADMINISTRATOR’S GUIDE
`
`© 1996-1999 Aventail Corporation. All rights reserved.808 Howell Street, Second FloorSeattle, WA 98101USA
`
`http://www.aventail.com/
`
`TRADEMARKS AND COPYRIGHTS
`
`Aventail is a registered trademark of Aventail Corporation. AutoSOCKS, Internet Pol-icy Manager, Aventail VPN, Aventail VPN Client, Aventail ExtraNet Center, and Aven-tail ExtraNet Server are trademarks of Aventail Corporation.Socks5Toolkit is a trademark of NEC Corporation. MD4 Message-Digest Algorithm and MD5 Message-Digest Algorithm are trademarks of RSA Data Security, Inc. Microsoft, MS, Windows, Windows 95, Windows 98, and Windows NT are either regis-tered trademarks or trademarks of Microsoft Corporation. RealAudio is a trademark of RealNetworks. SecurID, SoftID, ACE/Server, and SDTI are either registered trade-marks or trademarks of Security Dynamics Technologies, Inc.Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are the sole property of their respective manufacturers.© 1995-1996 NEC Corporation. All rights reserved.© 1990-1992 RSA Data Security, Inc. All rights reserved.© 1996 Hi/fn Inc., including one or more U.S. patents: 4701745, 5016009, 5126739, and 5146221, and other patents pending.© 1996-1997 Consensus Development Corporation. All rights reserved.
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • i
`
`Petitioner RPX Corporation - Ex. 1007, p. 2
`
`Printed in the United States of America.
`
`
`Table of Contents
`
` Table of Contents
`
`INTRODUCTION
`
`About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Document Organization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Document Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Aventail Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5About Aventail Corporation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
`
`ADMINISTRATOR’S GUIDE
`
`Getting Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Network Security in a Nutshell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6What is Aventail Connect? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7What Does Aventail Connect Do? . . . . . . . . . . . . . . . . . . . . . . . . . . . 9How Does Aventail Connect Work? . . . . . . . . . . . . . . . . . . . . . . . . . 11Aventail Connect Platform Requirements. . . . . . . . . . . . . . . . . . . . . 13Interface Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Installation Source Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Installing Aventail Connect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Customized Configuration and Distribution. . . . . . . . . . . . . . . . . . . . 15Individual Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Network Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Administrative Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Customizer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Configuring Aventail Connect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Define an Extranet (SOCKS) Server. . . . . . . . . . . . . . . . . . . . . . . . . 33Define a Destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Enter Redirection Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Define Local Name Resolution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Manage Authentication Modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Advanced Tab Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Enable Password Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Multiple Firewall Traversal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59The Certificate Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Example Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Configuration Using Aventail ExtraNet Server . . . . . . . . . . . . . . . . . 72
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • ii
`
`Petitioner RPX Corporation - Ex. 1007, p. 3
`
`Trademarks and Copyrights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
`
`
`Table of Contents
`
`UTILITIES REFERENCE GUIDE
`
`System Menu Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75Close. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75Hide Icon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76About. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Config Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Logging Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79S5 Ping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Secure Extranet Explorer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90How Extranet Neighborhood Works . . . . . . . . . . . . . . . . . . . . . . . . . 91Installing Extranet Neighborhood . . . . . . . . . . . . . . . . . . . . . . . . . . . 92Configuring Extranet Neighborhood . . . . . . . . . . . . . . . . . . . . . . . . . 92SEE Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
`
`TROUBLESHOOTING
`
`Aventail Connect Installation Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . 102Network Connectivity Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103Aventail Connect Configuration Problems. . . . . . . . . . . . . . . . . . . . . . . . . 103Application and TCP/IP Stack Interoperability Problems. . . . . . . . . . . . . . 105Aventail Connect Trace Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Error Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106Reporting Aventail Connect Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
`
`GLOSSARY
`INDEX
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • iii
`
`Petitioner RPX Corporation - Ex. 1007, p. 4
`
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
`. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
`
`
`Welcome to the Aventail Connect 3.01/2.51 secure Windows client for 16- and 32-bit Windows applications. The client component of the Aventail ExtraNet Center, Aventail Connect is a secure proxy client based on SOCKS 5, the IETF standard for authenticated firewall traversal. Aventail Connect delivers enhanced security and simplifies SOCKS deployment for users and network managers.Aventail Connect redirects WinSock calls and reroutes them based upon a set of routing directives (rules) assigned when Aventail Connect is configured. (For more information about WinSock, TCP/IP, and general network communications, see “Getting Started.”)On larger networks, Aventail Connect can address multiple SOCKS 5 servers based on end destination and type of service. This feature enables network administrators to effectively monitor and direct network traffic.Aventail Connect is a proxy client, but when used with SSL it provides the ability to encrypt inbound or outbound information.Features of Aventail Connect:•Aventail Connect supports X.509 client certificates for strong authenti-cation with SSL (when encryption is enabled)•Automated Customizer utility simplifies client configuration, distribution, and installation •SSL compression detects low bandwidth connections and compresses encrypted data (when encryption is enabled)•Secure Extranet Explorer (via
` icon on desk-top) allows users to securely access Windows or SMB hosts over an extranet connection (Windows 95, Windows 98, and Windows NT 4.0 only) •Supports WinSock 2.0 (LSP) applications in Windows 98, and Windows NT 4.0, and WinSock 1.1 and WinSock 2.0 applications in Windows 95•Supports WinSock 1.1 applications in Windows 3.1, Windows for Work-groups 3.11, and Windows NT 3.51•MultiProxy feature allows you to use a SOCKS server or an HTTP proxy to control outbound access•Allows the use of port ranges for redirection rules•Provides integration with SoftID™ and SecurID™ tokens•Provides automated installation and uninstallation•Credential cache timeout feature allows administrators to specify when credentials expire•Provides optional password protection for configuration files•Supports both SOCKS v4 and SOCKS v5 (RFC 1928 and RFC 1929) standards
`
`Extranet Neighborhood
`
`Introduction
`
`Introduction
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • 1
`
`Petitioner RPX Corporation - Ex. 1007, p. 5
`
`
`
`Introduction
`
`•Enables network redirection through successive extranet (SOCKS) servers•Includes a logging utility to troubleshoot problems with network connec-tions•Includes a Configuration wizard for simplified step-by-step creation of configuration files•Allows internal network connections to pass through without interfer-ence•Supports multiple authentication methods including SOCKS v4 identifi-cation, username/password, CHAP, CRAM, HTTP Basic (username/password), and SSL 3.0.
`
`SEE ALSO: For more information on the differences between
`Aventail Connect 3.01 and Aventail Connect 2.51,
`see “What Does Aventail Connect Do?” in the Admin-
`istrator’s Guide.
`
`NOTE: Not all versions of Aventail Connect have encryption
`enabled.
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • 2
`
`Petitioner RPX Corporation - Ex. 1007, p. 6
`
`
`
`Introduction
`
`ABOUT THIS DOCUMENT
`Administrator’s Guide
`
` provides basic information about Aventail Connect. It includes entry-level data for non-technical users, plus installation, setup, and configuration information for network administrators. This information is also available via Aventail Connect Help and the Aventail Web site athttp://www.aventail.com/content/products/docs/
`
`DOCUMENT ORGANIZATION
`
`ties Reference Guide
`Troubleshooting
`. The
`Administrator’s Guide
`
`
`
`Administrator’s GuideUtili-
`
`Utilities Reference Guide
`
` describes procedures for setting up, installing, and configuring Aventail Connect for individual and multiple networked workstations. It also describes how to create a customized Aventail Connect package for distri-bution to multiple users.The
` describes the Aventail Connect system menu commands and utility programs. It contains detailed information about using the S5 Ping utility and the Logging Tool, and documents the authentication/encryp-tion modules and settings.The document concludes with
`.You can also use the Quick Start Card, a short document designed to help you install Aventail Connect to an individual workstation, and the Aventail Connect flowchart, athttp://www.aventail.com/contents/solutions/presentations/quickstart/
`
`Troubleshooting
`
`Glossary
`
`vpnclient.pdf
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • 3
`
`Petitioner RPX Corporation - Ex. 1007, p. 7
`
`This
`.
`This document is divided into three main sections:
`,
`, and
` and the
`.
`
`
`Introduction
`
`DOCUMENT CONVENTIONS
`
`The following typographic conventions are used in this document. Exceptions may be made for online material; for instance, italics may be difficult to read online.ConventionUsageCourier fontFilenames, extensions, directory names, keynames, and pathnames.Command-line commands, options, and portions of syntax that must be typed exactly as shown.
`
`Bold
`
`Italic
`
`Edit…
`support@aventail.com
`buttons), e-mail addresses (
`www.aventail.com
`), URLs, (
`165.121.6.26
`), and IP addresses (
`
`Placeholders that represent information the user must insert.
`
`SEE ALSO: A reference to additional useful information.
`
`NOTE:
`
`Information the user should be aware of to increase
`understanding and/or efficiency of the software.
`
`CAUTION: An operational item that the user should be aware of to
`avoid a network policy/software conflict, or lapse, which
`may create a MINOR security flaw.
`
`WARNING: An operational item that the user should be aware of to
`avoid a network policy/software conflict, or lapse, which
`may create a SERIOUS security flaw.
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • 4
`
`Petitioner RPX Corporation - Ex. 1007, p. 8
`
` Dialog box controls (
`).
`
`
`Introduction
`
`AVENTAIL TECHNICAL SUPPORT
`
`Contact Aventail Technical Support if you have questions about installation, con-figuration, or general usage of Aventail Connect. Refer to the Aventail Support Web site, at
`
`http://www.aventail.com/index.phtml/support/
`online_support.phtml
`http://www.aventail.com/index.phtml?page_id=03110000
`
`Administrator’s Guide
`
`, for the latest tech-nical notes and information. Refer to the readme.txt documentation for addi-tional information not included in the
`.Aventail Technical Support:Web site:
`
`http://www.aventail.com/index.phtml/support/index.phtml
`support@aventail.com
`
`Phone: 206.215.0078Fax: 206.215.1120
`
`ABOUT AVENTAIL CORPORATION
`
`Aventail Corporation is the leading vendor of extranet software. Its extranet solu-tions allow organizations to secure their networked communications and man-age their employees’ access to the Internet. Building an extranet gives organizations the ability to dynamically create a private communication or data channel over the Internet. Aventail’s adherence to open security standards sim-plifies extranet deployment, enables interoperability, and leverages corporations’ existing network investments. Its extranet solutions allow companies to extend the reach of their corporate extranets to customers, partners, remote offices, and worldwide employees.Aventail Corporation808 Howell Street, Second FloorSeattle, WA 98101Phone:206.215.1111Fax:206.215.1120http://www.aventail.com/
`
`info@aventail.com
`
`An aventail is a piece of chainmail armor worn around the neck area. In the 14th century, knights wore an aventail to protect themselves while in combat. Today, Aventail continues the tradition of protection by allowing organizations to securely communicate over the Internet.
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • 5
`
`Petitioner RPX Corporation - Ex. 1007, p. 9
`
`, or the Aventail Knowledge Base, at
`E-mail:
`
`
`Administrator’s Guide
`
` Administrator’s Guide
`
`This section includes procedural and background information on installing Aven-tail Connect on both single and networked workstations. It includes:•"Getting Started," with brief explanations of network security and com-munications•Definitions of SOCKS and Aventail Connect•Aventail Connect platform and installation requirements, with an intro-duction to WinSock 2.0 and LSP architecture•"Installing Aventail Connect," which includes network diagrams of Aventail ExtraNet Center and SOCKS v4-based server configurations•Directions on how to create and edit configuration files, and an intro-duction to the Aventail Customizer
`
`NOTE: Aventail understands the importance of a flexible, easy-to-use
`installation process. If you have feedback regarding the Aventail
`Connect installation procedures, or if there are additional features
`you want to see implemented, please e-mail comments to sup-
`port@aventail.com. Your input is appreciated.
`
`GETTING STARTED
`
`If you are new to Aventail Connect technology, the following section will help you understand what Aventail Connect is and does, and its relationship to network security in general.
`NETWORK SECURITY IN A NUTSHELL
`
`Escalating security threats are forcing companies to seek ways to safeguard their corporate networks and the information they exchange. The first response to these concerns has been the development of security firewalls—software bar-riers that control the flow of information. But firewalls are not designed to handle complex security issues, such as monitoring network usage, providing private communication over public networks, and enabling remote users to gain secure access to internal network resources.Enter SOCKS v5, an Internet Engineering Task Force (IETF)-approved security protocol targeted at securely traversing corporate firewalls. SOCKS was origi-nally developed in 1990, and is now maintained by NEC. SOCKS acts as a cir-cuit-level proxy mechanism that manages the flow and security of data traffic to and from your local area network (LAN) or extranet. An application whose traffic
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • 6
`
`Petitioner RPX Corporation - Ex. 1007, p. 10
`
`
`
`Administrator’s Guide
`
`NOTE: Not all versions of Aventail Connect include the SSL module for
`encryption.
`
`WHAT IS AVENTAIL CONNECT?
`
`is proxied by SOCKS is considered “socksified.” SOCKS is more than a stan-dard security firewall. Other features:•Client Authentication: (SOCKS v5 only) Authentication allows network managers to provide selected user access to internal and external areas of a network.•Traffic Encryption: (SOCKS v5 only) Encryption ensures that network traffic is private and secure.•UDP Support: (SOCKS v5 only) User Datagram Protocol (UDP) traffic has traditionally been difficult to proxy, with the exception of SOCKS v5.•Aventail Connect supports X.509 client certificates within SSL: Includes a Certificate wizard for generating and processing client certificate requests.•Cross-Platform Support: Unlike many other security solutions, SOCKS can be used on various platforms, such as Windows NT, Windows 95, Windows 98, and various forms of UNIX.
`Aventail Connect is the client component of the Aventail ExtraNet Center. Aven-tail Connect works with the Aventail ExtraNet Server, the SOCKS 5 server com-ponent of the Aventail ExtraNet Center. You can use Aventail Connect as a simple proxy client for managed outbound access, and for secure inbound access.Aventail Connect automates the “socksification” of Transmission Control Proto-col/Internet Protocol (TCP/IP) client applications, making it simple for worksta-tions to take advantage of the SOCKS v5 protocol. When you run Aventail Connect on your system, it automatically routes appropriate network traffic from a WinSock application to an extranet (SOCKS) server, or through successive servers. (WinSock is a Windows component that connects a Windows PC to the Internet using TCP/IP.) The SOCKS server then sends the traffic to the Internet or the external network. Network administrators can define a set of rules that route this traffic.Aventail Connect is designed to run transparently on each workstation, without adding overhead to the user’s desktop. In most cases, users will interact with Aventail Connect only when it prompts them to enter authentication credentials for a connection to a secure extranet (SOCKS) server. Users may also occasion-ally need to start and exit Aventail Connect, although network administrators often configure it to run automatically at startup. Aventail Connect does not require administrators to manually establish an encrypted tunnel; Aventail Con-nect can establish an encrypted tunnel automatically.To understand Aventail Connect, you first need to understand a few basics ofTCP/IP communications.
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • 7
`
`Petitioner RPX Corporation - Ex. 1007, p. 11
`
`
`
`Administrator’s Guide
`
`TCP/IP COMMUNICATIONS
`
`Windows TCP/IP networking applications (such as telnet, e-mail, Web browsers, and ftp) use WinSock (Windows Sockets) to gain access to networks or the Internet. WinSock is the core component of TCP/IP under Windows, and is the interface that most Windows applications use to communicate to TCP/IP.
`
`WINSOCK CONNECTION TO A REMOTE HOST
`
`Via WinSock, an application goes through the following steps to connect to a remote host on the Internet or corporate extranet:1.The application executes a Domain Name System (DNS) lookup to convert the hostname into an Internet Protocol (IP) address. If the application already knows the IP address, this step is skipped.2.The application requests a connection to the specified remote host. This causes the underlying stack to begin the TCP handshake, when two comput-ers initiate communication with each other. When the handshake is complete, the application is notified that the connection is established, and data can then be transmitted and received.3.The application sends and receives data.
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • 8
`
`Petitioner RPX Corporation - Ex. 1007, p. 12
`
`
`
`WHAT DOES AVENTAIL CONNECT DO?
`
`Administrator’s Guide
`
`Aventail Connect slips in between WinSock and the underlying TCP/IP stack. (See diagram below.) As an application that sits between WinSock and the TCP/IP stack, Aventail Connect 3.01 is a Layered Service Provider (LSP). Aventail Connect can change data (compressing it or encrypting it, for example) before routing it to the TCP/IP stack for transport over the network. The routing is deter-mined by the rules described in the configuration file.Windows TCP/IP applications and Aventail Connect have no direct contact with one another; instead, each of them communicates through WinSock. Multiple LSP applications can be installed at the LSP level.
`
`_w , TepM' "PIkotoo
`(u,e, el her_Soc, 1.1 c<
`_Soc,2)
`
`",,,,,,,,,1.1
`(~> -
`~",,,,,,,,,~
`
`_Soc, 2
`
`Aventail Connect
`(Layered Seroi<e Prowider)
`
`~ipIe LSP, con
`be "' ,;j~ ot je;,
`
`."
`
`TepM' ,;joe,
`
`Phy,cot ne!wc<,
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • 9
`
`Petitioner RPX Corporation - Ex. 1007, p. 13
`
`
`
`NOTE: Aventail Connect does not alter or replace WinSock or any other
`core TCP/IP components (files) provided by the operating system.
`
`Administrator’s Guide
`
`When the Aventail Connect LSP receives a connection request, it determines whether or not the connection needs to be redirected (to an Aventail ExtraNet Server) and/or encrypted (in SSL). When redirection and encryption are not nec-essary, Aventail Connect simply passes the connection request, and any subse-quent transmitted data, to the TCP/IP stack.The two most popular versions of WinSock are version 1.1 and version 2. Aven-tail Connect 3.01, like all LSPs, requires WinSock 2.0; WinSock 1.1 does not support LSPs. WinSock 2.0 includes backward-compatibility with all WinSock 1.1 applications. Not every platform supports WinSock 2.0 and its LSP structure.•Windows 98 and Windows NT 4.0 support WinSock 2.0 natively. (Win-dows NT 4.0 requires Service Pack 3 or above, available from Microsoft.)•Windows 95 supports WinSock 1.1. Windows 95 can also support Win-Sock 2.0, but you must install a Microsoft patch to add support for Win-Sock 2.0.•Windows 3.1, Windows for Workgroups 3.11, and Windows NT 3.51 do not support WinSock 2.0; they support only WinSock 1.1.For those platforms that do not support WinSock 2.0 and LSP applications, Aventail includes Aventail Connect 2.51 on the Aventail Connect 3.01/2.51 CD. Aventail Connect 2.51 was designed for operating systems that support only WinSock 1.1. For Windows 3.1, Windows for Workgroups 3.11, or Windows NT 3.51 operating systems, setup will install Aventail Connect 2.51. If you are work-ing on a Windows 95 operating system, setup will detect whether you have installed the Microsoft Windows 95 WinSock 2.0 Update. If setup detects the Microsoft update, which upgrades Windows 95 to support WinSock 2.0, setup will install Aventail Connect 3.01. If setup does not detect the Microsoft update, it will install Aventail Connect 2.51.The Aventail Connect 2.51 user interface is identical to that of Aventail Connect 3.01; however, Aventail Connect 3.01 includes MultiProxy (see “Multiple Firewall Traversal”). Aventail Connect 2.51 does not include MultiProxy.In the future, more Windows applications may require WinSock 2.0.During installation, setup determines which version of Aventail Connect to install. On WinSock 2.0 platforms, Aventail Connect 3.01 is installed. On WinSock 1.1 platforms, Aventail Connect 2.51 is installed. The following table shows how setup determines which version of Aventail Connect to install.
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • 10
`
`Petitioner RPX Corporation - Ex. 1007, p. 14
`
`
`
`Administrator’s Guide
`
`You can create custom packages that include one or both versions of Aventail Connect (3.01 and 2.51) Setup will determine which version to install on each workstation. (For more information, see “Customizer.”)
`WINDOWS 95 AND WINSOCK
`
`The Microsoft Windows 95 WinSock 2.0 Update upgrades WinSock 1.1 to Win-Sock 2.0 in Windows 95. This patch (filename w95ws2setup.exe) is available from the Microsoft Web site, at
`
`http://www.microsoft.com/windows/down-
`loads/contents/Updates/W95Sockets2/default.asp
`
`The following three steps are identical to standard WinSock communications steps described above; however, nested inside them are additional actions and options introduced by Aventail Connect.1.The application does a DNS lookup to convert the hostname to an IP address. If the application already knows the IP address, this entire step is skipped. Otherwise, Aventail Connect does the following:•If the hostname matches a local domain string or does not match a redi-rection rule, Aventail Connect passes the name resolution query through to the TCP/IP stack on the local workstation. The TCP/IP stack performs the lookup as if Aventail Connect were not running.•If the destination hostname matches a redirection rule domain name (i.e., the host is part of a domain we are proxying traffic to) then Aventail Connect creates a false DNS entry (HOSTENT) that it can recognize Operating SystemWinSock SupportAventail Connect Version InstalledWindows 98,Windows NT 4.0WinSock 2.0Aventail Connect 3.01Windows 95With Microsoft patch: WinSock 2.0Aventail Connect 3.01Without Microsoft patch: WinSock 1.1Aventail Connect 2.51Windows 3.1,Windows for Workgroups 3.11,Windows NT 3.51WinSock 1.1Aventail Connect 2.51
`
`. Unless you need specific Aventail Connect 3.01 features, Aventail recommends that you do not upgrade from WinSock 1.1 to WinSock 2.0. If you do not upgrade to WinSock 2.0, Aven-tail Connect 2.51 will be installed.If you do need to install the Microsoft Windows 95 WinSock 2.0 Update, follow the instructions provided by Microsoft. Reboot your computer after upgrading, prior to installing Aventail Connect.
`
`HOW DOES AVENTAIL CONNECT WORK?
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • 11
`
`Petitioner RPX Corporation - Ex. 1007, p. 15
`
`
`
`Administrator’s Guide
`
`during the connection request. Aventail Connect will forward the host-name to the extranet (SOCKS) server in step 2 and the SOCKS server performs the hostname resolution.•If the DNS proxy option is enabled and the domain cannot be looked up directly, Aventail Connect creates a fake DNS entry that it can recog-nize later, and returns this to the calling application. The false entry tells Aventail Connect that the DNS lookup must be proxied, and that it must send the fully qualified hostname to the SOCKS server with the SOCKS connection request.2.The application requests a connection to the remote host. This causes the underlying stack to begin the TCP handshake. When the handshake is com-plete, the application is notified that the connection is established and that data may now be transmitted and received. Aventail Connect does the follow-ing:a.Aventail Connect checks the connection request.•If the request contains a false DNS entry (from step 1), it will be proxied.•If the request contains a routable IP address, and the rules in the configuration file say it must be proxied, Aventail Connect will call WinSock to begin the TCP handshake with the server designated in the configuration file.•If the request contains a real IP address and the configuration file rule says that it does not need to
`be proxied, the request will be passed to WinSock and processing jumps to step 3 as if Aventail Connect were not running.b.When the connection is completed, Aventail Connect begins the SOCKS negotiation.•It sends the list of authentication methods enabled in the configu-ration file.•Once the server selects an authentication method, Aventail Con-nect executes the specified authentication processing.•It then sends the proxy request to the extranet (SOCKS) server. This includes either the IP address provided by the application or the DNS entry (hostname) provided in step 1.c.When the SOCKS negotiation is completed, Aventail Connect notifies the application. From the application’s point of view, the entire SOCKS negotiation, including the authentication negotiation, is merely the TCP handshaking.3The application transmits and receives data.If an encryption module is enabled and selected by the SOCKS server, Aven-tail Connect encrypts the data on its way to the server on behalf of the appli-cation. If data is being returned, Aventail Connect decrypts it so that the application sees cleartext data.
`
`
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • 12
`
`Petitioner RPX Corporation - Ex. 1007, p. 16
`
`
`
`AVENTAIL CONNECT PLATFORM REQUIREMENTS
`
`Administrator’s Guide
`
`The following table lists the minimum system requirements for each of the plat-forms that Aventail Connect supports.Aventail Connect 3.01 runs on the following operating systems:•Windows 98•Windows NT 4.0 (with Service Pack 3 or above, available from Microsoft)•Windows 95, with the Microsoft WinSock 2.0 update (To install Aventail Connect 3.01, you must upgrade Windows 95 with the Microsoft Win-Sock 2.0 update prior to Aventail Connect installation and setup. If you do not install the Microsoft patch, Aventail Connect 2.51 will be installed. For more information, see “What Does Aventail Connect Do?”.)Aventail Connect 2.51 runs on the following operating systems:•Windows 3.1•Windows for Workgroups 3.11•Windows NT 3.51•Windows 95, without the Microsoft WinSock 2.0 update (If you do not upgrade Windows 95 with the Microsoft WinSock 2.0 update, Aventail Connect 2.51 will be installed. For more information, see “What Does Aventail Connect Do?”.)PlatformProcessorRAMExtranet (SOCKS) ServerWindows 98; Windows NT 4.0 (requires Microsoft Service Pack 3 or above)x86-based or Pentium personal computer16 MBNetwork-accessible SOCKS v4 or v5 compliant serverWindows 95; Windows NT 3.51x86-based or Pentium personal computer8 MBNetwork-accessible SOCKS v4 or v5 compliant serverWindows 3.1; Windows for Workgroups 3.11x86-based or Pentium personal computer4 MBNetwork-accessible SOCKS v4 or v5 compliant server
`
`NOTE: A WinSock-compatible 16- or 32-bit TCP/IP application must be
`installed and configured prior to running Aventail Connect. This
`can be the Microsoft-provided TCP/IP stack or a third-party TCP/
`IP stack.
`
`Aventail Connect 3.01/2.51 Administrator’s Guide • 13
`
`Petitioner RPX Corporation - Ex. 1007, p. 17
`
`
`
`INTERFACE FEATURES
`
`The following table lists the interface features for each platform. Each of these features is discussed in greater detail later in the
`
`Administrator’s Guide
`
`Administrator’s Guide
`
`Connect
`
`Neighborhood
`
` icon in system trayDouble-click Extranet
` icon on desktopIn system trayNot availableWindows 3.1,Windows for Workgroups 3.11,Windows NT 3.51
` icon in Aventail Connect program group windowClick Aventail
` icon in Aventail Connect program group windowNot availableMinimized on desktopConfigure during setup
`
`Aventail
`Connect
`
`Connect
`
`: The network-delivered source media is a self-extracting archive containing the required disk/directory structure within the archive file. The executable automatically ext