File Changes.txt: 1. Corrected behaviour with some external personal firewalls. 2. When using RSA SIG (Certificates) the client enforced IKE ID type to ASN1 Distinguished Name independent of the configured IKE ID type. Due to feedback from different partners this has now been changed. The client now for RSA SIG uses the configured IKE ID type. For current installations using RSA SIG and where ASN1 DN is used, please check that the IKE ID Type is set to "ASN1 Distinguished Name". The content of the IKE ID is in this case irrelevant. 3. Support for Netscreen XAUTH and Mode Config (IKECFG). 4. Prompt for XAUTH password if field is left empty. 5. Re-keying of IKE (phase I) without disconnecting fixed. 6. Added support to run concurrently with basically any external firewall. When an external firewall is installed the NCP firewall should be turned off. 7. When the RAS dialer and not the NCP internal dialer was used to create the provider connection, the VPN connection worked properly. After a disconnect and a second connect the tunnel was established but it was not possible to communicate over the tunnel. This is now corrected. 8. When using RSA-Signatures (Certificates) the client enforced MAIN mode. This behaviour has now been changed in such a way that the client always uses the configured exchange mode. BINTEC Entry Client ver 1.0 build 84: changes to all previous versions and builds - 1. Problem with de-installation when using WINXP (SP2) fixed. Before de-installing the NCP Entry Client please update with this build and then reboot. After reboot you can de-install the NCP Entry Client. BINTEC Entry Client ver 1.0 build 85 (08-09-2004): changes to previous version - 1. Hybrid Authentication Mode (eg. CheckPoint XAUTH) now supported. 2. COSINE IKECFG mode corrected. 3. When the client receives unencrypted data in crypto state during the IKE negotiation it will no longer send a NOTIFY("SITUATION_NOT_SUPPORTED"). This caused some gateways to terminate the IKE negotiation.