VPN Procedure - FAQ - University of Toledo

VPN Procedure - FAQ - University of Toledo
UT VPN Frequently Asked Questions
Last Modified 4-4-2008 (PN)
Contents
General Questions .................................................................................................................................................................. 1
Requesting Access ................................................................................................................................................................... 2
Client Support ......................................................................................................................................................................... 3
Downloading Issues ................................................................................................................................................................ 4
Installation Issues .................................................................................................................................................................... 4
Connectivity Issues.................................................................................................................................................................. 5
Performance Issues ................................................................................................................................................................. 7
Application Issues ................................................................................................................................................................... 8
General Questions
Q:
What is VPN?
A:
VPN is an acronym for Virtual Private Network, which is a method to create secured (encrypted) communications
over a public network. While accessing the UT VPN, we are setting up secured communications from your
computer system to the University’s network via the Internet. This enables you to securely use
authorized/approved UT network resources from a location outside the University’s network.
Q:
Help! I don’t know what I’m doing with VPN.
A:
Please review this guide for common questions or give the IT Help Desk a call. They would be happy to assist in
making VPN work for you. The staff can be reached at x2400.
Q:
Will the VPN connection work with my normal network connection?
A:
Yes. In addition, the VPN client is active only when you choose to start it. If the client is not running, then it will
not affect your connection(s).
Q:
Should I use VPN for every time I need to use UT resources?
A:
Only when business needs require an off-campus connection and the service you are trying to reach is not
available through any other standard means.
1
UT VPN Frequently Asked Questions
Last Modified 4-4-2008 (PN)
Q:
Can I access Novell resources through VPN?
A:
Novell resources are currently being phased out of our IT environment, however, we will ensure that these
resources are available, or provide alternative means to access them.
Q:
Why are you forcing me to use VPN? I never had to do that in the past. You’re creating an extra step for me
to do.
A:
Although it is true than an additional step may be required, is the hassle worth compromising the University
network? By using the UT VPN, we are able to put additional and more restrictive security measures in place on
our perimeter network. We are able to block unnecessary protocols by default and help secure the UT network &
infrastructure from external threats. Our new VPN structure will provide an efficient and secure means for
connections from off-campus locations to University resources, while allowing the necessary access for our
faculty and staff.
Q:
Is everything I send over the VPN encrypted?
A:
All packets that are sent across VPN are encrypted and do not require any user interaction to encrypt. However,
files in storage on the system running VPN client software (your computer) or the files placed on the system(s)
you’re connecting to may not be secured. VPN only secures the connection between your system and the UT
network and not the actual files.
Q:
Does the VPN offer virus protection?
A:
No it does not. By agreeing to use our VPN, you have ensured that anti-virus software exists on your system and
is up-to-date and executing correctly.
Requesting Access
Q:
How do I request access to the UT network using VPN?
A:
You must initiate a request from the following website:
http://www.utoledo.edu/depts/it/Security/vpn.html
This FAQ and a request guide, which will help walk you through the process, are available at this website.
2
UT VPN Frequently Asked Questions
Last Modified 4-4-2008 (PN)
Q:
Will my request be automatically granted?
A:
No. VPN is not automatically granted to faculty & staff. You must complete the form in its entirety, gain
supervisor approval, and finally IT must authorize your account. We do want to stress that it is important to be
thorough in your request and provide as much detail to help us understand your need for VPN. It is very helpful to
be specific and name applications and processes that will be involved in your usage. If the business justification
does not state specifics, the request may be held up for further review or denied.
Q:
If I’m denied, does that mean I cannot request access again?
A:
No. If you’ve been denied access, you may complete the request process again. However, you will want to
correct any issues that were experienced in the previous request. Remember, there must be a valid business
justification to use VPN services. If there are alternative means for access, such as a internet-facing website, then
the need for VPN may not be necessary or appropriate.
Client Support
Q:
What are the standard client versions that IT will support?
A:
Microsoft Windows XP and Windows Vista are fully supported by IT.
Q:
Is there an Apple client?
A:
Yes, but it requires a license purchase and is not fully supported at this time. We recommend that the Windows
client be used until we can successfully support the Apple client in its entirety. There is no specific timeline for
having this fully available to all requestors.
Q:
Is there a Linux, Solaris, Windows 64-bit, Windows CE, or (insert platform here) client?
A:
These platforms are not supported and there are no plans to distribute any client software for these platforms
into the future.
Q:
Can I skip using the Nortel VPN client and just set up my own connection?
A:
No. The Nortel VPN client that IT provides is the ONLY VPN software authorized to connect to our network.
Without it, you will not be able to successfully establish a connection.
3
UT VPN Frequently Asked Questions
Last Modified 4-4-2008 (PN)
Downloading Issues
Q:
How do I know I have the appropriate version of the VPN client?
A:
Any version that has been downloaded from myutaccount.utoledo.edu is supported. If you did not download the
client from this location, you may be running an older version. We are currently phasing out legacy client
versions and will be disabling access to all legacy clients in the near future.
As of this writing, the following are the minimum version levels of the Nortel Contivity VPN clients that are
supported:
Windows XP = 7.01
Windows Vista = 6.07.026
Q:
Why does my VPN Client software download take so long?
A:
The speed of the download depends on your ISP (Internet Service Provider). A dial-up connection will be slower
than a DSL or cable connection.
Installation Issues
Q:
Can I use the UT VPN software concurrently with a Cisco VPN client?
A:
Yes, you may have both installed without conflict.
Q:
Will the installation of the UT VPN client interfere with an older version of the Nortel Contivity VPN client?
A:
The only known issue is that you may lose all site information for other networks that have been previously
configured. If you have any non-UT sites configured using an older version of the Contivity client, ensure you
have a backup or another copy of the list, otherwise it may be erased in the installation process.
Q:
I’m having problems installing the Microsoft Vista client.
A:
You must ensure that User Account Control (UAC) is disabled during installation. More details (with screenshots)
can be found at: https://myutaccount.utoledo.edu/help/vistaUAC.asp
4
UT VPN Frequently Asked Questions
Last Modified 4-4-2008 (PN)
Connectivity Issues
•
Check to ensure you have internet access. Do other web locations work?
•
Check to ensure you do not have software or a firewall blocking your VPN attempts. This includes hardwarebased firewalls/routers, personal firewalls, intrusion detection software, or security software suites, such as
McAfee, Norton, or ZoneAlarm.
o
Check to see if your firewall/router allows for “IPSEC Pass-Through” and enable this. All newer Linksys
personal firewall/routers have this enabled by default and many other vendors have similar
configurations.
o
Otherwise, enable: IP Protocol ID 50, IP Protocol ID 51, and UDP port 500 to allow.
o
Access must be granted to vpn.utoledo.edu.
o
For more details, visit: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q233256
Q:
What number do I dial into to get access to the VPN?
A:
You don’t. There is no telephone number for our VPN gateway. Instead, you first establish a connection to the
Internet in whatever way you normally would, then run the UT VPN client software.
Q:
I get this message on my Windows XP computer. What do I do?
A:
You must click on “Unblock” for the Windows XP built-in firewall to allow the VPN client to communicate. You
may also manually enter an exception under Control Panel, Security Center, Windows Firewall, Exceptions.
5
UT VPN Frequently Asked Questions
Last Modified 4-4-2008 (PN)
Q:
There is no connection established once I try connecting to the UT VPN.
A:
The most common cause of this error is a network configuration problem on the network you're using. It's
typically related to a firewall's settings. The error may also indicate you don't have an active network connection.
If you see this error every time you try to connect from any location, you may need to adjust your own
computer's firewall.
If you see this error when you try to connect from a new location, ask the network administrator to adjust the
location's firewall. Many hotels, coffee houses, and similar short-term access locations don't forward all the
information that the VPN needs for a successful connection. If you've been able to successfully use the VPN from
other locations in the past, the error is likely related to this particular site.
Q:
I get the following error: Login failed. Please consult the switch log for further information.
A:
This error typically means that you've mistyped either your username or your password.
Username: Use your UTAD user name. You should not append any suffix, even if you still log into Novell.
Example: jschmoe4
NOT jschmoe4.is
Password: Use your UTAD password.
If retyping your UTAD username and password carefully doesn't correct the problem, you may need to change
your password to correct the issue. To change an account password, go to: http://myutaccount.utoledo.edu and
follow the prompts for changing a password.
If none of these suggestions help, contact the IT Help Desk at x2400.
Q:
How long can I stay connected to UT’s VPN?
A:
We have an inactivity timeout of 15 minutes. If you are actively using the connection, the timeout period is not
enforced. Intentional periods of inactivity are discouraged. By leaving a connection open to the UT network, you
are putting the network at a greater security risk. Please disconnect any open sessions when they will not be
needed.
6
UT VPN Frequently Asked Questions
Last Modified 4-4-2008 (PN)
Q:
How many connections can I have open simultaneously?
A:
We only support one concurrent connection at any given time. You will need to disconnect an established session
to initiate a new one.
Q:
I keep getting disconnected. What may be the cause?
A:
This problem has several possible causes. Here are some common suggestions:
•
Power management / energy saving modes
If you're using a wireless connection and your laptop is unplugged, your computer may be turning off your
wireless network card during times of low activity. Since your computer's VPN client needs to maintain a
constant connection to the VPN server, it won't be able to communicate without the wireless card.
To correct this, adjust your computer's power management or energy saving controls.
Some Windows users may also be affected by the Intel 3945 driver issue. If you are using this chipset, many
problems can be resolved by updating drivers to the latest revisions.
•
Busy wireless network or distance from access point
Your computer may lose its connection to the VPN server briefly. This can happen when the signal strength of
a wireless access point fluctuates or when the wired network connection you are using is too busy to permit
the VPN client to maintain its connection with the VPN server.
If the wireless network is saturated, there's little you can do to prevent disconnections. However, if you're too
far from an access point, try moving to an area where the wireless signal is stronger.
•
Jumping from access point to access point
In areas that contain both multiple wireless signals, Windows may change back and forth between networks
by homing in on whichever signal is stronger at a given moment. The best solution is to only connect to a
specific access point or SSID for the duration of VPN usage.
Q:
I modified the configuration settings and now I don’t know my Group ID and password.
A:
If the configuration parameters of the client are modified, it is recommended to reinstall the client, which will
repopulate the appropriate settings. The IT staff will not distribute these settings.
Performance Issues
Q:
It takes longer to transfer files than when I’m on campus.
A:
VPN performance just like any normal network depends on a number of variables. Cable Modem or DSL operates
at a line rate which is nearly 1/100th of the speed of your normal desktop connection on campus. This means
7
UT VPN Frequently Asked Questions
Last Modified 4-4-2008 (PN)
that VPN is good for client/server applications but is not well suited for transferring large files due to bandwidth
limitations and encryption overhead.
Q:
My system (or network) runs very slow when connected through VPN.
A:
VPN encrypts all traffic flow through the connection, which may be putting an excessive burden on your
processor or system. If your system is very old, we recommend using a faster computer where possible.
Also, VPN over a dial-up modem connection is not an IT supported configuration and it can be extremely slow. It
is recommended to use high-speed internet connections where possible.
Application Issues
Q:
Why doesn’t my program work through VPN?
A:
The University has restrictive policies on what is allowed to be accessed while connected via VPN. If a protocol
doesn’t work and there is a legitimate business need to have this opened while using VPN, please contact the IT
Help Desk for clarification. The experience should mirror an on-campus connection, however, some applications
may be blocked by default due to low demand.
This may also occur if the application you are using is not using a standard port number for the service it is using.
For example, web/http traffic typically uses port 80. If a site uses 8080 instead, it may be blocked. It is helpful to
provide port numbers to the help desk if you believe this is the cause.
Q:
Can I use the full Outlook client over VPN instead of Outlook Web Access?
A:
Yes, communication using the standard Outlook client will successfully connect to Exchange over VPN .
Q:
Can I browse the internet while connected?
A:
Yes, this function will work for common web-browsing protocols, however, all other externally-bound traffic will
be blocked.
8
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising