BNL:  Departments  |  Science  |  ESS&H  |  Newsroom  |  Administration  |  Visitors  |  Directory

search

Virtual Private Network (VPN)

VPN allows remote users to securely access the BNL network through their own personal Internet Service Provider, so that it appears as if their home PC is right on the BNL network.  Only BNL employees can access this service.  In order to utilize this service, users must have a CRYPTOCard token (used to generate a random password for user authentication) and properly configured VPN client software on their PC.

Service Requirements
You must have some form of connectivity to the Internet. Local carriers which are known to work with the Cisco VPN service include Optimum OnLine and Verizon DSL service. Dial-up services should also work, though use of a high-bandwidth service is encouraged.

Patching/Anti-virus Reminder
Once the VPN tunnel is operational into the BNL site, your home computer will essentially be on the BNL network.  All network access from your home computer must therefore abide by the same rules as any other machine on the BNL network, i.e., it is your responsibility to safeguard your computer -- and by extension the BNL network -- by keeping up-to-date with system/security patches and maintaining antivirus software on the computer from which you are tunneling into BNL.

The steps necessary for using VPN to connect to the BNL network are as follows:

  1. Obtain a CryptoCard Token
  2. Download the VPN Client
  3. Install and Configure the VPN Client
  4. Start up the VPN client and establish a VPN tunnel to BNL
  5. Configure Applications You Plan to Run Over VPN
  6. Shut down the VPN tunnel to BNL when done

Additional Info:

  • Known Issues with the Cisco VPN Client
  • Details on BNL's implementation plus operational status (future)
  • CRYPTOCard Token User Guide


Obtain a CryptoCard Token

If you have not done so already, go to the CRYPTOCard Token User Guide web page to obtain a CryptoCard Token. Once you have a CRYPTOCard token, continue to the next steps below.


Download the VPN Client

Once you have a CRYPTOCard token, all you need to do is download and install the VPN client software on your computer, which when configured properly, allows you to communicate with BNL's VPN service.  Currently, Cisco has VPN client software available for any Win32 platform, which covers most Windows-based operating systems in use these days. On the Unix side, there are VPN client packages available for Linux, known to work with Debian, Red Hat, and Mandrake. There is also a VPN client available for Apple OS X systems and Sun SPARC based Solaris systems.

To download the VPN Client, click on the Tunnel Use Advisory button below. After reading the advisory, press the acceptance button located at the bottom of the page to continue to a login screen for downloading the VPN client software.  BNL users will be able to access the VPN Clients download page either onsite or offsite by using one of the following login methods:

  • By entering in your [BNL\username] Domain credentials, OR
  • By entering the current VPN Client Password, as obtained from the ITD Helpdesk (at 631-344-5522), assuming you do not have a BNL Domain account.


Install and Configure the Client

Once downloaded, you need to install the VPN client software on your computer; depending on your operating system, you may also need to configure the client once installed. (clients require configuration before using with the BNL VPN service.)

Click on the link below corresponding to the type of VPN client you have downloaded for instruction on installation and configuration:

Note: In the event you need to reconfigure the Windows VPN client, click on the following link for specific information on how to do so.


Start Up the VPN Client & Establish a BNL Tunnel

With your CRYPTOCard token ready for use, start up your VPN Client application.  Click once on the connection entry for BNL (BNLVPN) which will highlight it, then click on the CONNECT button to start up a VPN tunnel to BNL.  Turn on your CRYPTOCard token and generate a CRYPTOCard password.  Enter your CRYPTOCard username and your CRYPTOCard password at the VPN login screen and click CONNECT to start up your VPN tunnel.  Once you've established your connection, you may minimize any remaining VPN screens.

See Screen Captured Image


Configure Applications You Plan to Run Over VPN

When you are connected to BNL through a VPN tunnel, you may need to make some adjustments to certain applications on your home computer, so they interact properly with servers/services at BNL.   For instance, if you plan on surfing the Internet while connected to BNL via VPN, you need to set your web browser for BNL's web proxy, exactly as you do with your BNL computer at work.  Likewise, if you want to use your Microsoft Outlook service as you do while at work, there are specific instructions to follow in order to do so.  See the following links for application-specific configuration instructions when connected to BNL via VPN.

  • Configuring Your Web Proxy for browsing the Internet via VPN
  • Configuring Microsoft Outlook
  • Microsoft Remote Desktop (Windows & Mac) - With Remote Desktop Connection, you can easily connect to a terminal server or to any computer running Remote Desktop. All you need is network access and permissions to connect to the other computer.
  • Symantec pcAnywhere - Symantec's PcAnywhere can be a great tool to use to connect to your work machine and avoid having special configurations valid only when VPN is active. But care must be taken to securely configure it so that the world doesn't also enjoy that convenience. For this reason it's strongly suggested that Windows 95 or 98 not be used due to the insecure nature of these 'home' operating systems.


Shut Down VPN Tunnel When Done

Before turning off your computer, you need to shut down any existing VPN tunnels.  Prior to shutting down a VPN tunnel, you may also need to shut down any applications that depend on their BNL connection to run properly.  For instance, if you've configured Outlook to run over VPN per the directions on this web page, you need to shut down Outlook before ending your VPN tunnel.  Once you've cleanly ended programs that rely on your BNL connection, you may shut down (or disconnect) your VPN tunnel.

See Screen Captured Image


Additional Information

If you have a question that is not addressed in these pages, please send an email to itdhelp@bnl.gov.

Top of Page

Last Modified: April 30, 2008
Please forward all questions about this site to: Web Services
 


DOE, Office of ScienceOne of ten national laboratories overseen and primarily funded by the Office of Science of the U.S. Department of Energy (DOE), Brookhaven National Laboratory conducts research in the physical, biomedical, and environmental sciences, as well as in energy technologies and national security. Brookhaven Lab also builds and operates major scientific facilities available to university, industry and government researchers. Brookhaven is operated and managed for DOE’s Office of Science by Brookhaven Science Associates, a limited-liability company founded by Stony Brook University, the largest academic user of Laboratory facilities, and Battelle, a nonprofit, applied science and technology organization.

Privacy and Security Notice  | Contact Web Services for help