Virtual Private Network (VPN)
VPN allows remote users to securely access the BNL network
through their own personal Internet Service Provider, so that it appears as if
their home PC is right on the BNL network. Only BNL employees
can access this service. In order to utilize
this service, users must have a CRYPTOCard token (used to
generate a random password for user authentication) and properly configured VPN client software on their PC.
Service Requirements
You must have some form of connectivity to the Internet. Local
carriers which are known to work with the Cisco VPN service include
Optimum OnLine and Verizon DSL service. Dial-up services should also
work, though use of a high-bandwidth service is encouraged.
Patching/Anti-virus Reminder
Once the VPN tunnel is operational into the BNL site, your home computer will
essentially be on the BNL network. All network
access from your home computer must therefore abide by the same
rules as any other machine on the BNL network, i.e., it is your
responsibility to safeguard your computer -- and by extension the BNL
network -- by keeping up-to-date with system/security patches and maintaining antivirus
software on the computer from which you are tunneling into BNL.
The
steps necessary for using VPN to connect to the BNL network are as follows:
-
Obtain a CryptoCard Token
-
Download the VPN Client
-
Install
and Configure the VPN Client
-
Start up the VPN client and establish a VPN tunnel to BNL
-
Configure Applications You Plan to
Run Over VPN
-
Shut down the VPN tunnel to BNL when done
Additional Info:
- Known Issues with the Cisco VPN Client
- Details on BNL's implementation plus operational status
(future)
- CRYPTOCard Token User Guide
Obtain a
CryptoCard Token
If you have not done so already, go to the CRYPTOCard Token User Guide web page
to obtain a CryptoCard Token.
Once you have a CRYPTOCard token, continue to the next steps below.
Download
the VPN Client
Once you have a CRYPTOCard token, all you need to do is download
and install the VPN client software on your computer, which when
configured properly, allows
you to communicate with BNL's VPN service. Currently, Cisco has VPN
client software available for any Win32 platform, which covers
most Windows-based operating systems in use these days. On the Unix side, there are VPN client packages available for Linux, known to work with
Debian, Red Hat, and Mandrake. There is also a VPN client
available for Apple OS X systems and Sun SPARC based Solaris
systems.
To download the VPN Client, click on the
Tunnel Use Advisory button below. After reading the
advisory, press the acceptance
button located at the bottom of the page to continue to a login
screen for downloading the VPN client software. BNL users will be able to access the VPN Clients
download page either onsite
or offsite by using one of the following login methods:
- By entering in your [BNL\username] Domain credentials, OR
- By entering the current VPN Client Password, as obtained
from the
ITD Helpdesk (at 631-344-5522),
assuming you do not have a BNL Domain account.
Install
and Configure the Client
Once downloaded, you need to install the VPN client
software on your computer; depending on your operating system,
you may also need to configure the client once
installed. (clients require configuration before using with the BNL VPN
service.)
Click on the link below corresponding to the type of VPN
client you have downloaded for instruction on installation and
configuration:
Note: In the event you
need to reconfigure the Windows VPN client, click on the
following link for specific information on how to do so.
Start Up the VPN Client & Establish a BNL Tunnel
With your CRYPTOCard token ready for use, start up your VPN
Client application. Click once on the connection entry for BNL
(BNLVPN) which will highlight it, then click on the CONNECT
button to start up a VPN
tunnel to BNL. Turn on your CRYPTOCard token and generate a
CRYPTOCard password. Enter your CRYPTOCard username and your
CRYPTOCard password at the VPN login screen and click CONNECT to
start up your VPN tunnel. Once you've established your
connection, you may minimize any remaining VPN screens.
See Screen Captured
Image
Configure Applications You Plan to
Run Over VPN
When you are connected to BNL through a VPN tunnel, you may need
to make some adjustments to certain applications on your home
computer, so they interact
properly with servers/services at BNL. For instance, if
you plan on surfing the Internet while connected to BNL via VPN, you
need to set your web browser for BNL's web proxy, exactly as you do
with your BNL computer at work. Likewise, if you want to use
your Microsoft Outlook service as you do while at work, there are
specific instructions to follow in order to do so. See the following links for
application-specific configuration instructions when connected to BNL via VPN.
- Configuring Your Web Proxy for browsing the
Internet via VPN
-
Configuring Microsoft Outlook
-
Microsoft Remote Desktop
(Windows & Mac) - With Remote Desktop Connection, you can easily
connect to a terminal server or to any computer running Remote
Desktop. All you need is network access and permissions to
connect to the other computer.
-
Symantec pcAnywhere - Symantec's PcAnywhere can be a great tool to use to connect to
your work machine and avoid having special configurations valid only
when VPN is active. But care must be taken to securely configure it
so that the world doesn't also enjoy that convenience. For this
reason it's strongly suggested that Windows 95 or 98 not be used due
to the insecure nature of these 'home' operating systems.
Shut Down VPN Tunnel When Done
Before turning off your computer, you need to shut down any
existing VPN tunnels. Prior to shutting down a VPN tunnel,
you may also need to shut down any applications that depend on
their BNL connection to run properly. For instance, if
you've configured Outlook to run over VPN per the directions on
this web page, you need to shut down Outlook before ending your
VPN tunnel. Once you've cleanly ended programs that rely
on your BNL connection, you may shut down (or disconnect) your
VPN tunnel.
See Screen Captured Image
If you have a question that is not addressed in these pages, please send an email to
itdhelp@bnl.gov.
Last Modified: April 30, 2008 Please forward all questions about this site to:
Web Services
|