Cyber Security
VPN Known Issues
The VPN is not accessible from within the campus network and can
not be used inside bnl.gov.
VPN, Home networks and Web Browsing:
- A situation arises when a user is tunneling from a machine on a
network with private IP addresses of the 192.168.1.0 subnet (the
default for the LinkSys routers and probably others). Because you
assume a BNL IP address when connected via VPN, you must configure
your browser's proxy settings to use our proxies to access the
public internet. The conflict arises due to our proxies being also
on this 192.168.1.0 network. Because the 192.168 network is
considered a 'non-routable' address space, and you're behind a
router, your browser cannot reach beyond it to get to the proxies.
The solution is to use any other IP addressing space for your
home network, for example, 192.168.254.0. Linksys has a page
describing this procedure
here. The theory is the same with any other router.
- "If you are failing CRYPTOCard/radius authentication via the
Cisco VPN client, you may need to make sure your CRYPTOCard token
is in synch. Make note of the CRYPTOCard 8-digit 'challenge'
presented to you during authentication and input that challenge
into your token to make sure it is in synch with the CRYPTOCard
server before continuing with entering in your CRYPTOCard password
for authentication."
The Cisco VPN Client software will display the CRYPTOCard
challenge in the window (see below) which can be used to
re-sync to the
CRYPTOCard server.
![](Windows_images/twentytwo.gif)
Cisco VPN and Internet Connectivity:
- The Cisco VPN only directly supports access into the BNL
campus network
and Internet connectivity through the use of the site perimeter
proxy services. Direct Internet access from the VPN to the
Internet is
not directly supported. An example would be if you have a personal
e-mail
account with an off-site service provider using IMAP or POP you
will not
be able to access this service through the Cisco VPN.
However, if
the service is
web based and there is a site proxy for the service than that will
function.
- Example: Hotmail, uses your web browser for
access
Cisco VPN and AppleTalk:
- Another minor problem that has been reported is Apple-Talk under
Linux. If the Apple-Talk module is loaded, the Cisco VPN client will
refuse to load. At this time there is no work around. If you need
Apple-Talk support then you cannot use the Cisco VPN client.
If you have a question that is not addressed in these
pages, please send an email to
itdhelp@bnl.gov.
![Top of Page](https://webarchive.library.unt.edu/eot2008/20080922165829im_/http://www.bnl.gov/cybersecurity/images/uparrow_gray.jpg)
Last Modified: January 31, 2008 Please forward all questions about this site to:
Web Services
|