BNL:  Departments  |  Science  |  ESS&H  |  Newsroom  |  Administration  |  Visitors  |  Directory

search

Cyber Security

VPN Known Issues

The VPN is not accessible from within the campus network and can not be used inside bnl.gov.

VPN, Home networks and Web Browsing:

  1. A situation arises when a user is tunneling from a machine on a network with private IP addresses of the 192.168.1.0 subnet (the default for the LinkSys routers and probably others). Because you assume a BNL IP address when connected via VPN, you must configure your browser's proxy settings to use our proxies to access the public internet. The conflict arises due to our proxies being also on this 192.168.1.0 network. Because the 192.168 network is considered a 'non-routable' address space, and you're behind a router, your browser cannot reach beyond it to get to the proxies.

    The solution is to use any other IP addressing space for your home network, for example, 192.168.254.0. Linksys has a page describing this procedure here. The theory is the same with any other router.
     
  2. "If you are failing CRYPTOCard/radius authentication via the Cisco VPN client, you may need to make sure your CRYPTOCard token is in synch. Make note of the CRYPTOCard 8-digit 'challenge' presented to you during authentication and input that challenge into your token to make sure it is in synch with the CRYPTOCard server before continuing with entering in your CRYPTOCard password for authentication."

    The Cisco VPN Client software will display the CRYPTOCard challenge in the window (see below) which can be used to re-sync to the CRYPTOCard server.
     

Cisco VPN and Internet Connectivity:

  1. The Cisco VPN only directly supports access into the BNL campus network
    and Internet connectivity through the use of the site perimeter proxy services. Direct Internet access from the VPN to the Internet is not directly supported. An example would be if you have a personal e-mail account with an off-site service provider using IMAP or POP you will not be able to access this service through the Cisco VPN.

    However, if the service is web based and there is a site proxy for the service than that will function.
     
    •  Example: Hotmail, uses your web browser for access

Cisco VPN and AppleTalk:

  1. Another minor problem that has been reported is Apple-Talk under Linux. If the Apple-Talk module is loaded, the Cisco VPN client will refuse to load. At this time there is no work around. If you need Apple-Talk support then you cannot use the Cisco VPN client.

If you have a question that is not addressed in these pages, please send an email to itdhelp@bnl.gov.  

Top of Page

Last Modified: January 31, 2008
Please forward all questions about this site to: Web Services
 


DOE, Office of ScienceOne of ten national laboratories overseen and primarily funded by the Office of Science of the U.S. Department of Energy (DOE), Brookhaven National Laboratory conducts research in the physical, biomedical, and environmental sciences, as well as in energy technologies and national security. Brookhaven Lab also builds and operates major scientific facilities available to university, industry and government researchers. Brookhaven is operated and managed for DOE’s Office of Science by Brookhaven Science Associates, a limited-liability company founded by Stony Brook University, the largest academic user of Laboratory facilities, and Battelle, a nonprofit, applied science and technology organization.

Privacy and Security Notice  | Contact Web Services for help