Date: Tue, 19 Mar 2024 04:50:04 -0500 (CDT) Message-ID: <2097961243.711.1710841804807@wiki.ncsa.illinois.edu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_710_1003472968.1710841804804" ------=_Part_710_1003472968.1710841804804 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
NOTE : Connectivity = options to use the NCSA VPN have changed recently. Please read through the = page and follow instructions below to use the new SSL VPN.&nbs= p;
A Virtual Private Network (VPN) is designed to give users the privacy of=
a separate network over public lines by substituting encryption and other =
security measures for the physically separated network lines of traditional=
private networks. Hardware and/or software that encrypts and decrypts tran=
smissions sent over already-installed network cabling is usually a much les=
s expensive proposition than installing new network cable for the purpose o=
f keeping information private. Also, in the case of wireless networking, no=
amount of new cabling would serve to make wireless communication private i=
n any way other than the encrypted approach VPN solutions take.
To use the NCSA SSL VPN system users will need to setup Duo and install = <= a style=3D"font-weight: bold;" href=3D"https://wiki.ncsa.illinois.edu/displ= ay/cybersec/Duo+at+NCSA" rel=3D"nofollow">DUO mobile for two-factor authentication. The NCSA DUO instance is separate from the campus i= nstance and will need to be setup separately. After this has been completed, users can use the Cisco AnyConnect VPN Client, which can b= e installed and connected to with little to no effort on the user's part. T= his is the officially supported VPN client both by NCSA and by Cisco. =
In order to connect to the NCSA network using the Cisco AnyConnect optio= n, you must first install Duo and then the AnyConnect client. Installation = of the AnyConnect client is done through your operating system's native web= browser the first time that you connect to the VPN server. After the initi= al connection, you will be able to connect to the NCSA network by launching= the Cisco AnyConnect VPN Client application directly. The Cisco AnyConnect= VPN Client supports Microsoft Windows, Apple OS X, and Linux. The client a= uto-download works better on some operatings systems/browser combinations t= han others. If you cannot download the client from the VPN concentrat= or, the client are linked in the next section below.
The NCSA VPN provides multiple profiles for users in order to provide th= e best service for a given use case. All profiles require NCSA credentials = and Duo 2FA.
In many cases, the VPN client will automatically download and install to= your machine while following the instructions in this Wiki page. More deta= iled process for various operating systems is described in the below sectio= n. Should you need (or prefer) to manually download the client, they a= re provided here:
Use the following instructions to configure Cisco AnyConnect client soft= ware on Apple iPhone to connect to the NCSA VPN system.
NOTE: these instructions may vary from Android version to Android versio= n, but the following are instructions that should hopefully be able to be u= sed broadly. Use the following instructions to configure Android to connect= to the NCSA VPN system using the native client.
Kerberos Authentication
Authentication on the NCSA V=
PN System is handled by the NCSA kerberos system. When authenticating to th=
e VPN, be sure to use your kerberos username and password.
IP Address Assignments
After connecting to the NCSA VPN System, your machine will be assigned an I=
P address from the 141.142.146.0/24 network.
Split Tunneling
The default VPN profiles are configured with split tunneling. This means th=
at only traffic being sent to specific IP networks is selected for encrypti=
on and transport over the VPN tunnel. In our configuration, these protected=
networks are 141.142.0.0/16 and 10.142.0.0/16. In some special cases you m=
ay need to send all of your traffic over the VPN tunnel such that your syst=
em behaves as if it is directly attached to the NCSA network. If this is th=
e case, please contact the Network Engineering team for further information=
on this setup.
Split DNS
In addition to split tunneling, the NCSA VPN system is also configured with=
Split DNS. When your system connects to a VPN system that is configured wi=
th split DNS, the VPN-specific DNS suffixes are added into your system DNS =
suffix search list. This aids the VPN client when trying to find network re=
sources on the remote network by DNS name. It is worth noting that this fun=
ctionality can cause problems when trying to find network resources that ar=
e local to the client. If this happens, try connecting to the local resourc=
e using the fully-qualified domain name (FQDN).
Cisco AnyConnect VPN Client Automatic Updates
Each time that the Cisco AnyConnect VPN Client connects to the VPN system, =
it checks to see if any client updates are available for download. If any a=
re available, they will be automatically downloaded and the client on your =
system will be upgraded.