• No results found

A) Secure Virtual Private Network (VPN) access services.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "A) Secure Virtual Private Network (VPN) access services."

Copied!
13
0
0

Loading.... (view fulltext now)

Download now ( 13 Page )

Full text

(1)

Technical Guideline for Virtual Private Network access

services

This document is continually updated from on going feedback for all. Please send to [email protected].

This document is located at http://www.co.contra-costa.ca.us/depart/it/wan/vpn/index.htm

A) Secure Virtual Private Network (VPN) access services

.

1) Network Services Provided: a) IP network services b) Citrix access c) CCC DNS services

d) CCC Departmental WINS services e) Mainframe and AS400

f) End users may only access authorized Servers and internal network(s) based on their department requirements.

2) Minimum computer configuration:

a) Microsoft Windows 95b or ORS2, 98, ME, NT4.0WS SP5, 2000 pro, 2000 server with/without SP1.

b) 64 megs RAM (128 megs for 2000) c) 40 megs free to install VPN client d) TCP/IP protocol

e) Interface for the Internet access. (Typically a network interface card.) 3) Minimum User supplied Internet Access Bandwidth:

a) 128kpbs bi-directional (i.e. Home DSL or Cable)

Actual bandwidth requirements may be higher or lower depending on application needs.

For example; Mainframe or AS400 or Lotus Notes (travel mode) only users could run on 28.8kpbs modem Point to Point Protocol (PPP) dialup connections; though, the performance will be very slow. Thus, modem connections are not recommended. 4) Firewall and router considerations:

a) For either DSL or Cable modem users, the router supplied by the carrier must allow Internet Protocol Security (IPSEC) protocols (check with the carrier). Also, if a DSL router/firewall is added, it must also allow IPSEC protocols. Currently, for the home market, only the Linksys DSL router supports IPSEC.

b) For software base firewalls, only the NAI’s McAfee Personal Firewall 2.14 has been tested to work properly.

(2)

9:37 AM1/3/2007 a) RSA SecurID server with RSA SecurID cards or key fobs plus a personal

pin codes for each user. SecurID cards cannot be shared.

b) Triple Digital Electronic Security (DES) IPSEC tunneling protocol is used.

c) Point to Point Tunneling Protocol (PPTP) or IPSEC over PPTP is not currently available.

6) Traffic control: a) Split tunnel

B) Roll Out Procedure:

1) Network Administrators may request user logon ids and securid devices via an online form in Lotus Notes.

The following information will be required: a) Department (selectable)

b) User Name and Phone Number

c) ASO Name, Phone Number, and Email address. d) Department Number and ORG Number.

(The “Contra Costa County DoIT/Telecommunications Work Request” form must be used if the online form in Lotus Notes is not available)

User Ids will be set to first initial followed by the last name.

The initial password is the number displayed on the securid device. Then a prompt will be displayed requesting a personal pin code. This will require the user to choose a 4 to 8 alphanumeric personal pin code. The personal pin code will now be used in conjunction with the securid displayed code.

For example: User Id is = jdoe

Personal code is “123open”

Current securid device display is “379966” Passcode to enter will be “123open379966” Pass codes are case sensitive.

2) Client side software installation program

“vpnclient-win-is-4.6.01.0019-k9.exe”. This is available from

(3)

3) Prerequisites to install this client:

Ensure that the Network interface adapter and TCP/IP protocol is installed and working correctly.

Connect to the internet and verify access to the internet.

Ping “vgw1.co.contra-costa.ca.us “ to verify basic connectivity to VPN access server. This resolves to 64.166.144.5.

C)

Installing the VPN client software:

Close or disable all windows applications such as antivirus, 3rd party screen savers, palm desktop sync software, and basically anything that can be closed.

Create a temporary directory “vpninstall” on your computer c: drive: c:\vpninstall.

(the directory name is not critical, as long as you keep track of it)

Connect to the internet and use a browser to download from http://www.co.contra-costa.ca.us/depart/it/wan/vpn/index.htm

the client driver “vpnclient-win-is-4.8.01.0300-k9.exe ” and save it to c:\vpninstall. Select “Start” + “Run” and browse to locate “C:\vpninstall\ vpnclient-win-is-4.8.01.0300-k9.exe” to run the program:

(4)

9:37 AM1/3/2007

Then click run

(5)

Click run

(6)

9:37 AM1/3/2007

Then select Unzip

(7)

Click ok after the files are unzip.

(8)

9:37 AM1/3/2007

(9)

Next, select “Start” + “Run” and browse for c:\vpninstall\vpnclient_setup.exe:

Accept all the defaults and then reboot the computer. Reboot the computer.

(10)

9:37 AM1/3/2007

E) Create shortcut to your desktop.

F) Click the shortcut and VPN Client dialog will open up

(11)

H) The information to input will provide by WAN Group.

(12)

9:37 AM1/3/2007

Connection Entry : Your department

Host : vgw1.co.contra-costa.ca.us Name and Passowrd :Provided by WAN Group. After click SAVE

(13)

J) You input your first letter of your first name and your whole last name in Groupname. The passcode is the vpn token number show on the token ring. K) After you click ok, the dialog box will prompt you to create a pincode. Create a pincode and tab down to confirm it. Then click ok.

L) It will go back to VPN CLIENT /GROUP AUTHENTICATION LOGON. Now put your user id and the pincode you just created with vpn token number.

References

Download now ( PDF - 13 Page - 1.33 MB )

Related documents

SOCIAL PRIVATE CLOUD COMPUTING FOR HIGHER SECURE VIRTUAL PROCESSING

Only few users allow a stranger (random professor or a student) to use their computational power. Even if data encrypted, there is always a way. Basically, users who

Analisa Perbandingan Pengaruh Penggunaan Protokol Tunneling IP Security dengan Protokol Tunneling Layer 2 Tunneling Protocol terhadap Quality Of Services pada Jaringan Virtual Private Network

Pada L2TP konfigurasinya sedikit berbeda dengan IPSec, yaitu untuk membuat koneksi antara Host 1 dan Host 2 pada gambar 1, router R4 dan router R5 ip address

ewon 2104 ADSL Modem VPN (Virtual Private Network) Ethernet Gateway Remote Access Server (RAS) Programmable Industrial Router (PIR)

Figure 3: eWON info page details IP address Software version Serial number System Info: IO rev, Modem type, free mem..

Setup Guide. CapTel 840i /13. Catch every word with CapTel from Access Comm

Example 2: If there is not an available Ethernet jack in your DSL or Cable Modem, you will need a router or switch that lets you connect more than one device to the Internet..

Building Secure Network Infrastructure For LANs

The results also show that although most signaling protocols (like Hot Standby Router Protocol) were designed with the inband assumption, NI-Switches can still effectively

A Survey Paper on Voice over Internet Protocol (VOIP)

These routers in VoIP allow user to connect conventional phones to the internet to place VoIP calls where the router is connected to an ADSL/Cable modem and allow

OUTLOOK WEB ACCESS (OWA) AND SSL VPN HOME USERS MANUAL

• To guide users through the installation and configuration of all software and hardware required to access USASOC Outlook Web Access (OWA) Non-Secure Internet Protocol

How To. Configure Microsoft Windows XP ** Virtual Private Network (VPN) client interoperability without NAT-T support.

This configuration is a script file for running IPSec encapsulating L2TP, on a Head Office AR450S configured to support IPSec remote PC clients.. You will need to personalise