Remote Access End User Guide (Cisco VPN Client)

(1)

Remote Access End User Guide

(Cisco VPN Client)

(2)

1 Introduction

This document outlines how to use the Remote Access VPN. This version covers the single user VPN solution catalogue item N3-12-1 and the Extended VPN using Cisco VPN client software. The requisite components are the Cisco VPN client and the RSA SecurID token.

The N3-12-1 VPN solution encrypts the data from the end user device to the N3 VPN Gateway. If the end user accesses the local LAN using this remote access method it must be noted that the data will not be encrypted between the users local LAN and the N3 VPN gateway. Security from the VPN Gateway to the local services or LAN is the responsibility of the NHS LEGAL ENTITY and is not a part of this VPN Remote access solution.

The Extended VPN solution encrypts the data traffic from the end user device to the designated end customer site LAN on N3 network. In the Extended VPN solution, a VPN tunnel is established from the VPN client on the end user device to the N3 VPN Gateway. The VPN tunnel is then extended from the N3 VPN Gateway to the router (CPE) on the designated customer site inside N3 network.

Audience

This guide is intended for persons using the already installed and configured N3 VPN Client with the N3-12-1 (VPN Remote Access) or Extended VPN catalogue service. It is intended as a user guide for the service. The intended audience is expected to be familiar with using the Microsoft Windows operating system.

Connecting to N3 VPN (N3-12-1) or Extended VPN Client

Switch on the Laptop/PC. To Launch the VPN either click on the “Cisco VPN Client” icon on the desktop or from the Start Menu, select “Start, All Programs, Cisco Systems VPN Client, Cisco VPN Client”.

If the RSA SecurID token is new or in “New PIN” mode, a new PIN number will need to be associated with the token. Follow instructions below (Useful Information, New PIN Mode.) Otherwise, the user will need the PIN number associated with the token to proceed.

If the VPN client has been configured there will at least be an entry listed below the “Connection Entry”

column. Depending on the type of service the name of the entry will either be “N3 Remote Access” or

“N3 Extended VPN”. Highlight the VPN Entry and click ‘Connect’, the VPN Client User authentication window will be displayed. Enter the ‘Username’, given by BT. Under the password please enter the PIN number followed by the number displayed on the RSA SecurID and click OK. While entering the password please ensure that that there is no character, including space, between the PIN number and the number displayed on RSA SecureID

(4)

Once the VPN successfully authenticates the connection, the Cisco VPN Client minimises itself to the system tray and a locked padlock icon will be displayed. The Laptop/Pc is now connected to N3 network and further access will be determined by the type of VPN connection.

Disconnecting from N3 VPN (N3-12-6) and Extended VPN

Client

To disconnect from the VPN, double click on the Cisco VPN client icon in the system tray near the clock. A dialog window will be displayed. Click the disconnect button to exit the Cisco VPN Client.

Click Yes to acknowledge the disconnection and finish.

Useful Information (N3-12-6) and Extended VPN

New PIN Mode

If the token is in “New PIN” mode, select a PIN and associate it with the token in order to

authenticate the connection. When the token is first received, it would usually be in the “New PIN”

mode.

PINs must be four (4) to eight (8) characters in length and must consist of just numeric digits (0

(5)

New PIN registration process:

Click “Connect,” enter the Username and Password (only the number displayed on the RSA SecurID) and click “OK.”

Next, a prompt appears to set a new PIN. Click ‘y’ in the Password field to set your own PIN number and click “OK”.

Enter and confirm the PIN to set the PIN and connect to the VPN.

(6)

Now the new PIN number will be associated with the token. The PIN number will be required for all subsequent connections.

Next PASSCODE Prompt

Enter Next PASSCODE:" This error occurs when your SecurID card is out of sync or 'Next Token Mode' is ON. When you get this prompt, you will need to enter the next code displayed on your SecurID without your 4-digit PIN number. Enter the next number displayed on your SecurID card at this prompt and click OK you should then be logged into the VPN as normal and your SecurID will also be resynchronized.

Lost Token

Any lost SecurID tokens should be reported to the Local NHS Helpdesk as soon as possible to avoid possible security issues.

Broken Token

If the SecurID token is not generating a new number or is displaying 888888, call the local NHS helpdesk so that a replacement token may be organised.

Unable to Access N3 via the VPN

Before reporting a problem with N3 VPN connectivity to the local helpdesk, it is important to check that the Internet access is working and all cable connections are correct. Double click on the Internet icon and browse to a web page (Preferably one not recently accessed to avoid sites that are stored in memory)

Operating Systems Supported

Windows 2000 Windows XP

VPN Clients

N3SP is aware that it is possible to obtain VPN Clients for Operating Systems and devices other than those currently supported by the above services. VPN Clients are available from Cisco and could be used, for example, with Mac’s and various hand held devices.

However, these are not supported by N3SP. It should also be noted that some of these VPN Clients are not free and would need to be purchased. N3SP accepts no liability for such VPN Clients and cannot guarantee in any way their ability to work.

Revoking the User

If the remote user token has been lost, stolen or comprised please inform the N3 Helpdesk, who will then revoke it.

Remote Access End User Guide (Cisco VPN Client)