VPN Remote Access: Difference between revisions

From William Paterson University - Information Technology's Wiki
Jump to navigation Jump to search
 
(13 intermediate revisions by 3 users not shown)
Line 10: Line 10:
<ul>
<ul>
<li>Logging into the administrative systems
<li>Logging into the administrative systems
<li>Connecting remotely to some of the University's Library resources (WebVPN)
<!-- <li>Connecting remotely to some of the University's Library resources (WebVPN) -->
<li>Accessing University File Services
<li>Accessing University File Services
</ul>
</ul>
Line 30: Line 30:
#After you have set up your account, you will continue to use the [[VPN_Remote_Access#Client_VPN_Application|Cisco AnyConnect client]] as you have in the past.      <!-- <p>[[File:2FA.gif]]</p> -->
#After you have set up your account, you will continue to use the [[VPN_Remote_Access#Client_VPN_Application|Cisco AnyConnect client]] as you have in the past.      <!-- <p>[[File:2FA.gif]]</p> -->
#When you provide your login credentials you will now be provided with a [[#Second Password Field|secondary authentication]] box.  You can then either use an [[Multifactor_Authentication#Duo App for Mobile Devices|app]] on your android (or iphone) to generate a key OR type "push" in the [[#Second Password Field|secondary authentication]] box.  Using "push" will send a notification to the app on your phone.  (Using "sms" will initiate a text with an authentication key that will expire after one hour, or "phone" if you have signed up for a phone call.)
#When you provide your login credentials you will now be provided with a [[#Second Password Field|secondary authentication]] box.  You can then either use an [[Multifactor_Authentication#Duo App for Mobile Devices|app]] on your android (or iphone) to generate a key OR type "push" in the [[#Second Password Field|secondary authentication]] box.  Using "push" will send a notification to the app on your phone.  (Using "sms" will initiate a text with an authentication key that will expire after one hour, or "phone" if you have signed up for a phone call.)
#On University imaged Macs you can initiate a Cisco MultiFactor VPN connection via the wpuVPN menu item:<br>
{| style="text-align: left;"
|
<p>[[File:WpuVPN Menu.png|thumb|wpuVPN Menu]]</p>
|}
Select "Connect via Cisco AnyConnect" and the Cisco AnyConnect client will launch.


===Second Password Field===   
===Second Password Field===   
Line 75: Line 81:
The VPN server authenticates using WPU usernames and passwords ONLY. Faculty and staff users must have a valid WPUNJ account to use the VPN services.  VPN Services are available as a web or client application.   
The VPN server authenticates using WPU usernames and passwords ONLY. Faculty and staff users must have a valid WPUNJ account to use the VPN services.  VPN Services are available as a web or client application.   


=== Microsoft VPN (MS VPN) for University Imaged Machines ===  
=== Microsoft VPN (WPUNJ VPN or MS VPN) for University Imaged Machines ===  
'''Please note:''' when using the Microsoft VPN, ALL internet traffic from your connected laptop/device will be securely routed through the university network. This includes any network traffic intended for non-WPUNJ services and, as result, this may result is slower response from outside resources.
 
====University Windows 10 Laptops====
====University Windows 10 Laptops====
This video demonstrates how to login to the MS VPN once the connection appears on your laptop. Once connected, you will be able to access to your network drives as though you were on campus.  
This video demonstrates how to login to the WPUNJ VPN once the connection appears on your laptop. Once connected, you will be able to access to your network drives as though you were on campus.  


The K: drive will be available upon connection, though you may need to ‘map’ your U: drive manually ([[Map a Network Drive|instructions on how to do so here]].)
The K: drive will be available upon connection, though you may need to ‘map’ your U: drive manually ([[Map a Network Drive|instructions on how to do so here]].)
Line 88: Line 96:
''**this may require that you first use the Cisco AnyConnect VPN client to install the MS VPN from off campus and run a Managed Software Center check for updates''
''**this may require that you first use the Cisco AnyConnect VPN client to install the MS VPN from off campus and run a Managed Software Center check for updates''


[[File:MSVPN_Mac_1.png|300px]]
[[File:WpuVPN Menu.png|300px]]


After selecting Connect you will be prompted for your WPUNJ password, once entered you will be sent an authentication to your primary [[Multifactor Authentication]] device.
After selecting "Connect via MSVPN" you will be prompted for your WPUNJ password, once entered you will be sent an authentication to your primary [[Multifactor Authentication]] device.


[[File:MSVPN_Mac_3.png|400px]]
[[File:MSVPN_Mac_3.png|400px]]
Line 98: Line 106:
[[File:MSVPN_Mac_2.png|250px]]
[[File:MSVPN_Mac_2.png|250px]]


=== Web VPN  ===
<!-- === Web VPN  ===
{{#ev:youtube|zX50sdroyMk|400|right}}
{{#ev:youtube|zX50sdroyMk|400|right}}
The steps to sign-on to [http://www.wpunj.edu/webvpn WebVPN] and use are as follows:
The steps to sign-on to [http://www.wpunj.edu/webvpn WebVPN] and use are as follows:
Line 127: Line 135:
<LI> Don't forget to '''LOG OFF''' after you have completed your VPN session.
<LI> Don't forget to '''LOG OFF''' after you have completed your VPN session.
</OL>
</OL>
-->
=== Cisco AnyConnect Client VPN Application ===


=== Client VPN Application ===
'''Please note:''' when using the Cisco AnyConnect VPN from your connected laptop/device, only the network traffic for communicating with WPUNJ campus resources will be securely routed through the university network. Non-WPUNJ services will communicate directly to those services as if VPN was not connected. Note: one known exception is that home networks with IP addresses starting with 172.x, 10.x, or 192.x may encounter issues with connecting to local network resources when connected to the Cisco AnyConnect VPN.


Download the required software through WP Connect from the "Employee" tab, and under the "Information Technology" window frame. The VPN does not replace your ISP connectivity, it is intended only so your can access secure resources.
Download the required software through WP Connect from the "Employee" tab, and under the "Information Technology" window frame. The VPN does not replace your ISP connectivity, it is intended only so your can access secure resources.
Line 134: Line 145:
==== Microsoft Windows ====
==== Microsoft Windows ====


===== Microsoft Windows Cisco AnyConnect VPN Client Installation =====
<!-- ===== Microsoft Windows Cisco AnyConnect VPN Client Installation =====
Full time employees will be able to download the Windows VPN client from the [http://wpconnect.wpunj.edu/cp/home/loginf WPCONNECT] portal. From the "Employee" tab, and under the "Information Technology" window frame you will see a link named "Web VPN". Click on it.
Full time employees will be able to download the Windows VPN client from the [http://wpconnect.wpunj.edu/cp/home/loginf WPCONNECT] portal. From the "Employee" tab, and under the "Information Technology" window frame you will see a link named "Web VPN". Click on it.


Line 160: Line 171:




<li>At completion of the installation you will see a "Connection established" on your brrowser window as shown below. Now your VPN client is fully installed and running. Just close your browser.
<li>At completion of the installation you will see a "Connection established" on your browser window as shown below. Now your VPN client is fully installed and running. Just close your browser.


<div class="toccolours mw-collapsible mw-collapsed" style="width:480px">
<div class="toccolours mw-collapsible mw-collapsed" style="width:480px">
[[Image:Anyconnect2.PNG|center|480px]]
[[Image:Anyconnect2.PNG|center|480px]]
</div>
</div>


<li>To disconnect the VPN client simply right click on the VPN icon on the right side of your task bar (it looks like a lock) and click on the 'Disconnect" button.
<li>To disconnect the VPN client simply right click on the VPN icon on the right side of your task bar (it looks like a lock) and click on the 'Disconnect" button.
Line 179: Line 189:


<li>To reconnect click on the start windows button at the left bottom of your task bar and select "All Programs". There you will find a "Cisco" folder with the Anyconnect VPN program icon. Click on the icon to launch the AnyConnect VPN client.
<li>To reconnect click on the start windows button at the left bottom of your task bar and select "All Programs". There you will find a "Cisco" folder with the Anyconnect VPN program icon. Click on the icon to launch the AnyConnect VPN client.
-->


===== Using the Windows Cisco AnyConnect VPN Client =====
===== Using the Windows Cisco AnyConnect VPN Client =====
Line 190: Line 201:


</ul>
</ul>
<li>To disconnect the VPN client simply right click on the VPN icon on the right side of your task bar (it looks like a lock) and click on the 'Disconnect" button.
<div class="toccolours mw-collapsible mw-collapsed" style="width:400px">
[[Image:Anyconnect8.PNG|center|400px]]
</div>
<li>To reconnect click on the start windows button at the left bottom of your task bar and select "All Programs". There you will find a "Cisco" folder with the Anyconnect VPN program icon. Click on the icon to launch the AnyConnect VPN client.


==== Mac OS X (10.7 or later) ====
==== Mac OS X (10.7 or later) ====


'''If you are using a university supplied MacBook or MacBook Pro you should skip to step 6.'''
<!-- '''If you are using a university supplied MacBook or MacBook Pro you should skip to step 6.'''


===== Installing =====
===== Installing =====
Line 235: Line 253:


William Paterson University is not responsible for any software/hardware failures due to the installation of the VPN software provided by Cisco.
William Paterson University is not responsible for any software/hardware failures due to the installation of the VPN software provided by Cisco.
-->
1) There is a folder in your Applications folder named "Cisco".
[[File:Client_VPN2.png|300px]]
2) In that folder you will see an application named "Cisco Any Connect VPN Client". Double click on it.
[[File:Client_VPN3.png]]
3) when the program launches you will see a connect window. In the space next to "Connect to"  type "vpn.wpunj.edu" and click "connect"
[[File:Client_VPN4.png]]
4) If the software can reach the university authentication server you will be asked for your university login credentials. Enter them and click the "connect" button.
[[File:Client_VPN5.png |300px]]
You are now connected to the university network.


==== Mobile Devices (iPad, iPhone, Android) ====
==== Mobile Devices (iPad, iPhone, Android) ====
Line 257: Line 294:
# The Cisco Anyconnect VPN app will run in the background on your iOS device until the VPN connection is terminated. To terminate the connection, return to the app and toggle the on/off switch to Off.
# The Cisco Anyconnect VPN app will run in the background on your iOS device until the VPN connection is terminated. To terminate the connection, return to the app and toggle the on/off switch to Off.


== Accessing files on your network shares (K and U drives) ==
<!-- == Accessing files on your network shares (K and U drives) ==
 
It is important to understand that accessing our network storage through the [https://vpn.wpunj.edu webvpn] is a bit different than using your office PC or laptop.  There is no "drag and drop."  To access and/or edit a file, it must first be downloaded locally.  If your file is edited or changed, you must UPLOAD it back to the folder it resided in.  If you fail to do so, all changes you made will only exist on the computer you made the changes on.
It is important to understand that accessing our network storage through the [https://vpn.wpunj.edu webvpn] is a bit different than using your office PC or laptop.  There is no "drag and drop."  To access and/or edit a file, it must first be downloaded locally.  If your file is edited or changed, you must UPLOAD it back to the folder it resided in.  If you fail to do so, all changes you made will only exist on the computer you made the changes on.


Line 292: Line 330:


<br>You should now be able to browse to, download, edit and upload files through use of the [http://www.wpunj.edu/webvpn WebVPN].
<br>You should now be able to browse to, download, edit and upload files through use of the [http://www.wpunj.edu/webvpn WebVPN].
-->


''The VPN software available on this page is for use in the United States and Canada ONLY. It is NOT to be placed on a computer system that will be subject to International Travel. Exporting this software is a Federal Crime.''
''The VPN software available on this page is for use in the United States and Canada ONLY. It is NOT to be placed on a computer system that will be subject to International Travel. Exporting this software is a Federal Crime.''

Latest revision as of 09:44, 18 September 2024

Introduction

William Paterson University provides a VPN option for remote access into its computing and network environment. VPN access is available for faculty and staff only and must first be authorized by a Help Desk request.

VPN stands for Virtual Private Network. A VPN allows you to use the ISP (Internet Service Provider) of your choice and connect to WPUNJ using services normally restricted to campus usage, such as the K:\ and U:\ drives. It does this by providing a "Virtual" network connection to WPUNJ. That is, even though you are connected to your ISP, it appears that you are actually connecting from WPUNJ. Providing that you have a fast enough connection to the University's network through an Internet service provider you can access any data and applications the same way you do from your office at the University.

When should you use a VPN Connection?

The VPN connection should be used when you need to connect to a protected/firewalled WPUNJ network services. These include but are not limited to:

  • Logging into the administrative systems
  • Accessing University File Services

When connecting to unrestricted services, such as browsing the Web, you should use only your ISP connection and not the VPN connection. VPN is only required for access to protected services at WPUNJ.

VPN Multifactor Authentication

Multifactor Authentication is required for William Paterson University VPN Access. If you have not signed up for Two-Factor Authentication, please request access using the ticket type Account -> VPN Access.

For information on using Multi Factor Authentication, including use of the Duo App, please see our Multifactor Authentication article.

The secondary password field information can be found below, or on the Multifactor Authentication article, and include push, sms and phone.


Using VPN with Multifactor Authentication

  1. After you have set up your account, you will continue to use the Cisco AnyConnect client as you have in the past.
  2. When you provide your login credentials you will now be provided with a secondary authentication box. You can then either use an app on your android (or iphone) to generate a key OR type "push" in the secondary authentication box. Using "push" will send a notification to the app on your phone. (Using "sms" will initiate a text with an authentication key that will expire after one hour, or "phone" if you have signed up for a phone call.)
  3. On University imaged Macs you can initiate a Cisco MultiFactor VPN connection via the wpuVPN menu item:

wpuVPN Menu

Select "Connect via Cisco AnyConnect" and the Cisco AnyConnect client will launch.

Second Password Field

The second password field appears in the Cisco Anyconnect tool.
The second password field appears in the Cisco Anyconnect tool.

The following is utilized when using the Cisco Any Connect Client for VPN. The second password field is where you define the method of multifactor authentication you will be utilizing.

Authentication Method             Second Password
Duo App Push Verification push (See image 1. below)
Duo App to Generate Authentication Code Enter Code displayed in App (See image 2. below)
Text Message sms             (You will receive a text message with a key that will expire after one hour)
Phone Call phone         (If you have registered multiple phone numbers, enter phone1, phone2, as needed)



1. Authorizing access through the Duo App

Duo iphone2.PNG

            2. Generating a Key in the Duo App

Duo iphone1.PNG

VPN Services

The VPN server authenticates using WPU usernames and passwords ONLY. Faculty and staff users must have a valid WPUNJ account to use the VPN services. VPN Services are available as a web or client application.

Microsoft VPN (WPUNJ VPN or MS VPN) for University Imaged Machines

Please note: when using the Microsoft VPN, ALL internet traffic from your connected laptop/device will be securely routed through the university network. This includes any network traffic intended for non-WPUNJ services and, as result, this may result is slower response from outside resources.

University Windows 10 Laptops

This video demonstrates how to login to the WPUNJ VPN once the connection appears on your laptop. Once connected, you will be able to access to your network drives as though you were on campus.

The K: drive will be available upon connection, though you may need to ‘map’ your U: drive manually (instructions on how to do so here.)

University Mac Laptops

MS VPN is now located in your menu bar. The install the MS VPN can be found in the Managed Software Center **this may require that you first use the Cisco AnyConnect VPN client to install the MS VPN from off campus and run a Managed Software Center check for updates

WpuVPN Menu.png

After selecting "Connect via MSVPN" you will be prompted for your WPUNJ password, once entered you will be sent an authentication to your primary Multifactor Authentication device.

MSVPN Mac 3.png

Once you are finished using VPN please Disconnect from the same menu you utilized to connect.

MSVPN Mac 2.png


Cisco AnyConnect Client VPN Application

Please note: when using the Cisco AnyConnect VPN from your connected laptop/device, only the network traffic for communicating with WPUNJ campus resources will be securely routed through the university network. Non-WPUNJ services will communicate directly to those services as if VPN was not connected. Note: one known exception is that home networks with IP addresses starting with 172.x, 10.x, or 192.x may encounter issues with connecting to local network resources when connected to the Cisco AnyConnect VPN.

Download the required software through WP Connect from the "Employee" tab, and under the "Information Technology" window frame. The VPN does not replace your ISP connectivity, it is intended only so your can access secure resources.

Microsoft Windows

Anyconnect8.PNG
  • To reconnect click on the start windows button at the left bottom of your task bar and select "All Programs". There you will find a "Cisco" folder with the Anyconnect VPN program icon. Click on the icon to launch the AnyConnect VPN client. -->
    Using the Windows Cisco AnyConnect VPN Client
  • Once launched you will be asked to enter your WPU user account and password. Please do so. If the "Connect to:" field is empty please enter vpn.wpunj.edu. That is the address of the VPN server. Now click on the "Connect' button to run the AnyConnect VPN client.
    Anyconnect3.PNG

    Note: The Cisco VPN Client will be minimized to the task bar, the icon looks like a lock. To disconnect, right click on the icon for the VPN client and select disconnect.

    For Second Password directions please see the Two Factor section of this article. For technical support contact Help Desk Request

  • To disconnect the VPN client simply right click on the VPN icon on the right side of your task bar (it looks like a lock) and click on the 'Disconnect" button.
    Anyconnect8.PNG
  • To reconnect click on the start windows button at the left bottom of your task bar and select "All Programs". There you will find a "Cisco" folder with the Anyconnect VPN program icon. Click on the icon to launch the AnyConnect VPN client.

    Mac OS X (10.7 or later)

    1) There is a folder in your Applications folder named "Cisco".

    Client VPN2.png

    2) In that folder you will see an application named "Cisco Any Connect VPN Client". Double click on it.

    Client VPN3.png

    3) when the program launches you will see a connect window. In the space next to "Connect to" type "vpn.wpunj.edu" and click "connect"

    Client VPN4.png

    4) If the software can reach the university authentication server you will be asked for your university login credentials. Enter them and click the "connect" button.

    Client VPN5.png


    You are now connected to the university network.

    Mobile Devices (iPad, iPhone, Android)

    Mobile devices have the ability to connect to the on campus network via VPN. Some helpful tips:

    • VPN connections are only possible from off campus
    • Your device must be connected to the Internet via wi-fi or cellular data.
    • The below screen captures were created on an iPhone. The client can also be used on Android devices.
    1. Search for "cisco anyconnect" on the Apple App Store or Google PlayStore and download the app.
    Ios-cisco-anyconnect-1.PNG
    Android-cisco-anyconnect-1.PNG


    1. When first launching the application, Cisco Anyconnect will display this prompt. Tap OK.
      Ios-cisco-anyconnect-2.PNG

    2. Select "Connections"
      Ios-cisco-anyconnect-3.PNG

    3. Enter WPUNJ as the description and vpn.wpunj.edu as the server address. Tap Save.
      Ios-cisco-anyconnect-4.PNG

    4. Tap the on/off switch to On to connect.
      Ios-cisco-anyconnect-5.PNG

    5. You will be prompted to enter your WPUNJ username and password.
      Ios-cisco-anyconnect-6.PNG

    6. To confirm that you are connected, the VPN icon will be visible on the top of the screen.
      Ios-cisco-anyconnect-7.PNG

    7. The Cisco Anyconnect VPN app will run in the background on your iOS device until the VPN connection is terminated. To terminate the connection, return to the app and toggle the on/off switch to Off.


    The VPN software available on this page is for use in the United States and Canada ONLY. It is NOT to be placed on a computer system that will be subject to International Travel. Exporting this software is a Federal Crime.