Questions? Contact us!
General resources:

Last updated: 03-Oct-2008


 
 

Michigan State University Central (Cisco) VPN Access

Index of topics:

*Note* As of April, 2007, MSU ACNS is no longer actively supporting the Central (Cisco) VPN Access system. This system will be retired on July 9, 2007.

We recommend that you check out the MSU Central SSL VPN Access service, which is intended to replace most use of this VPN service.

General VPN Information

The Central MSU (Cisco) VPN (Virtual Private Network) Service provides an access "tunnel" from your client computer to the MSU campus network. This tunnel is intended to allow you to bypass restrictions which are present at the network border, or those imposed by the various servers and services on the MSU campus network, assuming access via the VPN server is allowed.

In particular, at MSU, we are blocking the Microsoft networking protocols at MSU's border. Use of the central VPN access service will permit you to reach any services which rely on these protocols from your computer, when connected from locations off-campus. Examples include Microsoft Exchange e-mail access, and Microsoft file sharing.

The VPN Access service is available only for off-campus use. If you are on campus, you will be unable to connect to the VPN server. Some off-campus locations may also be considered "on campus". These include the local dial-up service (999-2678 and related numbers), ACD's DSL service with MSU IP addresses, and local MSU branch offices. From those services, VPN access is not generally needed.

The VPN will set up a split tunnel from the client machine that only directs traffic going to MSU across the encrypted tunnel. All other traffic will pass to the Internet as it normally would, directly from your client machine.

Acceptable Use

This system falls under the same restrictions as systems that are on campus. All client machines that connect to the system are subject to the MSU Statement of Acceptable Use as if their machine were located at MSU and physically plugged into the campus network.

How to Get a Client

A valid MSU NetID and password are required to download the VPN client software.

The Cisco VPN client software is no longer available for download.

Setting up a Connection

Windows

Step 1. Install the VPN Software

Once you have downloaded your client you can run the EXE to decompress the client. Once you have those files run the "Setup" InstallShield program. This will guide you through the installation procedure.

If you have downloaded the preconfigured client software, proceed to step 3.

Step 2. Configure the client software

Once your client is installed you need to configure it to make a connection. Run the Client (either by the Desktop Icon or from "Start -> Programs -> Cisco Systems VPN Client -> VPN Client")

From inside the VPN Client click the "New" icon to get this window:

Screenshot: Create New VPN Connection Entry

Step 3. Connect to the VPN Server

To establish a connection either double click on your newly created connection profile, or select the profile and click the "Connect" button. You will then need to enter your MSU NetID and Password to connect to the VPN server.

Screenshot: User Authentication box

Once you have successfully authenticated you are now connected to the VPN server. You can verify your connection to the server at anytime by looking at the system tray icon for the VPN client.

Not connected:
Icon: unlocked

Connected:
Icon: locked

Macintosh

Installation Using the DMG file provided elsewhere:

Once the install is complete you need to launch the client by opening your hard drive and entering the "Applications" folder. Find "VPNClient", double click that to launch the client. For your future convenience you may want to drag that application to your dock for easy access.

Now that you have the client launched follow the set up instructions that are given above for the windows client. The Mac client should look and behave just the same.

Linux and Solaris

Visit the Cisco VPN Client User Guide for Solaris and Linux for details on how to install your client.

Once you have that in place create a profile like the following:

more /etc/CiscoSystemsVPNClient/Profiles/msu_connection.pcf
[main]
Description=MSU VPN Test
Host=cc-vpn1.net.msu.edu
AuthType=1
GroupName=vpn-users
GroupPwd=msu-vpn

Once you have this file in place you can run the vpnclient from the command line and be connected.

vpnclient connect msu_connection

You will then need to enter your MSU NetID and Password when asked for them.

As long as this process continues to run you are connected to the MSU VPN Server. If you want to be able to continue to use the terminal or console that you are launching the client from then simply place an '&' after the connect command.

vpnclient connect msu_connection &

Server Access Information

You will have to check with the system administrator of your target server to find out whether access via the central VPN server will be permitted. If access to the server is not restricted by the server itself or by a firewall in front of the server, then the server should be accessible once you establish a VPN connection.

If you still cannot make a connection after logging in to the VPN, the system administrator may need to permit access via the VPN. The system administrator should permit access for the following IP address range:

35.12.64.0 through 35.12.95.255
-or-
35.12.64.0/19

Last modified: 18-Jun-2007

Copyright © 2008, MSU Board of Trustees