BNL:  Departments  |  Science  |  ESS&H  |  Newsroom  |  Administration  |  Visitors  |  Directory

search

Cyber Security

VPN Client Advanced Configuration

This procedure describes the process of creating the actual VPN IPSec. tunnel connection into the BNL campus network.

For Client Versions:

  • 363A-k9 (windows)
  • 372-k9 (linux/solaris)
  • 373A-k9 (apple)

From your PC desktop, double-click the Cisco VPN Client application. This is the yellow lock shaped icon. If you chose the default location for installation of the application, it will be located in C:\Program Files\Cisco Systems\VPN Client.

The VPN Client window will open.

When you initially start up the VPN Dialer, it should contain pre-configured information in the Connection Entry and Host name fields. If this information is blank (as shown above), click New and fill in New Connection fields to match those shown in the next four pictures.

Enter connection and description information as shown above and click the Next button.

Enter the Fully Qualified DNS name of the VPN server as shown above (vpngateway.bnl.gov). If you are using a network provider that does not support the DNS service, the VPN gateway's IP address will also work. The VPN servers IP address is (130.199.3.27).

Click the Next button to continue.

Using the information provided to you from the BNL Account Management Office, Enter the VPN Group Name and the common shared Password. Note that the Password will not be visible. You must enter the same password twice to ensure a match. When done, Click the Next pushbutton to continue.

  • AGS CAD VPN Group - users who wish to access this group should contact John Gould ( 631-344-3951 or jgould@bnl.gov ) for Group Access Information.

Click the Finish button to complete the New Connection setup.


Connecting to the BNL Pix VPN

Now that the Connection Entry has been created, Click Connect to connect to BNL's Pix VPN.

Enter your Crypto-Card username in the top dialogue box. Do not enter the Password at this time. Click the OK pushbutton.

The VPN will now attempt to connect to the BNL VPN server using your CRYPTOCard Username. This first attempt will fail since you did not supply a password. This in turn forces the CRYPTOCard server to display the CRYPTOCard Challenge to you (see above); this is helpful if you need to re-sync your CRYPTOCard token (by entering the displayed challenge into your CRYPTOCard token). You can determine that your in sync by the fact that the CryptoCard challenge (in the above window) will be the same as that displayed on your soft token or on the hard card.

Now enter your CRYPTOCard Password Response in the Password field above and click the OK button. In a few moments you should have a secure connection status.

Note: If you use a CRYPTOCard software token, please be aware that when you start up your software token, its application window and additional prompts may open up directly behind the "User Authentication for BNL Pix VPN" window. You may need to move the "User Authentication for BNL Pix VPN" window in order to see your software token windows.

Notice the yellow "lock" icon on the right hand side of the task bar. This is the visual indication that you have an encrypted VPN link. You can right-click on this icon to determine the status and performance characteristic of your VPN connection.

An example follows:

Caveats:

At this time, there have been minimal reports of problems using this VPN service. One issue which has been reported a few times has to due with home networks. If you use a LinkSys router, wireless or not, make note of the local (internal) side of the router. If you are using the default network of 192.168.1.0/24 as your home DHCP network, you will have problems using the BNL perimeter proxies from the VPN tunnel. Since the internal BNL proxies are located on the same IP network as your home network, you will not be able to access non-BNL sites via the VPN tunnel unless you re-configure you LinkSys router to be on a different local network. The simplest solution is to assign you home network to be on the 192.168.254.0/24 network or on the 10.0.0.0 network. This configuration change will allow you to use all of the BNL campus network resources without any problem.

If you have a question that is not addressed in these pages, please send an email to itdhelp@bnl.gov.

Top of Page

Last Modified: January 31, 2008
Please forward all questions about this site to: Web Services
 


DOE, Office of ScienceOne of ten national laboratories overseen and primarily funded by the Office of Science of the U.S. Department of Energy (DOE), Brookhaven National Laboratory conducts research in the physical, biomedical, and environmental sciences, as well as in energy technologies and national security. Brookhaven Lab also builds and operates major scientific facilities available to university, industry and government researchers. Brookhaven is operated and managed for DOE’s Office of Science by Brookhaven Science Associates, a limited-liability company founded by Stony Brook University, the largest academic user of Laboratory facilities, and Battelle, a nonprofit, applied science and technology organization.

Privacy and Security Notice  | Contact Web Services for help