BNL Cisco Web Portal

Clientless Virtual Private Network (VPN)

VPN Home

The SSL-based VPN appliance will enable limited access into the BNL campus network. ITD is viewing this service as the 80% solution for the casual web-only, external VPN access into Brookhaven.

This service is not intended to replace the current Cisco IPSEC VPN concentrator which offers full internal connectivity from a remote location. With this in mind, ITD would like to invite you to utilize this service and to provide feedback to us on your experience and any associated problems with it. 

Service Requirements
You must have some form of connectivity to the Internet. Only BNL employees can access this service. In order to utilize this service, users must have a RSA SecurID Token (used to generate a random password for user authentication) and must connect to the following web location when off-site: http://webportal.bnl.gov

From the Cisco documentation, the following requirements must be met in order to utilize this VPN portal to it's fullest capability.

WindowsWindows, a 32-bit version of Microsoft Vista, Windows XP, or Windows 2000. Microsoft Internet Explorer with Java, and Active X.

MacApple Mac Intel-based systems, Mac OS 10.4 or 10.5 with Safari 3.1.1 or Firefox 3.0 or later with Sun JRE 1.5 or later.

Note, we have had some good experiences with many unofficially supported devices as well.

To support the largest BNL end-user community possible, we have configured this new VPN server to handle both the Cisco supported and a generic access method. The primary difference between the two entries methods is dependant on your access needs into BNL. If you need NT-based authentication to protected web resources then you must meet the official Cisco requirements as given above. Some internal BNL web resources use this model others implement local server authentication. However, if you do not need this NT-centric capability, then the second; less stringent access point is available.

How to Get Started

  1. Point your local web browser to https://webportal.bnl.gov from an off-site network such as your home network. Depending on your browser, you may need to enable Active X, Java, Java Script, and pop-ups. The initial portal access page will be displayed.
     
  2. You will need to enter your RSA SecurID Token information and acknowledge the BNL warning banner to continue. After a few seconds you will be presented with the main page from the VPN hardware appliance.

    Web Portal Console: Screen 1 Web Portal Console: Screen 2 Web Portal Console: Screen 3
    Click images to enlarge...
     
  3. To continue, click either the BNL Main Page link for the Officially Supported Cisco platforms or click the ITD Main Page for Linux and PDA's link for the more open access method.
     
    Depending on your browser configuration, you may have to accept the certificate and allow the Java scripts and applets to be downloaded. After a few moments, a BNL Internal Page will be displayed in your browser. From here you can browse to other BNL internal web pages and services.

Web Portal Usage
This VPN appliance supports HTTP and HTTPS access only. Meaning only internal BNL web pages are accessible through this service. You will not be able to follow off-site links. The BNL Cisco Web Portal VPN server provides authenticated and encrypted user mode access to web-based services, applications, and information utilizing either the HTTP or HTTPS protocols.

Example uses for this type of access include:

  • Human Resource Information: PeopleSoft HR (Timecards, Employee Self-Service, etc.)
  • BNL Financial Applications: PeopleSoft Financials (Requisitions, Asset Management, Manage Work Orders, etc.)

Know Issues & Limitations

  • This service in not available from the BNL wireless networks. It is strictly an off-site access.
  • Web browsing is limited to internal BNL resources only. The VPN server will not allow access to non-BNL web sites. You are limited to BNL.GOV or 130.199.0.0 addresses.
  • There are a few software compatibility problems with the encryption techniques used by the VPN server and your browser client when accessing certain Ajax generated pages. You might get duplicate images shown in your local browser in depending on the hardware and software your client device is using.
  • NT-based authentication requires the use of the Cisco supported configurations as given above.
  • BNL Employees Using Mac OS 10.4 or 10.5:
    ITD has experienced issues with Non-Mac Intel-based operating systems even though Cisco states that it is supported. For unknown reasons, these operating systems do not spawn popup java browser windows after links within the Web Portal are clicked.

    Portal Links
     
    However, users' may try typing the direct hyperlinks from internal websites into the web portals address bar to view these web pages. Note: Website using NT-based authentication to protect their web resources WILL NOT work. Since this is a known issue, the above method still may not work in all cases.

    Example: Address Bar
     

Please contact the ITD Helpdesk at x5522 (631-344-5522) or send an email to itdhelp@bnl.gov if you have questions, issues or concerns.

Top of Page

Last Modified: September 23, 2013