Quick Info DoIT Home Forms Forwarding your e-mail Help Desk Service Request Internet Account Request Password Change Server Maintenance Schedule Technical Support Documentation

VPN Client 5.0 for Windows (XP, Vista)

---

Table of Contents

What is a VPN and who can use it
Installation
Additional Configuration for a Local Area Network
Making Your VPN Connection
Disconnecting

---

What is a VPN and who can use it

Some networked university resources available to faculty and staff can only be accessed from a computer using a San Francisco State University IP Address or from a computer inside the Administration firewall.  Networked computers on campus always have an SFSU IP address but may not be inside the Administration firewall.  Computers connected to the Internet through a commercial ISP (Internet Service Provider) do not have an SFSU IP address and would not be inside the Administration firewall.  In other words, if you connect to the Internet from off campus using a commercial ISP you do not have access to some on-campus resources and if you are not connected to the Internet from inside the Administration firewall you do not have access to any resources inside the Administration firewall.  A VPN, or Virtual Private Network, makes a second connection to the Internet through an existing connection. The second connection is assigned a second IP address by a VPN server.   Using Cisco's VPN client, faculty and staff can make a VPN connection to the university and be assigned an SFSU IP address that is inside the Administration firewall.   As an additional benefit, information passed through the VPN is encrypted from the client machine (your computer) to the VPN server.

Cisco VPN access has four requirements:

• You must be employed as faculty or staff at San Francisco State University.
• You must install and configure the Windows Cisco VPN Client on a computer running Windows XP or Vista.
• You must have a San Francisco State University email/Internet account.

Benefits

• Access to networked resources available only to computers using a San Francisco State University IP address.
• Sensitive information (e.g., your LAN password) is encrypted using the IPSec protocol while passing through the VPN.  This provides security between your off campus computer and our on campus VPN server.
• Access to resources inside the Administration firewall from on-campus computers that are outside the Administration firewall and from off-campus computers.

 

TOP OF PAGE

---

Windows Installation Instructions

          Windows Vista users please read this section.

Windows Vista requires a new release of the Cisco VPN client (v5.0.x) . The release notes state that Cisco only supports their VPN client in clean installations of Vista, not in installations where Windows XP has been upgraded to Windows Vista.

Log into Vista as an administrator.  If your computer starts up without a login screen, assume you are an  administrator.

1. Make a folder to put the VPN client installation software into; name it "CiscoVPN50".
2. Click on the "Download Cisco VPN Client 5.0" button,  You will need to enter your University ID number and PAC number, then save vpnclient50 into the CiscoVPN50 folder you created.
    

3. From the folder, double click on the installation file named : ciscovpn50
                       
   
   
4. For Windows Vista users, a User Accounts Control window will open, click Allow, to continue installation.
   
   
   
5. The Cisco Systems VPN Client installation windows will open requesting you to click Next for the installation to proceed.
6. When the license agreement window opens,
   click on the Radio button labeled, I accept the license agreement, then click Next 
   
   
7. Click Next when prompted, then wait for the installation process to complete.
   
8. Wait for the Cisco Systems VPN to successfully install, then click Finish.
9. A message window will open letting you know a profile has been created. Click OK
   
   

   Re-Boot your computer before you can begin using Cisco VPN 5.0 Client.

 

TOP OF PAGE

---

Additional Configuration to connect to a Windows Local Area Network Domain

You should not make these changes unless you need to access files, or some other resource, on a Windows Local Area Network (LAN).  You must talk with your local IT support group.  They may have special instructions that differ from these.  If there are no special instruction then you will need the following information:

• If your LAN uses Active Directory, get the IP number for your Active Directory DNS server.
• The IP number for your WINS server.  If you have a secondary WINS server get its IP number as well.
• Get specific instructions from your LAN administrator on how to log into your LAN once the VPN connection is established.  Details will vary with the version of Windows you are using and how the LAN is set up.  This is easiest if you are running Windows XP Professional on your computer.  Windows XP Home Edition is specifically designed to not make connections to Local Area Networks,

1. You must be logged in to Windows as an administrator.  If you are using Windows XP and your computer starts up without a login screen, assume you are an administrator.
2. Open your Network Connections window.
   1. Windows 2000
      1. Click on the "Start" Button.
      2. Select "Settings", then select "Control Panel" to open the Control Panel window.
      3. Open the "Network and Dial-up Connections" control panel.
   2. Windows XP Professional
      1. Click on the Start Button.
      2. Select "Control Panel".
      3. Select "Network and Internet Connections".
      4. Select "Network Connections".  You'll find it below the heading "or pick a Control Panel icon".
3. Right Click on the network connection icon labeled "SFSU VPN".  Select "Properties" from the context menu that pops up.
4. Click on Internet Protocol (TCP/IP) to highlight it then click on the Properties button.  Select the "General" tab in the Internet Protocol Properties window.
5. Verify that "Obtain an IP address automatically" is selected.
6. If, and only if, your LAN domain uses Active Directory (Ask your LAN administrator if this is the case.):
   1. Select "Use the following DNS server addresses:"
   2. For "Preferred DNS server:" enter your Active Directory's IP number.  Ask your LAN administrator for this number.
   3. For "Alternate DNS server:" enter 130.212.10.163.
7. Click on the "Advanced" button to open the Advanced TCP/IP Settings window.
   1. Select the DNS tab.  If you are using Windows XP or Windows 2000 and your LAN does NOT use Active Directory, make certain that "Register this connection's addresses in DNS" is NOT turned on.
   2. Select the WINS tab.  Click on the Add button and enter the IP number for your LAN's WINS server.  Ask your LAN administrator for this number.  If your LAN has two WINS servers then repeat using the IP number for your second WINS server.
   3. Click on the OK button to save your changes and exit the Advanced TCP/IP Settings window.
8. Click on the OK button to save your changes and exit the Internet Protocol Properties window.  Depending on which version of Windows you are using you may be told that you must reboot for the changes to take effect.  If so, reboot your computer.
9. Click on OK to close the "SFSU VPN Properties" window.

 

TOP OF PAGE

---

Making your VPN connection

1. If you use a dial-up modem to connect to the Internet, make your Internet connection before opening the Cisco VPN Client.
2. Open the VPN Client click on :

   Start à All Programs à Cisco Systems VPN Client à VPN Client

3. The VPN Client window will open and a small yellow icon of an unlocked padlock   will appear in your Windows taskbar.  The unlocked padlock indicates that the VPN client is disconnected.
4. To start a VPN connection either:
   • Click on the "SFSU VPN" Connection Entry to highlight it then click on the "Connect" icon or:
   •  Double-click on the "SFSU VPN" Connection Entry. 
5. The status bar at the bottom of the "VPN Client" window shows the progress of your connection.
6. Once a connection is made, you will be prompted for your username and password in an authentication window.  Use your San Francisco State University email account name and password.  Remember, your account name does not include the "@sfsu.edu" that is in your email address.  Click on "OK" to continue.
   
7. After a valid authentication, banner window opens welcoming you to San Francisco State University.  Click on "Continue" to close it.
8. Depending on the version of Windows you are using the VPN Client window may or may not close at this point.  Double-clicking on the padlock icon on the taskbar toggles the client window between open and hidden. The taskbar "unlocked padlock" icon will have changed to a "locked padlock" icon to indicate that you have a VPN connection. The VPN connection effectively makes you part of the SFSU network inside the firewall.
9. Disconnects Due to Timeouts!
   1. You will be disconnected if you don't transfer information over your VPN connection for more than one hour.
   2. You will be disconnected three hours after you make your VPN connection.
   3. You can double-click on the  "unlocked padlock" icon on the taskbar to open the VPN Client window then reconnect.

 

TOP OF PAGE

---

Disconnecting

1. Right-click on the locked padlock taskbar tray icon to see a menu of options.  Click on "Disconnect" in the menu.  The VPN will disconnect and the padlock icon in the Windows taskbar tray will show as unlocked
2. Right-click on the unlocked padlock taskbar tray icon to see a new menu of options.  Click on "Exit VPN Client" in the menu.  The VPN Client software will shut down and the padlock icon will disappear.

TOP OF PAGE

---

HOME

---

Site Home | What We Do | Help Desk | Account Services | Software | Hardware | Network
Telephone Services | Training | Computer Labs | Web Publishing | Policies | Sitemap | Contact Us

---

Last Modified: 14 Dec 2007
doit@sfsu.edu