Quick Info DoIT Home Forms Forwarding your e-mail Help Desk Service Request Internet Account Request Password Change Server Maintenance Schedule Technical Support Documentation

VPN Client 5.0 for Windows (XP, Vista)

---

Table of Contents

Reconfigure Installations Made Prior to August 1, 2009
What is a VPN and who can use it
Installation
Configuration
Making Your VPN Connection
Local Area Network Resources
Disconnecting
If Your Connection Doesn't Work

---

What is a VPN and who can use it

Some networked university resources available to faculty and staff can only be accessed from a computer using a San Francisco State University IP Address or from a computer inside the Administration firewall.  Networked computers on campus always have an SFSU IP address but may not be inside the Administration firewall.  Computers connected to the Internet through a commercial ISP (Internet Service Provider) do not have an SFSU IP address and would not be inside the Administration firewall.  In other words, if you connect to the Internet from off campus using a commercial ISP you do not have access to some on-campus resources and if you are not connected to the Internet from inside the Administration firewall you do not have access to any resources inside the Administration firewall.  A VPN, or Virtual Private Network, makes a second connection to the Internet through an existing connection. The second connection is assigned a second IP address by a VPN server.   Using Cisco's VPN client, faculty and staff can make a VPN connection to the university and be assigned an SFSU IP address that is inside the Administration firewall.   As an additional benefit, information passed through the VPN is encrypted from the client machine (your computer) to the VPN server.

VPN access using the Cisco VPN Client for Windows has three requirements::

• You must be employed as faculty or staff at San Francisco State University.
• You must install and configure the Windows Cisco VPN Client on a computer running Windows XP or Vista.
• You must have a San Francisco State University email/Internet account.

Benefits

• Access to networked resources available only to computers using a San Francisco State University IP address.
• Sensitive information (e.g., your LAN password) is encrypted using the IPSec protocol while passing through the VPN.  This provides security between your off campus computer and our on campus VPN server.
• Access to resources inside the Administration firewall from on-campus computers that are outside the Administration firewall and from off-campus computers.

 

TOP OF PAGE

---

Windows Installation Instructions

          Warning re: Windows Vista:

The release notes for the Cisco VPN Client states that Cisco only supports their VPN client in clean installations of Vista, not in installations where Windows XP has been upgraded to Windows Vista. We do not recommend installing the Cisco VPN Client on computers that have been upgraded from Windows XP to Windows Vista, nor do we support such installations.

1. Log into Windows XP or Vista as an administrator. If your computer starts up without a login screen, assume you are an administrator.
2. Make a folder to put the VPN client installation software into; name it "CiscoVPN50".
3. Click on the "Download Cisco VPN Client 5.0" button,  You will need to enter your University ID number and password (The password should be the same as your SFSU e-mail password.), then save vpnclient50 into the CiscoVPN50 folder you created.
    

4. From the folder, double click on the installation file named : ciscovpn50
                       
   
   
5. For Windows Vista users, a User Accounts Control window will open, click Allow, to continue installation.
   
   
   
6. The installer will create two profile files, SFSU_VPN.pcf and SFSU_VPN_alternate.pcf, on your desktop. You should see separate messages for each telling you that the file has successfully been created on your desktop. Close these messages by clicking on OK.
   
7. The Cisco Systems VPN Client installation windows will open requesting you to click Next for the installation to proceed.
8. When the license agreement window opens,
   click on the Radio button labeled, I accept the license agreement, then click Next 
   
   
9. Click Next when the Destination Folder window opens.
10. Click Next again when the Ready to Install the Application window opens. The installation's progress will be displayed.
    
11. Click Finish when informed that the installation has completed.
12. Re-Start your computer before configuring the Cisco VPN 5.0 Client.

TOP OF PAGE

---

Configuration

During installation two profile files. SFSU_VPN.pcf and SFSU_VPN_alternate.pcf, were created on your desktop to simplify configuration. Importing them will give you two sets of connection settings. Both may allow you to connect to the SFSU VPN but, depending on your home networking hardware and configuration, one or the other may not work properly. The steps to import the profiles are:

1. Open the VPN Client by clicking on :

   Start > All Programs > Cisco Systems VPN Client > VPN Client

2. Using the menus, select Connection Entries > Import...
   
3. Browse to the Desktop, select SFSU_VPN.pcf (you may only see SFSU_VPN), then click on Open.
4. You will see a message saying that the VPN connection entry was successfully imported. Click on OK to close the message window.
5. Repeat for the profile SFSU_VPN_alternate.pcf
   
   The VPN Client should show SFSU_VPN and SFSU_VPN_alternate in the Connection Entry column.
6. Unless you want to make a VPN connection immediately, close the VPN client.

TOP OF PAGE

---

Making your VPN connection

1. If you use a dial-up modem to connect to the Internet, make your Internet connection before opening the Cisco VPN Client.
2. Close all applications you have open that connect to the Internet. For example, web browsers and mail clients.
3. To open the VPN Client select :

   Start > All Programs > Cisco Systems VPN Client > VPN Client

4. The VPN Client window will open and a small yellow icon of an unlocked padlock will appear in your Windows taskbar.  The unlocked padlock indicates that the VPN client is disconnected.
   
5. To start a VPN connection either:
   • Click on the SFSU_VPN Connection Entry to highlight it then click on the Connect icon or:
   •  Double-click on the SFSU_VPN Connection Entry.
6. The status bar at the bottom of the "VPN Client" window shows the progress of your connection.
7. Once a connection is made, you will be prompted for your username and password in an authentication window.  Use your San Francisco State University email account name and password.  Remember, your account name does not include the "@sfsu.edu" that is in your email address.  Click on OK to continue.
   
8. After a valid authentication, a banner window opens welcoming you to San Francisco State University.  Click on "Continue" to close it.
9. Depending on the version of Windows you are using the VPN Client window may or may not close at this point.  Double-clicking on the padlock icon on the taskbar toggles the client window between open and hidden. The taskbar "unlocked padlock" icon will have changed to a "locked padlock" icon.. This indicates that you have a VPN connection. The VPN connection effectively makes you part of the SFSU network inside the firewall.

Disconnects Due to Timeouts!

• You will be disconnected if you don't transfer information over your VPN connection for more than one hour.
• You will be disconnected three hours after you make your VPN connection.
• You can double-click on the  "unlocked padlock" icon on the taskbar to open the VPN Client window then reconnect.

TOP OF PAGE

---

Accessing Resources on a Windows Local Area Network

Read Connecting from Windows to a Microsoft Local Area Network for instructions on connecting to LAN resources. There is a strong chance you will need to use your server's IP number while connecting rather than it's name. For example, you would use \\130.212.xxx.yyy\ResourceName rather than \\ResourceHost\ResourceName to connect to a resource named ResourceName on a LAN server named ResourceHost. Contact your local IT support staff for your server's IP number .

The two profiles provided do not allow connections to all LANs on campus. Talk to your local IT support staff to see if you need to create an addition connection entry.

TOP OF PAGE

---

Disconnecting

1. Close all applications you have open that connect to the Internet.
2. Right-click on the locked padlock taskbar tray icon to see a menu of options.  Click on Disconnect in the menu.  The VPN will disconnect and the padlock icon in the Windows taskbar tray will show as unlocked
3. Right-click on the unlocked padlock taskbar tray icon to see a new menu of options.  Click on Exit VPN Client in the menu.  The VPN Client software will shut down and the padlock icon will disappear.

TOP OF PAGE

---

If Your Connection Doesn't Work

• The VPN client is sensitive to the environment your computer is in. If you are using a router at home it may need to be configured to allow VPN connections to pass through it. You may have a router and not be aware of it. Most home routers come as part of a combined wireless access point and ethernet switch. See the documentation for your router to see if there is a setting to allow/disallow VPN connections.

• Some environments require slightly different configurations for the VPN client. If you cannot connect using the SFSU_VPN connection entry, or if you can make the VPN connection but none of your Internet applications can access remote servers (e.g., your web browser can't open any web pages), try using the SFSU_VPN_alternate connection entry.

• The VPN client cannot make a connection from inside the area you are trying to connect to. For example, if you try to make a VPN connection from inside the SFSU Administration Building the connection attempt will fail.

 

TOP OF PAGE

---

Reconfigure Installations Made Prior to August 1, 2009

The Division of Information Technology has upgraded the SF State VPN server. If you have already installed and configured the Cisco VPN client you must reconfigure the settings in order to connect to the new VPN server:

1. Log into Windows XP or Vista as an administrator. If your computer starts up without a login screen, assume you are an administrator.
2. Open the VPN Client by clicking on :

   Start > All Programs > Cisco Systems VPN Client > VPN Client

3. Right-click on the SFSU_VPN entry and select Modify.
4. In the Host field, replace the the existing IP number (130.212.199.5) with 130.212.253.75
5. Select the Backup Servers tab and make certain the Enable Backup Servers checkbox is unchecked.
6. Click on Save.
7. If you have an entry named SFSU_VPN_alternate, right-click on SFSU_VPN_alternate and select Modify. Follow steps 4 through 6.
8. You may make a VPN connection or close the VPN client.

---

 

HOME

---

Site Home | What We Do | Help Desk | Account Services | Software | Hardware | Network
Telephone Services | Training | Computer Labs | Web Publishing | Policies | Sitemap | Contact Us

---

Last Modified: 31 July 2009
doit@sfsu.edu