Body
Introduction
A virtual private network (VPN) allows you to temporarily create or join a private network across an existing public network by creating an encrypted tunnel between two hosts. The encryption protects the data your computer or mobile device transmits and receives over the internet, enabling secure remote access to restricted online resources.
Many public wireless networks (such as those provided by hotels and restaurants) are not encrypted, leaving transmitted data unprotected and vulnerable to electronic surveillance. Even data originating from a secure network (for example, one provided by your employer or school) may be vulnerable if they are being transmitted to another secure network over the public internet. To prevent data from being intercepted (especially confidential financial data, or data protected by federal laws, such as FERPA and HIPAA data), businesses, government offices, universities, and other institutions use VPN systems to encrypt data transmitted between their secure networks and remote users.
VPN at ISU
At Indiana State University, Office of Information Technology delivers a centrally managed, fault-tolerant SSL VPN service for use. Establishing a VPN connection creates a secure tunnel between your off-campus computer or mobile device and the ISU network, allowing you to access online services and resources that are configured to refuse connections from outside the ISU network (such as ISU Print queues, certain library databases, and most network storage devices). Also, you need an ISU VPN connection to make a remote desktop connection from off-campus.
Note! Whenever you are off-campus and cannot connect to an ISU service, connect to the VPN to check whether that fixes the problem. If you can not reach an application through the VPN this may because of additional security reasons. If you encounter this, please contact the Technology Support Center at 812-237-2910.
Before You Connect
Stop! Staff and Faculty must use an ISU managed and maintained device to perform any official business for the university through the VPN.
Connect to the VPN
For the greatest reliability across the widest range of platforms and network configurations, OIT recommends and supports using the Cisco AnyConnect VPN Client, where available, to connect to ISU's SSL VPN. If you are unable to find the software application then you must install the client on your machine. Please see the "Installing the Cisco AnyConnect Client" section below. The client for the old VPN will work with the new VPN, it will be automatically updated on your first login.
Launch the Cisco AnyConnect Secure Mobility Client Application
- In windows the icon will look like the following on the Start screen:
Or if you use the program list the application looks like the following:
If you are unable to find this software application then you must install the client on your machine. Please see the "Installing the Cisco Secure Client" section below.
- If you have previously used the AnyConnect VPN client with the old ISUVPN, be sure to point to the new VPN at "vpn.indstate.edu" and click on Connect
- Enter your credentials in the login pop up window.
- Be sure the Group is set to “Indiana State University”.
- Click/select "OK" the window will disappear and you should immediately receive a notification from Microsoft MFA.
- If you are using a TOKEN authentication enter the TOKEN code when prompted.
- Once connected use your computer/applications as normal.
- If you need access to your shared drive letters you can run the login script by selecting the Run Login Script application from the program list.
- When you are finished you can disconnect from the VPN. You can either re-launch the application or simply select the AnyConnect Taskbar ICON to reopen the application and disconnect. Your connection will automatically be terminated when you logout or shutdown your computer.
Installing the Cisco Secure Connect Client
You will only need to install the client if you don't already have it installed. To install the VPN client you must have Adminstrative rights to the system. If you are not comfortable with installing the software or you are already working remotely, please contact the Technology Support Center at 812-237-2910.
- For university-managed Windows systems on the ISUAD domain you must install the client through Software Center.
- Enter “Software Center” in the “Type here to search” box at the bottom left of your Windows screen.
- Select the Software Center App.
- Once the App opens, select the "Cisco Secure Client VPN".
- Select Install.
- Follow the instructions in the install wizard for downloading and installing the Cisco Secure Client.
- Once installed you will be now required to manage your windows network connections through the Cisco Secure Client - See "NEW ARTICLE HERE" for more information.
- An alternative is to install the VPN client through a web browser. For the first time installation on Windows, Macintosh and Linux remotely follow the example below. You will need administrator access to install the client using this method.
- Open your web browser to https://vpn.indstate.edu.
- Login with your personal ISU Username and passphrase, after you enter your information you will then need to respond to the Microsoft MFA Approval request.
- You will get a confirmation window after you login and have confirmed the MFA request. Click "Continue".
- You will be presented with a screen to install the appropriate version of the Cisco AnyConnect client for your operating system. If you need assistance to install the client click on the “Instructions” button in the bottom right. When ready click the “Download for Windows” (Or your OS listed) button and follow the prompts per the instructions on the page.
Things You Need to Know
- Your account must be set up to use the Microsoft Office 365 Multi-Factor Authentication (MFA). Please see the Knowledge Base Article on How to Setup and Edit Office 365 Multi-Factor Authentication (MFA) and related articles.
- ISU's SSL VPN is for off-campus and ISU-SECURE wireless use only; it will not allow you to establish a connection if your device is connected via Wired Ethernet or on ISU-OPEN network.
- Faculty, Staff, Student Employees, Educational Affiliates and Business Affiliates of the university are authorized to use the VPN service. All other users will be declined.
- Staff and Faculty must use an ISU managed and maintained device to perform any official business for the university through the VPN.
- To ensure accountability of network communication, the University Information Policy Office prohibits group accounts from connecting to ISU's SSL VPN. To make a VPN connection, you must log in using your personal ISU username and passphrase.as well as respond to the Microsoft MFA approval request.
- You can connect a maximum of two devices at a time to ISU's SSL VPN. If you try to connect a third device while you already have a connection running on two other devices, you'll see a prompt asking whether you want to maintain the existing connections and cancel the new connection request, or break one of the existing connections and establish a new connection.
- When you connect to the all of your traffic will be directed through the VPN. Therefore you will not be able access any home printers or other devices while the connection is established through the VPN.
- There is a known issue with Microsoft MFA sometimes not instantly sending the notification message or sending the requests multiple times. This is an MFA issue not a VPN issue. Best to just try again or wait for the requests to stop.
- The VPN only supports the Cisco Secure Client.
- The VPN does NOT require a RSA Token to login.
- The VPN client will auto-update as new versions of the software becomes available. You may be prompted to reboot.
Additional Resources
Contact the Technology Support Center at 812-237-2910 if you need further assistance.