Please note:

• If using a Mac, use this link: Setting up VPN for OS X 10.3.X (Panther) and OS X 10.4.X (Tiger)
• If you are running Windows Vista (32 bit only), you can follow the directions in a general sense but need to download version 7 of the RSA Agent. LLE does not support Vista at this time but you can contact Computer Support if you have difficulties. Please note that the RSA client software does not work work 64 bit versions of Vista.
• At this time there is no support for Linux. You can use SSH to connect to a limited number or UNIX hosts. Contact Computer Support for list of available hosts.

---

To use the VPN server with a Windows based PC, five things are required:

1. A PC running Windows 2000, Windows XP, or Windows Vista (32 bit only).
2. The remote PC needs an IP connection to the Internet. This connection can be a dial-up connection to an ISP, a cable modem connection, or a LAN connection to a network outside of LLE.
3. You need a username and password in the LLE domain.
4. You must have "dial-in permission" granted to you. See Computer Support for more information.
5. You must have a SecurID. Contact the Computer Support Group to obtain a SecurID if you do not already have one.

Once you have your SecurId, perform the following steps:

1. Log in to your system using the administrator's account or an account that is part of the Administrator group.
2. Download Agent.exe and then run it. The RSA ACE/Agent 5.5 for Windows Setup screen displays and the installation wizard program starts.
3. Click OK to continue.
4. In the Information dialog box, click OK.
5. The Welcome dialog box is displayed. RSA Security recommends that you exit all programs before you install the RSA ACE/Agent 5.5 for Windows.
6. Click Next to continue.
7. Check the radio button for North America (the top radio button) and click Next.
8. Click Yes to accept the Software License Agreement and display the Select Components screen.
9. In the Select Components screen, check RSA EAP Client only. Leave all other checkboxes blank.

10. Click Next.
11. You do not need to provide the location of your RSA ACE/Server sdconf.rec file. Installing only the RSA Security EAP client on a remote machine does not require the sdconf.rec file (if there is a file path listed in the dialog, erase it).

12. Click Next.

13. Uncheck the box labeled "Register now."
14. Click Next.
15. You are prompted to restart the client computer. Select "Yes, I want to restart my computer now."
16. Click Finish. The machine should reboot.

Once the machine reboots, you will have to either configure your existing VPN connection to use SecurID or make a new connection on your machine.

Create a new VPN connection for Windows 2000 or Windows XP
or
configure my existing VPN connection for Windows 2000 or Windows XP.

Create a New VPN Connection
For Windows 2000:

Make sure that you are logged in on an account that has administrative privileges on local home PC.

1. Click on Start, then Settings, then Network and Dial-up Connections, and then double-click on Make New Connection.

2. The following dialog box should appear. Click Next.

3. In the Network Connection Type dialog, check the radio button for "Connect to a private network through the Internet" and then click Next.

3.5. You may see the below screen if you already have a connection set up. Be sure to have the radio button for "Do not dial the initial connection chosen". Click Next.

4. In the Destination Address window type vpnserv.lle.rochester.edu for the host name and click Next

5.Confirm the radio button "For all users" is checked, and click Next.

6. In the Internet Connection Sharing dialog, do not check the box to enable internet connection sharing. Just click Next.

7. Name your connection; for example: LLE. Click Finish.

8. The Connect dialog will appear.

 

9. Click Properties. Then select the Security tab.
10. On the Security properties sheet, select the Advanced radio button. Then click the Settings button. The following dialog box will display:

11. In the Data Encryption drop-down menu, select Require Encryption.
12. Select the Use Extensible Authentication Protocol radio button. Then select RSA Security EAP (encryption enabled) in the drop-down menu.
13. Click OK to accept the Advanced Settings, and then OK again for the Settings dialog.

14. Enter your LLE username in 'User name:' field. You DO NOT need to enter any password in the 'Password:' field. Then click Connect.

15. In the next dialog box, make sure the token is RSA SecurID card. Enter your Passcode and click OK. Note:Your passcode is your PIN and SecurID number.

You should be notified that authentication was successful and a receive a "Connection Completed" message. You are now connected!

For Windows XP

1. Click on Start and Control Panel.

2. Open Network Connections.

3. In the left-hand pane, choose Create a new connection.

4. This opens the "New Connection" wizard. Click Next.

5. Choose Connect to the network at my workplace. Then click Next.

6. Choose Virtual Private Network connection and click Next.

You may be presented with the following dialog box under Windows XP Pro (not XP Home). Choose the option that is appropriate for your configurations. (Choosing "My use only" is generally correct.)

7. Choose a name for the connection. We've used "LLE VPN Connection" in the example below. Click Next.

8. For the host name enter "vpnserv.lle.rochester.edu". Click Next.

9. You may now choose to create a desktop shortcut by selecting the appropriate box. Click Finish to create the connection.

 

10. Choose Properties.

11. Select the Security tab.

12. Select Advanced (custom settings) and choose the Settings button.

13. Select Use Extensible Authentication Protocol (EAP) and check that Data encryption: is set to Require encryption (disconnect if server declines). Click OK on the Advance Security Settings window and the Properties dialog.

14. Type your username in User name text box. No password is necessary here, even though it asks. Leave the Save Password box unchecked. Click Connect.

 

Note!

To connect to the LLE VPN server, your computer must be connected to the Internet through dial up, RoadRunner, or DSL. Use the procedure given to you by your ISP.

--------------------------------------------------------------------------------------------------------------

back to top

Setting up VPN for OS X 10.3.X (Panther) and OS X 10.4.X (Tiger)

LLE’s VPN

LLE’s VPN uses SecurID for authentication so make sure you have your RSA key-fob available to set up VPN and whenever you wish to use it.  There is no way to access VPN without it.

Open the Internet Connect Applications

You should find this in your Applications folder or possibly in the utilities folder within Applications.  Launch Internet Connect.  You will see the window displayed in figure 2.

Select VPN

Click on the padlock icon and a window will pop-up to let you select the type of  VPN to configure as shown in figure 3 .  Select PPTP and then click the Continue button.  Choose properties as shown in figure 3.  Make sure the padlock icon reads VPN (PPTP) and not VPN (L2TP).

 

Now use the Configuration pull down menu and select Edit Configurations...

 

Configuration

The window in figure 5 will appear.  The description can be whatever you like but type in the VPN server address as shown and your username.  Click the radio button for RSA SecurID and leave the encryption set to Automatic.  Click the OK button to return to the main window.

Connecting

Now you are ready to connect.  Click on the Connect button shown in figure 4 and the authentication window in figure 6 will appear.  Type in your PIN and the passcode shown on your fob.  Click the OK button.

Connected!

You should see a window like the one shown in figure 7 if all was successful.

If it doesn’t connect, try your passcode again after it changes.  If you still can’t connect, double check all the settings for typos.  If it all looks right, call computer support using the on-call pager (877-504-6820) or send an e-mail to problem@lle.rochester.edu .  If you’re traveling, please include all available contact information so we can fix your problem as quickly as possible.