Setting up Virtual Private Networking (VPN)

Please note

  • If using a Mac, use this link: Setting up VPN for OS X
  • If you are running Windows Vista (32 bit only), you can follow the directions in a general sense but need to download version 7 of the RSA Agent. LLE does not support Vista at this time but you can contact Computer Support if you have difficulties. Please note that the RSA client software does not work work 64 bit versions of Vista.

Requirements

  • A PC or Mac using one of the following operating systems:
    • Windows 2000
    • Windows XP
    • Windows Vista 32-bit edition
    • OS X 10.4.X "Tiger"
    • OS X 10.5.X "Leopard"
    • OS X 10.6.X "Snow Leopard"
    At the current time there is no support for Linux. You may use SSH to connect to a limited number of UNIX hosts. Contact Computer Support for the list of available hosts.
  • IP connection to the Internet. This connection may be a dial-up connection, cable modem connection, or LAN connection to a network outside of LLE.
  • A username and password in the LLE domain
  • "dial-in permission" must be granted; see Computer Support for more information.
  • A SecurID key fob. Contact the Computer Support Group to obtain a SecurID if you do not already have one.

Setting up VPN on a Windows PC

  1. Log in to your system using the administrator's account or an account that is part of the Administrator group.
  2. Download Agent.exe and run it. The RSA ACE/Agent 5.5 for Windows Setup screen should display and the installation wizard program will start.
  3. Click OK to continue.
  4. In the Information dialog box, click OK.
  5. The Welcome dialog box is displayed. RSA Security recommends that you exit all programs before you install the RSA ACE/Agent 5.5 for Windows.
  6. Click Next to continue.
  7. Check the radio button for North America (the top radio button) and click Next.
  8. Click Yes to accept the Software License Agreement and display the Select Components screen.
  9. In the Select Components screen, check RSA EAP Client only. Leave all other checkboxes blank. Select components window
  10. Click Next.
  11. You do not need to provide the location of your RSA ACE/Server sdconf.rec file. Installing only the RSA Security EAP client on a remote machine does not require the sdconf.rec file. If there is a file path listed in the dialog, erase it. Location of your RSA ACE/Server window
  12. Click Next.
  13. Uncheck the box labeled Register now. Register window
  14. Click Next.
  15. You will be prompted to restart the computer. Select Yes, I want to restart my computer now.
  16. Click Finish. The machine should restart.
  17. When the computer restarts, configure your existing VPN connection to use SecurID, or create a new connection.

Create New VPN for Windows 2000

Make sure that you are logged in on an account that has administrative privileges on local home PC.

  1. Click on Start then Settings then Network and Dial-up Connections, and then double-click on Make New Connection.
  2. The following dialog box should appear. Click Next. Network Connection Wizard window
  3. In the Network Connection Type dialog, check the radio button for "Connect to a private network through the Internet" and then click Next. Network Connection Wizard window
  4. You may see the below screen if you already have a connection set up. Be sure to have the radio button for "Do not dial the initial connection chosen". Click Next. Network Connection Wizard window
  5. In the Destination Address window type vpnserv.lle.rochester.edu for the host name and click Next. Network Connection Wizard window
  6. Confirm the radio button "For all users" is checked, and click Next. Network Connection Wizard window
  7. In the Internet Connection Sharing dialog, do not check the box to enable internet connection sharing. Just click Next. Network Connection Wizard window
  8. Name your connection; for example: LLE. Click Finish. Network Connection Wizard window
  9. The Connect dialog will appear. Network Connection Wizard window
  10. Click Properties. Then select the Security tab.
  11. On the Security properties sheet, select the Advanced radio button. Then click the Settings button. The following dialog box will display: Network Connection Wizard window
  12. In the Data Encryption drop-down menu, select Require Encryption.
  13. Select the Use Extensible Authentication Protocol radio button. Then select RSA Security EAP (encryption enabled) in the drop-down menu.
  14. Click OK to accept the Advanced Settings, and then OK again for the Settings dialog.
  15. Enter your LLE username in 'User name:' field. You DO NOT need to enter any password in the 'Password:' field. Then click Connect. Network Connection Wizard window
  16. In the next dialog box, make sure the token is RSA SecurID card. Enter your Passcode and click OK. Note: Your passcode is your PIN and SecurID number.. Network Connection Wizard window

You should be notified that authentication was successful and a receive a "Connection Completed" message. You are now connected!

Create New VPN for Windows XP

  1. Click on Start and Control Panel.
  2. Open Network Connections.
  3. In the left-hand pane, choose Create a new connection.
  4. This opens the New Connection wizard. Click Next.
  5. Choose Connect to the network at my workplace, then click Next.
  6. Choose Virtual Private Network connection, and click Next. You may be presented with the following dialog box under Windows XP Pro (not Windows XP Home). Choose the option that is appropriate for your configurations. My use only is generally correct.
  7. Choose a name for the connection. We've used LLE VPN Connection in the example below. Click Next.
  8. For the host name enter vpnserv.lle.rochester.edu. Click Next.
  9. You may now choose to create a desktop shortcut by selecting the appropriate box. Click Finish to create the connection.
  10. Choose Properties.
  11. Select the Security tab.
  12. Select Advanced (custom settings) and choose the Settings button.
  13. Select Use Extensible Authentication Protocol (EAP) and check that Data encryption is set to Require encription (disconnect if server declines). Click OK on the Advanced Security Settings window and the properties dialog.
  14. Type your username in the User name text box. No password is necessary here, even though it asks. Leave the Save Password box unchecked. Click Connect.
  15. Note: to connect to the LLE VPN server, your computer must be connected to the Internet. Use the procedure given to you by your ISP

Setting up VPN on OS X

  1. In your Applications folder, or possibly in the Utilities folder within Applications, open Internet Connect.
  2. Select VPN.
  3. Click on the padlock icon, and a window will pop up to let you select the type of VPN to configure as shown below. Select PPTP and then click the Continue button. Choose properties as shown in below. Make sure the padlock icon reads VPN (PPTP) and not VPN (L2TP).
  4. Use the Configuration drop-down menu and select Edit Configurations...
  5. The window below will appear. The description can be whatever you like, but type in the VPN server address as shown along with your username. Click the radio button for RSA SecurID and leave the encryption set to Automatic. Click the OK button to return to the main window.
  6. Click on the Connect button. The authentication window will appear. Type in your PIN and the passcode shown on your key-fob. Click the OK button.
  7. If the configuration was successful, you should see a window like the one below.
  8. If it doesn't connect, try your passcode again after it changes. If you still can't connect, double check all the settings for typos or mistakes. If it all looks correct, call computer support using the on-call pager (877-504-6820), or send an e-mail to problem@lle.rochester.edu. If you're traveling, please include all available contact information so we can fix your problem as quickly as possible.