HelpDesk - VPN Set Up Documentation
Cary Academy VPN (Virtual
Private Network) Implementation is designed to help faculty and staff members
connect and browse the CA network from home. It requires the installation of VPN
Client software on your home computer. We have customized the installation process to make it as simple as possible.
You will need
a VPN Client CD-ROM to install the software on
your home computer.
You
can obtain these disks from Information Services or you can send an e-mail to helpdesk@caryacademy.org.
You will have to tell us what Operating
system you run on your computer. Currently VPN Client software supports
Windows 95/98, Windows ME, Windows NT 4.0, Windows 2000 and Windows XP. There is
also support for Macintosh and Linux operating systems.
The first few
steps are the same for everyone. Download the self-extracting zip file for Cisco
VPN
here.
Extract to a known location. A folder on your desktop is a good choice
(click Browse, scroll up to 'Desktop', highlight it, select 'OK', then at the
end of the file path, add a folder name such as 'vpn' to the end.
Otherwise, the extractor will extract all files right onto the desktop.
Not pretty!)
Here is what mine looks
like. Next, click "Unzip," and a new folder named "vpn" will be created on
your desktop. Open this folder and select Setup.exe. The setup
program will then run and guide you through installation.
The installation program is designed to run without
user interaction. At the end of the installation
you will be asked to restart your PC. After you have installed the client and rebooted
your PC
you will have new a Program Group called “Cary Academy VPN Client”.
Under that group you will find few icons including “Cary Academy VPN Access”.
You are going to use this shortcut to establish a secure connection with Cary
Academy network.
Special
Notes:
-
IMPORTANT!!!! These instructions were
written for an older version of Cisco VPN. The newer version may
look slightly different, but all the old instructions should still
apply.
-
Users
who have Windows 95/98/ME will have to modify their Network Properties
to allow this computer to be trusted by the Cary Academy network. To do this,
right
click on network neighborhood icon on your desktop and choose "Properties"
from the menu. In the list of installed services,
double click on Client for Microsoft Network. Make sure that “Cary_Academy”
is listed as a Windows NT Domain and also make sure that “Log on to
Windows NT domain” check box is not checked (see figure #1). After you
confirm those settings apply configuration and close all windows by
pressing the OK button. You will have to reboot your system. If you don’t have Client for Microsoft
Network listed consult your Windows 9x manual about how to install
it.
Figure
1
For Windows 95/98/ME
users
After you hit Connect you will be asked
for the username and password twice. The first authentication authorizes you
to use a secure VPN connection (figure #3), the second authentication will establish your credentials on the Cary Academy network (figure #4). For
both dialogs, you
should type the same username and password that you use when you are at
Cary Academy. After the connection is established you have access to the all
resources on the Cary Academy Network that you are
authorized to use. (see
how to connect to your network drives)
 |
 |
| Figure 3 |
Figure 4 |
For Windows NT, Windows 2000, and
Windows XP Users
After you hit "Connect"
you will be asked for the username and password. (See figure #3). You
should type the same username and password that you use when you at
Cary Academy. The system will negotiate security protocols and establish a secure
tunnel. Now you have network connectivity to the Cary Academy LAN and can
connect to the shared resources. (see
how) Each time you open a connection to
a new shared resource (for example connect to the data on your U: drive) you will
be asked to provide username and password. You should type your username in
the following format: Cary_academy\User_Name. (See figure #5).
- Special
Notes: If you use Windows 2000 and experience problems with
authentication or connection to the network shares you must check the local
security policy applied to your computer. Windows 2000 must be set with
a compatible security template in order to communicate with Windows NT 4.0
domain. If this is an issue you should consult the Windows 2000 manual
in order to set up proper security restrictions.
Figure 5
When
you use VPN connection your computer becomes a part of the Cary Academy
network and all security policies that are in use in Cary Academy apply on
your computer. If a hacker takes over your computer then he can easily break
into Cary Academy network. This is especially dangerous for the people who
have Cable modem or ADSL connection. Their computers are always online and can
become easy targets for external attacks. We recommend the installation of some sort of
the firewall for all people who have fast internet connections.
Computer
viruses are another source of security risk. If your computer is
infected then you can spread the infection to the Cary Academy network. You must
always keep your anti-virus software running and always update it with the
latest anti-virus signatures. You must also implement some sort of firewall
technology, it can be either a hardware or software implementation. Please
contact IS department if you are not sure and we will provide you with the
best solution.
How
does VPN work?
VPN
(stands for Virtual Private Network) is a relatively new technology. It helps
people to extend their company network to virtually anywhere. Usually a VPN
implementation includes a special VPN server at the company's central location
and software that has to be installed on the remote computer. People connect to
the company network using a public internet connection. VPN software encrypts
data and establishes a secure "tunnel" between a remote computer and the VPN server over
the
public Internet.
How
do I access my network data?
To
access your network data you will need to follow few simple rules.
To
access your U: drive if you are a faculty member. Click on Start -> Run
and type \\ca\net\faculty\people\user_name. Where user_name is your actual username.
To
access your U: drive if you are a staff member. Click on Start -> Run
and type \\ca\net\admin\people\user_name. Where user_name is your actual username.
To
access your P: drive. Click on Start -> Run and
type \\ca\net\public.
To
access your T: drive click on Start -> Run and type \\ca\net\faculty\common
To
access your R: drive click on Start -> Run and type \\ca\net\admin\common
To
access your I: drive click on Start -> Run and type \\ca\net\web
- Special
Notes: If you use Windows NT/2000/XP and experience problem with connection to the network shares
as described above you may need to replace the
\\ca\net\faculty\
part with
\\faculty2\ and
similarly for other resources -- contact the Information Services Department
for more details if you need this.
I
use LinkSys or another hardware firewall. Will it work with VPN?
People
who have Cable and DSL connection often use small hardware firewall. LinkSys
is one of the popular firewalls on the market. CISCO VPN Client will work with
such a device in most of the cases. All modern firewalls support secure VPN
connection. You may experience problems if you use older device or device that
doesn't comply with industry standards
I
use Personal Software firewall. Will it work with VPN?
Many
vendors produce personal firewalls. Some of the most popular ones are
BlackIce, ZoneAlarm, Norton, McAfee. Only BlackIce and ZoneAlarm personal
firewalls are certified with CISCO at this time. But most of the firewalls
will work if properly configured. We were not able to run VPN client only with
McAfee firewall. You may also experience problems with some other vendors that
were not mentioned above. Windows XP also come with an integrated firewall -
Internet Connection Firewall. VPN software is not compatible with Microsoft
Internet Connection Firewall and you will need to use 3rd party vendor.
The latest
version of VPN software that is currently distributed by the IS department also
contains an integrated firewall.
What
benefits VPN will bring me?
You
may say that you already have had the ability to dial-in to the Cary Academy
network and you don't understand why use VPN. VPN has the two following major
benefits. It allows you to connect to the Cary Academy Network from whenever
you are. Whether you are in California or you are China or France, all you
need is a local Internet connection and the VPN client software on your
computer. Another benefit is for users who have
fast internet connections like Cable Modem or ADSL. These users will experience
fast and reliable access to Cary Academy network from home. Also, VPN supports
50 simultaneous connections which is 6 times more than our Remote Access
Service supports. We can handle all incoming requests and you
will never experience busy lines. With the campus upgrade to Windows XP we can
now also provide
you with Remote Desktop Connection and you can enjoy working from home as if you were at work.
Can
I run applications installed on my Cary Academy computer?
You
can't run applications installed on your Cary Academy computer without some
additional software (Remote Desktop client) and setup (see below). You will be
able to open documents that stored on Cary Academy Network but only if you
have corresponding application installed on your home PC. For example, if you
want to open Adobe Photoshop document you will have to have Adobe Photoshop to
be present on your computer at home. However, if you have Remote Desktop
client installed you may open remote session to your work computer and run all
applications that you have installed on computer in your class room.
Can
I use Grade Book and do grades from home?
Yes,
you can now do grades from home using the VPN connection. Please see the
section on InteGrade Pro Web Access or the section that
describes Remote Desktop Connection.
Why
do some Cary Academy Web resources require me to authenticate?
Do
not be surprised if you are asked to provide your username and password while browsing
Cary Academy resources during your VPN session. Some of the resources do
require additional authentication.
I
am using VPN Client with Windows 95 and can not connect to any of the network
shares?
Windows
95 does not understand the Distributed File System (DFS) that we use in Cary
Academy. You will need to install DFS Client for Windows 95. You can
find it on the same CD with VPN client under the Windows95_DFS_Client
directory. After you install it and restart your PC you will be able to access
all network resources.
I
am using VPN Client with Windows NT and can not connect to any of the network
shares?
If you use Windows NT and experience problem connection to the network share
try to connect to the network shares directly instead of using DFS paths. For
example try to use \\faculty2\people instead of \\ca\net\faculty\people.
How
do I get help setting up and operating VPN?
Ok.
You have read this page but still confused and don't know what to do. In this
case you can contact Cary Academy helpdesk by e-mail: helpdesk@caryacademy.org
or you may walk-in and ask for Dmitry Manakhov
(Dmitry@caryacademy.org) and you will be provided with
all the help you need.
I
have Apple Mac at home. Can I use it with VPN?
Yes,
You can. Although it is not officially supported by Cary Academy IS
department we have a word document
which will help you to set up your VPN connection from MAC computer.
If you are using Macintosh computer you can open this
SIT "stuffed" folder.
Figure 2