FAQ

1. How to troubleshoot wireless access issues

Please follow the troubleshooting steps below if you are having issues with accessing wireless network at CSUDH.

Windows:

Q1. I have configured GoToros-wpa2 wireless network according to instruction. But I can't see the network in the available wireless network list. What may be wrong?

A. Please check if the wireless adapter in your laptop is turned on. In many laptops you can enable or disable wifi with a switch/button. Please check if your laptop has any wifi button. If it does, make sure it is on.

If the wifi button is on, but you are still not seeing it, please make sure that the wireless adapter is enabled in windows. You can check this article if you can't figure out how to find if your wireless adapter is enabled or not.

Q2. I have configured GoToros-wpa2 but it is not prompting me to enter my username and password. What may be wrong?

A. After you configure the GoToros-wpa2 wireless network and if your laptop successfully connects, you will see a login window or a prompt at the bottom right task bar. If you see the login prompt (specifically in XP), you need to click on it to see the login box. In Vista and windows 7, the login box may appear. If you don't see the prompt or login box or you saw it but missed it, but it is not appearing again, do the following:

  • try to connect to the wireless network manually (vista or windows 7) by clicking on Network and Sharing Center. For XP, try rebooting your machine again.
  • If you still cant see the prompt, open a command prompt box, and type: ipconfig /all. Your wireless adapter should not have any static IP address defined. Make sure that ip address and dns setting is set for DHCP (receive automatically)

Q3. I am connected to the wireless network, and I see the login prompt, but it keep prompting me to enter username and password again and again. What may be wrong?

A. Before you can authenticate to the wireless network, you need to make sure that your account is active and you have reset your password by going to https://dhnet.csudh.edu (for both staff and students). If you haven't done this part, you will not be able to authenticate to the wireless network.

However, after you have done all of that, and if you are not able to authenticate to the wireless network but you can access my.csudh.edu, blackboard etc., please contact helpdesk at x.2500 for further investigation about your account related issue.

Q4. I am connected and authenticated to the wireless network, but when i launch a browser, it is not redirecting me to the Cisco Clean Access web page. What may be wrong?

A. Please check the following:

  • check your dns server setting by opening a command prompt box. Make sure your dns server setting is showing ip address of one of the campus dns server, 10.17.0.40 or 10.1.0.103
  • Make sure that signed actingX control is enabled or set to prompt in your browsers security setting. Check this article to find how to check if it is enabled or not.
  • Make sure that you have the latest version of Java installed and enabled. To get latest version of java, go to: http://www.java.com
  • Some security software such as Norton Internet Security, Mcaffee firewall may prevent loading activeX controls or jave applets. Please check your computer if you have any such security software installed. If you do, please disable it for the duration of installing Cisco NAC agent.

Q5. Cisco NAC agent fails to install. What may be wrong?

A. Cisco NAC agent also uses activeX controls or Java. Please check the steps above to make sure that activex control is enabled, you have the latest version of java and existence of any security software.

CIsco NAC agent may also give an error message during installation. You can click on OK and it will continue. If it does continue and finishes installation, uninstall the NAC agent and re-install at again.

Macintosh

Q6. I have configured GoToros-wpa2 network, but it is not prompting to enter my credentials. What may be wrong?

A. Please check the troubleshooting section of Apple Airport Client Software Configuration article.

Q7. I got the prompt to enter my credentials. But it is not accepting my username of password. What may be wrong?

A. Please see answer to Q3 above.

Q8. How do I check if I am authenticated, logged in to the wireless network and my computer has an IP address?

A. Click on the wireless icon on the menu bar and choose network preferences. Click on AirPort on the left menu and status information will show up on the right. See picture below.

Screen shot of Network Window

Older OS X versions, this information may not show up. To check if you have an IP address, open a Terminal window. It is located in your hard drive under application, utilities. TYpe the following:

ifconfig -a

 

Back to top

2. How to configure Microsoft Windows Vista Wireless client to connect to GoToros-wpa2 wireless network

How to configure Microsoft Windows Vista Client to connect to GoToros-wpa2 wireless network

1. Click on Start, Control Panel, and select View network status and tasks under Network and Internet option (Figure 1).

Screen shot of control panel window

Figure 1

2. In the Network and Sharing Center window, select Setup a connection or network from the Task panel on the left (Figure 2).

Screen shot of Network and Sharing Center window

Figure 2

3. In the Setup a connection or network window, select Manually connect to a wireless network and click on Next (Figure 3)

Screen shot of Setup a connection or network window

Figure 3

4. In the Manually connect a wireless network window, enter the following information in the appropriate box and click Next (Figure 4):

* Network name: GoToros-wpa2

* Security type: WPA2-Enterprise

* Encryption type: AES

* Check the box for Start this connection automatically

* Check the box for Connect even if the network is not broadcasting

Screen shot of Manually connect a wireless network window

Figure 4

5. Click on Change Connection Settings (Figure 5)

Screen shot of Change Connection Settings window

Figure 5

6. In the GoToros-wpa2 Wireless Network Properties window, check all the boxes (Figure 6) and click on Security tab.

Screen shot of GoToros wpa2 Wireless Network Properties window

Figure 6

7. In the Security tab, in the Choose a network authentication method: drop down box, select Microsoft: Protected EAP (PEAP) (Figure 7) and click on Settings... box.

Screen Shot of Security tab window

Figure 7

8. In the Protected EAP Properties box, do the following (Figure 8):

* Uncheck Validate server certificate box

* In the Select Authentication Method box, select Secured password (EAP-MSCHAP v2) and click on Configure button

Screen shot of Protected EAP Properties window

Figure 8

9. In the EAP MSCHAPv2 Properties box, uncheck the box for Automatically use my Windows logon name and password (and domain if any) (Figure 9).

Screen shot of EAP MSCHAPv2 Properties window

Figure 9

10. Click on OK in all the boxes until you close all the boxes. At this point you will see the following pop up button at the bottom right corner of your desktop (Figure 10). Click on the button when it pops up.

Screen shot of pop up window

Figure 10

11. At this point, an Enter Credential box will appear (Figure 11). Please enter your username and password. After you get authenticated, your workstation will receive an IP address. Please launch a web browser to get authenticated to the CSUDH Cisco Clean Access server to proceed through the remediation phase of connecting to the wireless network.

Screen shot of Enter Credential window

Figure 11

Last Updated on Monday, 31 August 2009 21:54

Back to top

3. Apple Airport client software configuration to connect to GoToros-wpa2 

Configure Airport client software in Mac OS X to connect to GoToros-wpa2

This configuration has been tested on a Mac OS X version 10.5.7 and 10.6.4

1. Click Wireless icon on the menu bar and Select Join Other Network...(Figure 1):

Screen shot of Join Other Network window

Figure 1

2. In the "Enter the name of the network" dialogue box, enter the following information (Figure 2):

Network name: GoToros-wpa2

Security: WPA2 Enterprise

Username: (your campus username)

Password: (your campus password)

802.1X: Automatic

Check the Remember this network box

Click on Join.

Screen shot of Enter the name of the network window

Figure 2

3. If you see the following "Verify Certificate" windows, click on "Continue" (Figure 3)

Screen shot of Verify Certificate window

Figure 3

4. If the client software is able to see the wireless network, a 802.1x Authentication windows will pop up (Figure 4) . Please enter your valid CSUDH student username and password.

Note: please make sure that you have gone through the steps of setting up security questions and a new password at http://dhnet.csudh.edu if you are a new student. Without these steps, YOU WILL NOT BE ABLE TO LOGIN TO THE CSUDH WIRELESS NETWORK.

Screen shot of Authentication window

Figure 4

5. If the authentication is successful, you should be connected to the GoToros-wpa2 wireless network.

6. Next step is to go through the validation and remediation process via login to the CSUDH Cisco Clean Access server. Go back to the previous page and follow the steps under section 2 (Logon to the network).

Troubleshooting:

If you cant see the 802.1x authentication window, please check the following:

1. Click Wireless icon on the menu bar and click on Open Network Preferences...(Figure 5)

Screen shot of Open Network Preferences window

Figure 5

2. In the Network dialogue box, choose Airport on the left menu, and click on Advanced... button on bottom right (Figure 6)

Screen shot of Network dialogue window

Figure 6

3. In the Airport box, do the following (Figure 7)

  • click on WPA:GoToros-wpa2 under User Profiles
  • If you dont want to be prompted for username and password everytime you connect to the wireless network, type your username and password and uncheck the Always prompt for password box. If you wante to be prompted, check the Always prompt for password box.
  • In the Authentication box, make sure that only PEAP is selected
  • In the Wireless Network box, make sure that GoToros-wpa2 is selected
  • In the Security Type box, make sure that WPA2 Enterprise is selected.

Screen shot of 802.1X User Profiles window

Figure 7

 

Back to top

4. Wireless Zero Client configuration with PEAP and WPA2

How to configure Microsoft Wireless Zero client utility with PEAP protocol to work with CSUDH wireless network

This configuration has been tested with Intel PRO/Wireless LAN 2100 3A Mini PCI wireless card and Windows XP (Service Pack 3) Wireless Zero Client utility.

1. Open Network Connections dialogue box by clicking Start, Settings, and Network Connections. Find the connection for your wireless card, right click on it and chose properties from the pop-up menu (Figure 1).

Screen shot of Network Connections window

Figure 1

2. In the Wireless Network Connection Properties box, click on the Wireless Networks tab and do the following (Figure 2): 

  • Make sure Use Windows to configure my wireless network settings box is checked.
  • Click on Add under Preferred Networks

Screen shot of Wireless Network Connection Properties window

Figure 2

3. In the Wireless Network Connection Properties do the following (Figure 3): 

  • In the Network name (SSID) box type: GoToros-wpa2
  • Make sure that “Connect even if this network is not broadcasting” box is checked.
  • Under Wireless network key section, in the Network Authentication drop down menu select WPA2.
  • In the Data encryption drop down menu select AES.
  • Check the box “The key is provided to me automatically” if available

Screen shot of Wireless network properties window

Figure 3

4. Click on the Authentication tab in the Wireless network properties box and do the following (Figure 4): 

  • Check the box for Enable IEEE 802.1x authentication for this network.
  • In the EAP type drop down box, select Protected EAP (PEAP).
  • Uncheck the box for Authenticate as computer when computer information is available.
  • Uncheck the box for Authenticate as guest when user or computer information is unavailable.
  • Click on the Properties button under EAP type.

Screen shot of Authentication window

Figure 4

5. In the Protected EAP Properties box, do the following (Figure 5): 

  • Uncheck the box for Validate server certificate.
  • Uncheck the box for Enable Fast Reconnect
  • In the Select Authentication Method drop down box, select Secured password (EAP-MSCHAP v2).
  • Select the Configure button.

Screen shot of Protected EAP Properties window

Figure 5

6. In the EAP MSCHAPv2 Properties box, uncheck the box for Automatically use my windows logon name and password (and domain if any) and click on OK (Figure 6).

Screen shot EAP MSCHAPv2 Properties window

Figure 6

7. Click OK 3 times to return to the Network Connections box. At this time you can close this box.

8. You are now ready to connect to CSUDH wireless network. If you are close to a wireless network, you will see the following information box pop up at the bottom right of your window:

Screen shot of pop up window

Figure 7

9. Click anywhere in the information box and you will be prompted with the following Enter Credentials box (Figure 8):

Screen shot of Enter Credentials window

Figure 8

10. Type your username and password in the appropriate box and click on OK. If you pass the authentication, you will be connected.

11. At this point launch your web browser to get redirected to Cisco Clean Access web site to continue through the remediation process.

 

Back to top

5. CCA Disclosures

What Cisco Clean Access does:

* Helps prevent disastrous outbreaks of viruses and worms by scanning your computer for certain patch and anti-virus requirements set by the administrator

* Offers an easy way for you to fix your own computer without visiting the help desk

What Cisco Clean Access does NOT do:

* Cisco does not monitor traffic

* Cisco cannot access your usernames and passwords

* Cisco does not block specific applications

* Cisco cannot see what's on your hard drive

Bandwidth is a lot like fossil fuels: it's a limited resource. We have to make sure this resource is available to those who need it.

When viruses and worms hit, they take the network down, and they can crash your computer. The majority of these viruses and worms are avoidable, but only if all computers are updated with the latest Microsoft patches and antivirus updates. So we chose Cisco's software to make sure that every computer coming onto the network has the best possible defenses already on it.

Is it a pain? Sure, especially in the beginning if you haven't ever patched your computer. But if it saves you from losing a term paper and lets the support department focus on improving the network instead of fixing laptops it's probably a fair price to pay.

 

Back to top

6. Recommended Wireless Network Cards

Network Services has tested quite a few wireless cards that will work with the CSUDH wireless network. Click here to view the list of cards.

Although we are confident that most of the recent wireless card will work, we have found that some cards that are marketed towards home wireless networking will not work in our network. Hence, we strongly recommend, when purchasing wireless card that will work in the CSUDH wireless network, purchase them from the above list.

 

Back to top

7. Troubleshooting FAQ

Troubleshooting

Frequently Asked Questions

Clean Access Agent Installation

Q: Do I have to use the Clean Access Agent?

A: Yes. All Windows PCs are required to use the Clean Access Agent for network access.

Q: I cannot install the Clean Access Agent, it warns me about administrative rights.

A: You must be logged onto your computer as a user with administrative rights or as the administrator. Contact Helpdesk if do not have administrative rights.

Q: How do I know Clean Access Agent is installed successfully?

A: Look in the "System Tray" for in the lower right corner near the time display. You may need to select the "<<" to expand and show the Clean Access Agent icon.

Q: What happens if I uninstall the Clean Access Agent?

A: You will be required to reinstall the client to re-authenticate when your login expires.

Q: I keep trying to install the Clean Access Agent but it tells me that I can either Modify/Repair or Remove the program.

A: Clean Access Agent is currently installed on your machine. You do not need to install it again.

Q: I do not see the Clean Access Agent icon in my system tray; what do I do?

A: There are a few possibilities:

1. Clean Access Agent has not been installed.

* Please install Clean Access Agent to continue.

2. Clean Access Agent has been installed but you did not select "Launch" at the end of the installation.

* From the "Start" menu, then "Programs", then "Cisco", then "Clean Access Agent", then "Clean Access Agent" to launch the program.

3. Clean Access Agent is "hidden" in the Systray.

* Please click on "<<" to expand the system tray list and show Clean Access Agent, then login.

4. Your computer has a problem showing Systray icons.

* You may be able to use "taskmanager" to halt Clean Access Agent and then launch it again.

5. Clean Access Agent is installed but not running.

* From the "Start" menu, then "Programs", then "Cisco", then "Clean Access Agent", then "clean Access Agent" to launch the program.

Login and Logout

Q. How do I login?

A: There are 2 ways to login:

1. The Clean Access Agent will automatically display a popup when you connect the network wired or wirelessly. Enter your username and password to login.

2. When you enter a URL (www.google.com) on a browser window, you will be re-directed to a login webpage. Enter your username and password to login.

Q: I do not see the Clean Access Agent popup?

A: You can manually login by using the Clean Access Agent login feature. Right-click the Clean Access Agent icon in the system tray and choose "login."

Q: I've opened my browser with a default blank page but I am not redirected to a login page.

A: Go to a non-local site such as www.google.com.

Q: I'm on a Windows machine. Sometimes I can login using the web page and at other times, the web page tells me that I must use Clean Access Agent, why?

A: It depends on when the last time your computer was "validated" to the network. You should always use the SmartEnforcer client.

Q: How do I logout?

A: Currently, the only way to manually logout is to use the Clean Access Agent "logout" feature. Right-click the Clean Access Agent icon in the system tray and choose "logout."

Q: I do not have a "logout" option in Clean Access Agent.

A: Once you login through the Clean Access Agent, you will have the "logout" feature.

Q: I am able to access the internet but the Clean Access Agent still allows me to "login". Am I logged in?

A: Yes, the Clean Access Agent may not always detect your network status. If you can access normal internet sites such as www.google.com, then you are authenticated.

Q: I am NOT able to access the internet but the Clean Access Agent only allows me to "logout". What's going on?

A: The Clean Access Agent may not always detect your network status. Please choose "logout" and then choose "login" again.

Q: The Clean Access Agent does not offer a "login," just a "logout," and the web page tells me that I must now use SmartEnforcer to login; what do I do?

A: The Clean Access Agent does not always detect your network status. Please choose "logout", then you will have the "login" feature

Validating and Updating

Q: What am I allowed to access when Unauthenticated or Quarantined?

A: You can access remediation sites such as http://windowsupdate.microsoft.com,

http://liveupdate.symantec.com, and I.T. Help Desk.

Q: Can I update Windows before I login?

A: Yes, you should be able to go to http://windowsupdate.microsoft.com.

Q: After logging into the Cisco NAC agent, I get temporary network access only. When I run Windows Update, it

says I am fully patched. What can I do?

A: In the Cisco NAC agent window, where it say temporary access... and the one hour countdown is displayed, in the upper right corner is a cancel button. Click that. This will generate an error report which will allow us to determine which Microsoft patch is missing. You will need to create a helpdesk ticket at helpweb.csudh.edu and you will be contacted on how to install the missing patch.

Q: Can I update Norton or anti-virus before I login?

A: Yes, you can do so by clicking on Update from the anti-virus software system icon in your system tray.

Q. When I run Windows Update, I get a message stating that the product key used to install windows is invalid?

A. Windows Update will fail if your Windows OS is not properly licensed. You must have a legal copy of the operating system to connect to the network.

 

Back to top

8. Network Authentication

Network Authentication and Validation

Frequently Asked Questions

Key Terms

Network Access Process: The process of authentication and validation of your computer required for network access.

Authentication: The process of verifying your access to the network by confirming your username and password and associating it with your computer.

Validation: The process of confirming that certain security measures are in place on your computer.

Q: How does the Network Authentication and Validation system work?

A: The new computer security system performs the following functions:

* Require authentication to the network.

* Validate whether the system connecting to the network meets the minimum security standards.

* Quarantines the system until it meets the minimum security standards.

* Provides access to the remediation sites.

* Once the system is validated as "clean," allows access to the network.

Q: Why Are We Introducing this Solution Now?

A: There are over 31 medium or higher rated worms (Blaster, Nachi, Netsky, Sobig) that infected computer systems during the first 6 months of 2004. We did not have a solution that could effectively quarantine systems until proven "clean"; thus, many unprotected systems became infected as soon as they were physically plugged into the network. From investigations on the causes of the problems experienced, it has been determined that the best way to prevent this from happening again is to insure that virus software and OS critical update/patches are current and maintained.

Users who did connect systems that were current with both OS patches and anti-virus software also suffered delays in Internet and other network access due to the excessive traffic caused by the infected machines.

Q: How Does Validation Work?

A: The validation solution will "trap" any Internet browser access and redirect the user to a web page that instructs the user to download and install the validation client known as "Clean Access Agent".

Once launched, the client downloads the validation rules and processes these. If the workstation fails the test, it is allowed Internet access only to the remediation sites for a period of time. Once corrected, full network access is provided and a timer is set for the connection.

The connection remains intact until the timer expires; at that time, the connection is reset and the user must re-validate by launching the client.

Q: What is Clean Access Agent?

A: Clean Access Agent is the client application that can check certain security settings on any Microsoft Windows PC to make sure that the system is up-to-date with required security patches and report this status to a Server. No information about the user or the content of user files is sent to the server. Each user must use Clean Access Agent for his/her Microsoft Windows PC in order to authenticate and use the network.

Q: What Validation Checks are being performed?

A: The following are some examples of validation checks that can be performed:

* Run Nessus scans for known vulnerabilities.

* Check for current release of anti-virus software and current virus definitions.

* Check for current Windows OS Patches for Windows machines.

Q: How Long Do the Validation Checks Take?

A: The checks can take between 15 seconds to a few minutes.

Q: How Does Validation Work for Macintosh Users?

A: Macintosh users must authenticate by logging in via a web page. The only validation check for Macintosh systems is the Nessus scan. There is no client which is downloaded to Macintosh systems. The network connection timer is set for Macintosh systems; however, there is no icon that can be right-clicked to logout and subsequently login again.

Q: How Does Validation Work for Linux Users?

A: Linux users must authenticate by logging in via a web page. The only validation check for Linux systems is the Nessus scan. There is no client which is downloaded to Linux systems. The network connection timer is set for Linux systems; however, there is no icon that can be right-clicked to logout and subsequently login again.

Q: What Remediation is Available?

A: Microsoft Windows Patch Failure. If the user's system fails the check for current critical OS patches, the user is instructed to click on the URL for the Microsoft Windows update site and follow the instructions. Additionally, the user is provided the option to download a program that can assist in configuration of Microsoft Windows Automatic Updates.

A: Anti-Virus Failure. If the user's system fails the check for current anti-virus software, the user is provided a download either for the software itself or for the current engine and virus definition files.

A: Host IDS (Intrusion Detection). If the user's system fails the check for current IDS/IPS host agent, the user is provided a download either for the software itself or for the agent files updates.

 

Back to top

9. SSLvpn Frequently Asked Questions

Q. How can I browse to my personal folder in CSUDH server and create a bookmark on my vpn portal?

A. To bookmark a network location:

  1. On the secure gateway home page, click the Add a Windows Directory icon (Add a Windows Directory icon) in the Files section .
  2. Browse to the folder you want to bookmark by typing the full network path in the browse box on top right of the page (Screen shot of Browse window) and click on Browse. For example: to browse to your own personal folder in CSUDH server, type: \\aisfs03\replica\home\username (replace username with your folder name).
  3. Click the Bookmark Current Folder button at the top of the page Bookmark Current Folder icon
  4. Enter a bookmark name and description (optional).
  5. Click Add Bookmark to add the bookmark to the Files panel.

Q. How can I remote desktop to my Office computer and create a bookmark on my vpn portal?

A. To create a bookmark to a Remote Desktop session:

  1. On the sslvpn portal page, click the Add a Terminal Session icon (Add terminal session icon)on the title bar for the Terminal Sessions panel.
  2. Select Windows Terminal Services from the Session Type list.
  3. Enter a name and optionally a description for the session bookmark.
  4. In the Settings section:
    1. Specify the hostname or IP address of the computer in the Host field.
    2. Leave Client Port: and Server Port: boxes blank
    3. From the Screen Size list, specify how large you want to make the Remote Desktop session window on your workstation.
    4. For Color Depth, specify the color bit for your session. It is advisable to use 24 or 32 bit color to see most of the color from your remote workstation.
  5. In the Session section, enter your Username and Password for your office computer if you do not want to enter it every time you launch remote desktop.
  6. Click Add.

Q. How can I use Microsoft Outlook Native client with CSUDH SSLvpn portal?

A. You can use Microsoft Outlook Native client in both Restricted Access and Full access mode.

Restricted Access: In restricted access, you can use Microsoft Outlook client via launching Windows Secure Application Manager software. Follow the steps below:

  1. Launch your browser and go to: https://sslvpn.csudh.edu
  2. Login with your campus username and password.
  3. At the bottom of the SSLvpn portal page, in the Client Application Sessions panel, launch Windows Secure Application Manager (WSAM) by clicking on the Start button.
  4. Installation of WSAM will start and after successful installation you will see the WSAM application icon WSAM application icon on your task bar.
  5. Launch Microsoft Outlook client and login to the server as you normally would.

Full Access: In Full access, you do not need to use WSAM. In full access mode you have full network connectivity through Network Connect software. You can launch Network Connect by any of the two methods below:

  1. Login via the full access vpn portal page at https://sslvpn.csudh.edu/full (for the first time)
  2. If Network Connect is already installed on your computer, click Start > Programs > Juniper Networks > Network Connect 5.x.x > Network Connect.

After your computer successfully passes CSUDH host checker remediation process, the Network Connect status window opens and the following icon appears in the Windows Taskbar when your session begins, indicating that the secure tunnel to CSUDH network is open:

 

Back to top

10. Mapping Drives from CSUDH via VPN

Working on files held at the University

Mapping Drives

You use the Public Access PCs. All your files are held on the campus file servers - you need to access them.

* Click the Start Menu and select Run...

* Enter the following characters: cmd

* Click OK

* Enter the following command at the prompt

net use driveletter: path /user:campus\username

where driveletter and path are the shares that you have access to. So, for you to connect to your h: drive you would use:

net use h: \\aisfs03.csudh.edu\replica\home\yourusername /user:campus\yourusername

* When prompted enter your password

For Mac users using Mac OS X 10.1 and above:

* Click the Finder icon in the Dock

* Choose Connect to Server from the Go menu

* In the address field of the Connect to Server dialog, type the URL using this syntax:

smb://aisfs03.csudh.edu/replica/home/username

* Click Connect. You will be prompted for the workgroup, user name, and password

 

Back to top

11. VPN RDP

Remote Desktop

If you are running Windows XP at the University, and can leave your workstation switched on, you can use Remote Desktop to connect to your University machine. This allows you to work from home exactly as if you were sitting at your office desk.

Setting up Remote Desktop

1. On your University workstation:

Stage 1 - finding out the host name/IP of your workstation.

* Click the Start Menu and select Run...

* Enter the following characters: cmd

* Click OK

* At the prompt type ipconfig and hit the Return key

* Make a note of the IP Address

* Write down the IP - you will need it at home

* At the prompt type exit and hit the Return key

Stage 2 - Enabling Remote Desktop

* Click the Start Menu and select Run...

* Enter the following characters: sysdm.cpl

* Click OK

* On the System Properties Dialog click the Remote tab

* Enable Allow users to connect remotely to this computer

* Click OK on the Remote Sessions dialog.

* Click on the Select Remote Users... button

* Click on the Add... button

* Use the Select Users dialog to add your login username

* Click OK

2. On your home PC

 If you are running Windows XP

* Run Start | All Programs | Accessories | Communications | Remote Desktop Connection

* In the Computer: box type the IP of your University PC that you obtained in Stage 1 above

* Click on the Connect button

* When your University PC prompts you, enter your username and password

 If you are running Windows 2000

* Install the latest Remote Desktop Client and follow the instructions for Windows XP

 

Back to top

12. VPN FAQ

1. What is a VPN?

VPN stands for Virtual Private Network. It is a set of technologies that allows you to build secure "virtual" paths between hosts on insecure networks. The particular type of VPN Network Services is deploying is commonly known as a remote access VPN. This acts very much like a classical dialup service, except you are using a data network rather than a voice network to make your "calls". Rather than dialing into a modem on the far end, you are making a connection to a VPN concentrator and creating a secure tunnel from your machine to the concentrator, which is located on the CSUDH network. Thus, everything you send and receive to/from the CSUDH network is encrypted. Additionally, your machine will appear as if it were connected directly to the CSUDH network (i.e. you get a CSUDH IP address).

2. When do I need to use VPN service?

If you have a need to use any of the following campus services from a remote location, you need to use VPN:

* Browse campus-limited web resources

* Use Microsoft Outlook client in MAPI mode for connecting to CSUDH exchange server.

* Remote connection to your office desktop

* Mapping drives to campus servers or workstations for transferring files.

3. When I type my password, is it encrypted, or sent over the network in clear-text?

The password is encrypted using the same strength encryption as the VPN tunnel uses. Your password is never sent in the clear when you use VPN!

4. Can I use any remote control software (such as PCAnywhere or Remote Desktop (RDP) utility in XP) to remote control my on-campus PC via the CSUDH VPN Service?

Yes.

If you use PCAnywhere then you need to install and configure it on your office PC as well as your home computer.

You can also use Remote Desktop (RDP) utility that comes with XP to remote control your PC. For details instruction about how to setup and use RDP, please Click Here.

Warning:

RDP (Remote Desktop Protocol) requires that TCP port 3389 be accessible in order to establish a connection. RDP is typically classified as "moderately secure" and is vulnerable to Man-In-The-Middle and Brute Force attacks that would give the attacker full control of your computer. It should not be used if sensitive information is being stored on the computer.

5. Can I use VPN while I am on-campus?

No, it is not necessary to use VPN service while you are on campus. It is intended only where you are at a remote location and need to access resources on campus securely.

6. I have a particular software installed on my office computer and I would like to use it while I am away. Can I use VPN for this purpose?

Yes, VPN is specifically required for this purpose. You need to configure your office PC for remote control either by PCAnywhere or Remote Desktop Utility. After that you need to connect to CSUDH network via VPN and launch your remote control software to connect to your office PC. Please see Question 4 above to find out how to setup remote control software.

7. I have a firewall installed on my remote computer. Will it cause any problem?

If you have a firewall such as Zone Alarm installed in your remote computer, it is advisable to disable the firewall when you use the Cisco VPN client to connect to CSUDH network. Otherwise the firewall software can interfere with the VPN client software. The Cisco VPN client itself becomes a firewall as long it is in use. When your use the Cisco client, all incoming connection to your PC will be disabled which means nobody can access your PC from the outside. Only outside access is enabled from your PC. This is done to protect your PC from outside attack and also to protect out network. If your remote computer is behind a separate firewall and you want to use Cisco VPN client, then you need to open up UDP port 4500 for the host VPN.CSUDH.EDU on your firewall. This port is also applicable to any integrated firewall in your PC such as Zone Alarm.

8. I have only dialup connection to the Internet and no broadband (DSL, Cable etc). How do I connect using VPN?

First of all, you need to establish an Internet connection by dialing to your ISP (such as aol, earthlink etc.)

Then you can launch the VPN client and establish a secure connection to the CSUDH network.

Note: If you are currently dialing to the CSUDH directly, you cannot use the VPN client. It will only work when you dial to any external ISP.

General Client FAQ

1. I am having problems getting my client to work, what should I do?

See the Installation guide on this website. If that fails, call x2500 to reach the Helpdesk.

Windows

1. Are there currently any known compatibility issues with Windows XP?

Yes, recently a bug in Windows XP has emerged which can cause installation and/or corruption problems. This is a fundamental problem with XP that cannot be worked around inside the current Cisco VPN client. It is fixed with Windows XP service pack 1. It is recommended that you install Service Pack 1 before installing the VPN client. Here is the announcement from Microsoft:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q325072

2. In Windows XP, when I install the client, I get a dialog box warning me that the driver is not signed. What should I do?

It is ok to continue with the installation. Just click ok to continue when prompted.

3. In Windows 95, I get an error about Microsoft DUN (Dial Up Networking) 1.2 not being installed.

This means that you are running a pre-OSR2 release of Windows 95. OSR2 or above is required for the VPN software to work properly. You may be able to update your Windows 95 system with a newer version of DUN to work properly with the VPN software. Please see the following link for more information.

Macintosh

1. Is MacOS 10.2 supported?

Yes, MacOS 10.2 is now supported.

Linux

1. I am using Redhat 7.2 or above. I have installed the client, and when I try to use it it says I am connecting to ..., but goes no further.

You probably have ipchains or iptables running. This is firewall software that Linux activates automatically. You will need add the proper "holes" in the filter list to allow the VPN software to operate. A good way to make sure this is your problem is to issue the following commands as root

/etc/init.d/ipchains stop

/etc/init.d/iptables stop

This will temporarily disable the firewall. If your vpn client can connect afterwards, please make the necessary changes in your ipchains/iptables config.

 

Back to top