IS1504 VPN: Using the WebVPN SSL Client Page 1 of 10 VPN: Using the WebVPN SSL Client This document outlines the process for using the WebVPN SSL client with Internet Explorer and Firefox User Guide IS1504 1. Introduction The WebVPN SSL Client does not require the manual installation of a client. You only need a compatible web browser, a UoN username and password. The WebVPN SSL Client is certified by Cisco as being compatible with Microsoft Internet Explorer and Mozilla Firefox. The WebVPN SSL Client is a feature offered in the current Cisco VPN code. You have the option of downloading the WebVPN SSL client when connecting to the University VPN service with your Windows-based computer. The WebVPN SSL client is downloaded and installed on the PC at login. It creates an encrypted tunnel (128-bit) between the PC and the VPN service. The PC obtains an IP address from the VPN service through the WebVPN SSL client after successful login and appears as a workstation within the campus network. The WebVPN SSL client is automatically uninstalled when you end the VPN session. If not version qualified, any references to Internet Explorer (IE) are to version 6. Modifications to the procedures for IE7 are documented in IS1509 which should be read in conjunction with this document. If not version qualified, any references to Firefox (FF) are to version 2. The actions required for Firefox 3 are similar but screens may look different. 2a. Configuring Internet Explorer (IE) Using the WebVPN SSL client is made easier if you add the external address of the VPN Concentrator to IE s list of Trusted Sites. You only need to do this the first time you use WebVPN SSL client on a PC with IE. In IE, Select Internet Options from the Tools menu. Click on the Security Tab
IS1504 VPN: Using the WebVPN SSL Client Page 2 of 10 Click on the Trusted Sites icon (Green circle with tick).
IS1504 VPN: Using the WebVPN SSL Client Page 3 of 10 Click on the [Sites] button.
IS1504 VPN: Using the WebVPN SSL Client Page 4 of 10 Type https://vpn.nottingham.ac.uk into the Add this Web site to the zone box and then click the [Add] button. Note the use of https and not http. Click on [OK] to return to the original IE display. You have now added the VPN Concentrator as a trusted site. This will simplify the use of the WebVPN SSL client and does not compromise the security of your PC. 2b. Configuring Firefox (FF) Using the WebVPN SSL client is made easier if the external address of the VPN Concentrator is trusted by FF. You only need to do this the first time you use WebVPN SSL client on a PC with FF. This configuration is based on a default installation of Firefox from http://www.mozilla.com/en-us/firefox/ In FF, from the Tools menu select Options. Click on the Contents tab. Click on the [Exceptions ] button adjacent to the Block popup windows option and add vpn.nottingham.ac.uk as a valid exception.
IS1504 VPN: Using the WebVPN SSL Client Page 5 of 10 Click [Close] Click on the Security tab and cllick on the [Exceptions ] button adjacent to the Warn me when sites try to install add-ons option and add vpn.nottingham.ac.uk as a valid exception.
IS1504 VPN: Using the WebVPN SSL Client Page 6 of 10 Click [Close]. Click [OK] to close the options menu.
IS1504 VPN: Using the WebVPN SSL Client Page 7 of 10 3a. Running SSL WebVPN for the first time with FF On running the the SSL WebVPN Client for the first time you will be prompted to take action over two certificates. Both should be permanently accepted to make future use of the client easier. Click [Always].
IS1504 VPN: Using the WebVPN SSL Client Page 8 of 10 Click [Always]. 3b. Running SSL WebVPN To use the WebVPN SSL Client, point your browser at: https://vpn.nottingham.ac.uk A WebVPN login box then appears. Use your University username and password. The Screen will change to something like the one below and after a few seconds the ActiveX control will start to be installed unless you click on the link to skip the installation of the SSL Client. Printed on recycled paper Next review: 29 Jan 10
IS1504 VPN: Using the WebVPN SSL Client Page 9 of 10 The download takes a few seconds depending on the speed of your Internet connection. The final step is a prompt to determine if you wish to enable concurrent access to both your local network and the UoN network. You should only allow access to the local network if you completely trust it and you need concurrent access to resources on it. A typical example would be a small home network with an IP-connected printer. The network in a hotel would not be considered to be trusted Click on either [Yes] or [No]. If you click on [Yes] you will have simultaneous access to your local network and the UoN network. If you click [No] you will only see the UoN network. When the secure tunnel has been established the display will minimise to a key icon in the toolbar. Printed on recycled paper Next review: 29 Jan 10
IS1504 VPN: Using the WebVPN SSL Client Page 10 of 10 At this point you are now connected to UoN with a UoN address. 4. Browsing to non-uon sites If you want to access non-uon websites while connected to the VPN you will have to configure IE to use the UoN proxies. 5. Ending the connection It is important that you end the VPN session when you no longer need it. Right-click on the key icon and select Disconnect from the pop-up context menu or double click on the key icon and select the [Disconnect] button from the displayed box. Printed on recycled paper Next review: 29 Jan 10