Frequently Asked Questions

1. User VPN sessions are timing out on the More Secure Network
2. I'm an LSP with access to the Network Tools and I can't find a computer that I want to move
3. I'm having problems getting the VPN to work with the Windows XP SP2 firewall enabled
4. I occasionally hear from my users that they needed to change the VPN client Transparent Tunnel settings for the VPN to work from some locations (hotels, new wireless services, etc)
5. My users would like to connect to the More Secure network using wireless. Is this possible?
6. Users of the JointVPN or Oracle Special Services VPN report what appears to be intermittent access to their certificate

1. User VPN sessions are timing out on the More Secure Network

   Problem: Users with VPN configurations that were working perfectly before they were migrated to the More Secure Network are now seeing their connections time out and disconnect.

   Solution: Install one of the newer ITC VPN client releases. The newer client releases contain profiles that are configured to work correctly behind firewalls. Please note that we recommend that you delete old VPN profiles before you install the new VPN client. This will ensure that users don't accidently use an old profile and still have problems when on the More Secure network. The VPN installer will update old profiles of the same name as the new ones but it can not delete some of the quite old profiles that do still exist on some user's workstations. Please email ITC if you are migrating Oracle Special Services VPN users to the More Secure network so that we can provide a new copy of the special profile.

   Information on downloading and installing the software is available from the ITC VPN site.

2. I'm an LSP with access to the Network Tools and I can't find a computer that I want to move.

   Problem: When I search for a computer using the Network Tools, the system is unable to locate the computer that I want to migrate to the More Secure network.

   Solution: This problem is often caused simply by the LSP not waiting long enough before attempting to move the computer. Computers are located on the network via a large database driven system that polls the various network elements to create a database that maps computers to network ports on switches. You can not simply turn on a computer and expect the system to be able to immediately locate the device. It can take 30 to 60 minutes for a new device to be discovered on the network and recorded in the database.

3. I'm having problems getting the VPN to work with the Windows XP SP2 firewall enabled.

   Problem: When I enable the Windows XP Service Pack 2 firewall, it breaks many of the VPN profiles that come preconfigured with ITC's VPN installed.

   Solution: The default settings for the Microsoft firewall prevent the Cisco VPN client from operating properly. ITC Microcomputer Systems has put together a simple Windows XP SP2 Firewall Script that can be run on the user's workstation to configure the Windows firewall to function properly with the Cisco VPN client.

4. I occasionally hear from my users that they needed to change the VPN client Transparent Tunnel settings for the VPN to work from some locations (hotels, new wireless services, etc).

   Problem: While traveling or using some new network to connect to the Internet, users report that the VPN will not connect and they are unable to use the service.

   Solution: The Cisco VPN client is able to use several different mechanisms to tunnel network traffic over the Internet. The default UVa setting uses a Transparent Tunnel setting of IPSec over TCP. This default makes much of the VPN client's network traffic look like Web requests and works in the largest number of network situations. If the VPN connection does not work from some new location with this setting, we recommend that you try the IPSec over UDP setting next. This setting will work in some cases where the default setting does not and will fail in some cases where the default settings do work. You make this change from the VPN Client's Connection Entries / Modify / Transport tab. You can also try disabling Transparent Tunneling completely if neither of the other settings work.

5. My users would like to connect to the More Secure Network using wireless. Is this possible?

   Problem: Users would like to connect to the More Secure Network via wireless.

   Solution: It is possible to connect to the More Secure Network using "jefferson" wireless access. It is important that users connecting via this method understand and abide by the responsibilities noted on this site. Instructions are available for Windows XP and Macintosh OSX.

   Remember that while VPN sessions can be established via most network connections, not all Internet access networks are compatible with VPN technology. This appears to be especially true of the networks in some hotels. You should expect that there will be some networks where you will not be able to make the VPN connection work.

6. Users of the JointVPN or Oracle Special Services VPN report what appears to Users of the JointVPN or Oracle Special Services VPN report what appears to be intermittent access to their certificate

   Problem: The VPN client complains that it is unable to find the user's certificate for use with the Joint VPN or Oracle Special Services VPN.

   Solution: The user's certificate is stored onthe iKey hardware token and the hardware token must be plugged into the USB port before the VPN client is started. Plugging in the iKey hardware token into the USB port and waiting a few seconds before starting the VPN client allows the software time to register the user's certificate with the operating system where the VPN client can find and use it. The VPN client only looks for certificates when it is first started.