Google+
ITS and UVa logos for printed output

More Secure Network (MSN)

Troubleshooting


User VPN sessions are timing out on the More Secure Network

If users with VPN configurations that were working perfectly before they were migrated to the More Secure Network are now seeing their connections time out and disconnect, you need to install one of the newer ITS VPN client releases. The newer releases contain profiles that are configured to work correctly behind firewalls. You should delete old VPN profiles before you install the new VPN client. That will ensure that users don't accidentally use an old profile, and still have problems when on the More Secure Network. The VPN installer will update old profiles of the same name as the new ones but it cannot delete some of the very old profiles that still exist on some users' workstations.

Information on downloading and installing the software you need is available from the VPN site.

I'm an LSP with access to the Network Tools and I can't find a computer that I plan to move.

When using the Network Tools to search for a computer you are planning to migrate to the More Secure Network, you may find that the system is unable to locate the computer. This problem is often caused simply by not waiting long enough before attempting to migrate the computer. Computers are located on the network via a large-database driven system that polls the various network elements to create a database that maps computers to network ports on switches. Once you turn on a computer it can take 30 to 60 minutes for the system to be able to discover the device on the network and record it in the database.

I'm having problems getting the VPN to work with the Windows firewall enabled.

When you enable the Windows firewall, it breaks many of the VPN profiles that come preconfigured with ITS's VPN installation. The default settings for the Microsoft firewall prevent the Cisco VPN client from operating properly. Run the ITS Network Setup Tool on the user's workstation and it will adjust the firewall correctly to allow VPN communication..

I occasionally hear from my users that they needed to change the VPN client Transparent Tunnel settings for the VPN to work from some locations.

While traveling or using some new network to connect to the Internet, users may report that the VPN will not connect and they are unable to use the service. The Cisco VPN client is able to use several different mechanisms to tunnel network traffic over the Internet, however, and changing the mechanism can make the connection work.

The default UVA setting uses a Transparent Tunnel setting of IPSec over TCP. This default makes much of the VPN client's network traffic look like Web requests and works in the largest number of network situations. If the VPN connection does not work from some new location with this setting, we recommend that you try the IPSec over UDP setting next. This setting will work in some cases where the default setting does not and will fail in some cases where the default settings work. You can make the change from the VPN Client's Connection Entries -> Modify -> Transport tab. You can also try disabling Transparent Tunneling completely if neither of the other settings work.

My users would like to connect to the More Secure Network using wireless. Is this possible?

It is possible to connect to the More Secure Network using "jefferson" wireless access. It is important that users connecting via this method understand and abide by the responsibilities noted on this site. Instructions are available for Windows and and Macintosh OS X.

Remember that while VPN sessions can be established via most network connections, not all Internet access networks are compatible with VPN technology. That appears to be true especially with regard to networks in some hotels. You should expect that there will be some networks where you will not be able to make the VPN connection work.

Users of the JointVPN or Oracle Special Services VPN report what appears to be intermittent access to their certificate

In these cases, the VPN client complains that it is unable to find the user's certificate for use with the Joint VPN or Oracle Special Services VPN. The user's certificate is stored on the iKey hardware token, and the token must be plugged into the USB port before the VPN client is started. Plugging the hardware token into the USB port and waiting a few seconds before starting the VPN client allows the software time to register the user's certificate with the operating system, where the VPN client can find and use it. The VPN client looks for certificates only when it is first started.

  Page Updated: Tuesday 2017-10-10 16:12:07 EDT