TSS Links

VPN Connectivity

Overview
UMDNJ campuses network can be accessed from the Internet through a virtual private network (VPN). This enables the user to remotely connect a computer to the campus network in a way which enables that computer to behave as though it were directly attached to the campus network infrastructure. Resources only available computers directly connected to the campus network can be accessed through VPN. These resources include, Remote Desktop to office computers which one could typically not access from the Internet.

Requirements
 To access UMDNJ  network via VPN, the following requirements must be met:

Feel free to send all inquiries to njmsts@umdnj.edu
If you are having problems with your VPN conncetion, download and install, please call the IS&T Help Desk  at 3-3200 or you can send the Help Desk and email at isthelp@umdnj.edu

 

Clientless VPN

UMDNJ’s Web-based VPN utilizes a SSL Based Cisco Application that provides full VPN functionality without having to install a software package for end users running Microsoft Windows XP or Windows 2000 using Internet Explorer only.  There are currently two separate VPN concentrators that available via the web, and the concentrators can be reached at the following web addresses:

Newark Concentrator               -- https://nwvpn.umdnj.edu*

Piscataway Concentrator          -- https://psvpn.umdnj.edu*

(note: The URL’s listed above can only be accessed using https, http will not work as it’s not secure connection. If http is used to access the URL, the user will receive a “page not found” error)

* These sites are only accessible from outside the UMDNJ Network.

The screen shots that follow are what the user should see upon connecting to the web based VPN. For the purpose of capturing screen shots and explanation purposes https://nwvpn.umdnj.edu was used.

Figure 1

Upon establishing a connection to https://nwvpn.umdnj.edu, a Security Alert will appear (Figure 1.) that requires user interaction. Select Yes to proceed to the next screen.

 

Figure 2

After selecting Yes on the Security Alert, you will be prompted to provide login credentials for accessing the WebVPN Services (Figure 2). At this screen the user will input their CORE Account credentials, and select Login.

 

Figure 3

Upon a successful verification of the user’s login information, the screen in Figure 3 will appear. This screen informs the user that a Cisco SSL VPN Client is temporarily being installed on the end users system. The Cisco SSL VPN Client for WebVPN is a thin-client application. The user initializing the connection must have Administrator Level Rights on the local machine. (for terminology see appendix A)

If a user has a pop-up blocker enabled they may encounter an error launching ActiveX.  For users using IE there should be an information bar that shows up when the ActiveX process tries to run. By clicking on the information bar where it says click here, the user should be able to allow access to the ActiveX process.

 

 

Figure 4

Figure 4 is the Security Alert that was referenced in Figure 3. Click yes to proceed with the thin-client configuration.  

Figure 5

Figure 5 displays the progress bar for the download and extraction of the thin-client.

Figure 6

Figure 6 is what is displayed when the thin-client configuration has been completed.

Figure 7

When the thin-client has been configured, a SSL VPN Server Certificate will be issued to the client’s machine. The client’s local machine will produce the screen seen in Figure 7. To continue the client must click Yes, after clicking Yes, the user will then be prompted with the following screen:

 

Figure 8

After clicking on OK, the system will proceed to establish the SSL VPN connection, as seen in Figure 9.

Figure 9

Figure 10

As the SSL VPN Connection has been established, the user must click Yes to accept a certificate (figure 10), once this certificate has been accepted the user will be connected to the UMDNJ network.

Terminology

 

Thin-Client: A thin client is an application program that communicates with an application server and relies for most significant elements of its business logic on a separate piece of software, an application server, typically running on a host computer located nearby in a LAN or at a distance on a WAN or MAN.

A thin client does most of its processing on a central server/device with as little hardware and software as possible at the user's location, and as much as possible at some centralized managed site.

Certificate: (also known as a public key certificate)  In cryptography, a public key certificate is a certificate which uses a digital signature to bind together a public key with an identity , information such as the name of a person or organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.

In a typical public key infrastructure (PKI), the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (self-signed certificate) or other users ("endorsements").

VPN:  A virtual private network (VPN) is a private communications network usually used within a company, or by several different companies or organizations, to communicate over a wider network. VPN message traffic can be carried over a public networking infrastructure (e.g. the Internet) on top of standard protocols, or over a private network with a defined Service Level Agreement (SLA) between the VPN customer and the VPN service provider.

VPN involves two parts: the protected or "inside" network, which provides physical and administrative security to protect the transmission; and a less trustworthy, "outside" network or segment (usually through the Internet). Generally, a firewall sits between a remote user's workstation or client and the host network or server. As the user's client establishes the communication with the firewall, the client may pass authentication data to an authentication service inside the perimeter. A known trusted person, sometimes only when using trusted devices, can be provided with appropriate security privileges to access resources not available to general users.

Concentrator:  In telecommunication, the term concentrator has the following meanings:

In data transmission, a functional unit that permits a common path to handle more data sources than there are channels currently available within the path. A concentrator usually provides communication capability between many low-speed, usually asynchronous channels and one or more high-speed, usually synchronous channels. Usually different speeds, codes, and protocols can be accommodated on the low-speed side. The low-speed channels usually operate in contention and require buffering.

A device that connects a number of circuits, which are not all used at once, to a smaller group of circuits for economy.

ISP usually use concentrators to enable modem dialin, this kind of concentrator is sometimes called a modem concentrator or a remote access concentrator.

SSL:  Secure Socket Layer is a cryptographic protocol which provides secure communications on the Internet for such things as e-mail, faxing, and other transfers.

SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use, only the server is authenticated, while the client remains unauthenticated; mutual authentication requires public key infrastructure (PKI) deployment to clients. The protocols allow client/server applications to communicate in a way designed to prevent eavesdropping, tampering, and message forgery.