Contents Contents 1 Purpose of this document and audience... 1 Revision history... 1 Definitions... 1 Process overview... 1 Concepts... 2 VPN access... 2 Hard-wired or wireless... 2 Connection speed... 2 Security while remote... 2 Assumptions... 3 Procedures for Vista... 3 VPN Logon... 3 Procedure for XP... 6 VPN Logon... 6 Troubleshooting... 7 Copyright RKCAA Page i
Purpose of this document and audience Purpose of this document and audience Revision history This document is to provide a guide on how to logon to the RKCAA VPN using MUVPN software. Any user that requires VPN access using RKCAA equipment should read this document. Date of revision Changes Made by 25-Jan-2010 Initial release Shane Muellemann 28-Jan-2010 Revise/update Felicia King Definitions VPN Virtual Private Network MUVPN Mobile User Virtual Private Network RKCAA Racine/Kenosha Community Action Agency WEP Wired Equivalent Privacy WPA Wi-Fi Protected Access WPA2 Wi-Fi Protected Access version 2 Process overview Create a VPN connection using the WatchGuard client software. Log in using the standard log in process for RKCAA while connected to the RKCAA through the VPN. Copyright RKCAA Page 1
Concepts Concepts VPN access VPN allows for a person working remotely (not at an agency site) to have a user experience with their agency-provided laptop which is nearly identical to being onsite at their office. The VPN gives the person access to their internal agency drive mappings, applications, and other resources. While connected to the VPN you will still have the ability to access the internet through a web browser as well as logon to your email with Outlook. NOTE: VPN is NOT required to use email. Hard-wired or wireless In order for the VPN to give you a nearly identical to onsite user experience, it must be established before you logon to the laptop. As a result, many wireless connections will not work with it. Many wireless connections only establish AFTER you logon to your computer. So you can try to use the VPN with your home wireless connection, but realize that it may not work. If it does not work, you must connect an Ethernet cable between your home network equipment and the laptop. Connection speed Due to varying types and quality of connections from remote sites, each connection speed and quality may vary. If you are at home and have a good connection, you may not see much of a difference than being at the office. If you are at a hotel using their provided internet connection, you may see a very slow response over the VPN. Please remember that these conditions will vary from location to location. Security while remote While coffee shops and restaurants offer free internet access, it does come at a cost. While connected to these networks you are open to others being able to see your workstation on the network leaving the workstation open to be compromised. For this reason RKCAA equipment should not connect to free wireless access points provided by these organizations. Wireless in the home has become very common. If you have wireless at home, is it secure? There are two protocols available with wireless routers, WEP and WPA. The WEP protocol is no longer secure and can be cracked within a few minutes regardless of how good your password is. WPA2 is a newer protocol that is replacing the WPA protocol. The WPA2 protocol is the preferred protocol, but understand it is not compatible with older devices. It should work with all agency-provided laptops. Even with a strong encryption protocol, the wireless passphrase still needs to be very strong. Copyright RKCAA Page 2
Assumptions If you have a wireless router and wireless enabled, it is recommended that you have the IT department verify your security settings. Either the IT department can verify onsite, or the IT department can install software allowing a remote session that allows us to verify settings while the user is at home. Assumptions IT department has installed MUVPN client software on the laptop Person is using RKCAA-provided computer Person has access to the internet Your user account has been granted authority to use the VPN Laptop is running Windows Vista or XP Procedures for Vista VPN Logon 1. Connect a network cable between your computer and the network equipment of the remote network. This could be your home router. 2. Boot the laptop. Only RKCAA equipment will be setup to connect to the RKCAA network through the VPN. 3. When the laptop has booted and initial RKCAA Attention screen has appeared click OK to go to the logon screen. 4. When the logon screen is available click on Switch User. Copyright RKCAA Page 3
Procedures for Vista 5. Click on the WatchGuard Mobile VP icon. 6. Check the Enable lead time for domain logon. This value does not remain as checked. It must be checked each time you use the VPN. 7. Click Connect. 8. The VPN connection software will run the processes required to connect. Once the VPN is established, you will be brought back to the logon screen with the Copyright RKCAA Page 4
Procedures for Vista Dell and WatchGuard icons. Click the Dell Wave Secure Login. 9. Logon as you would in the office using your username and password. 10. Once the logon has processed, you have access to your Home folder and Data drive as you would in the office. 11. There is a DOS window that is open when you first logon. This window will close automatically when the processes are done. Please do not close this window. This is the window that provides the drive mappings to you. 12. There is a WatchGuard monitor window open on your screen. When you are done click on Connection and select Disconnect. This window will show whether you are connected or not. If the Connection indicator is red you are disconnected. 13. We recommend staying connected until you are ready to shut down, and then disconnect the VPN, and shut down your computer as you normally would. Copyright RKCAA Page 5
Procedure for XP Procedure for XP VPN Logon 1. Connect a network cable between your computer and the network equipment of the remote network. This could be your home router or the network connection in your hotel room. 2. Boot the laptop. Only RKCAA equipment will be setup to connect to the RKCAA network through the VPN. 3. When the workstation has booted, you will see the MUVPN window. 4. Select the Domain Logon via a VP connection and check the Enable lead time for domain logon. Click OK. 5. A new window will prompt your username and password. Enter your login information as you would in the office and click OK. Copyright RKCAA Page 6
Troubleshooting 6. A process will run and bring you back to the Windows login screen. Press Ctrl-Alt-Del to log in and enter your log in information. 7. Once the logon has processed, you have access to your Home folder and Data drive as you would in the office. 8. There is a DOS window that is open when you first logon. This window will close automatically when the processes are done. Please do not close this window. This is the window that provides the drive mappings to you. 9. There is a WatchGuard monitor window open on your screen. When you are done click on Connection and select Disconnect. This window will show whether you are connected or not. If the Connection indicator is red you are disconnected. 10. We recommend staying connected until you are ready to shut down, and then disconnect the VPN, and shut down your computer as you normally would. Troubleshooting You don t have access to your home drive or data drive. Check the mobile VPN monitor and verify you are connected. Copyright RKCAA Page 7
Troubleshooting Monitor shows you are disconnected. Log off and go through the process again. You cannot connect to the VPN. Verify you have internet access. Go to www.google.com. After disconnecting from the VPN, you don t have internet access or access to your email. Reboot your workstation. When the VPN is created it enters specific network settings and those settings are not reset or refreshed when the VPN is disconnected. This is why we recommend staying connected until you are ready to shut down. Copyright RKCAA Page 8