Remote Access End Guide (Cisco VPN Client)

advertisement
Remote Access End User Guide
(Cisco VPN Client)
Confidential
Contents
1
INTRODUCTION ................................................................................................................................ 3
2
AUDIENCE ......................................................................................................................................... 3
3
CONNECTING TO N3 VPN (N3-12-1) OR EXTENDED VPN CLIENT ............................................. 3
4
DISCONNECTING FROM N3 VPN (N3-12-1) AND EXTENDED VPN CLIENT ............................... 4
5
USEFUL INFORMATION (N3-12-1) AND EXTENDED VPN ............................................................ 4
5.1
5.2
5.3
5.4
5.5
5.6
5.7
6
NEW PIN MODE ............................................................................................................................ 4
NEXT PASSCODE PROMPT.......................................................................................................... 6
LOST TOKEN ................................................................................................................................. 6
BROKEN TOKEN ............................................................................................................................ 6
UNABLE TO ACCESS N3 VIA THE VPN ............................................................................................ 6
OPERATING SYSTEMS SUPPORTED ................................................................................................ 6
VPN CLIENTS ............................................................................................................................... 6
REVOKING THE USER ..................................................................................................................... 6
File: 116095548
Issue N3SP-TEC-TDT-Error!
2 of 6
Reference source not found.: 17 June 2007
©British Telecommunications Plc 2006
Confidential
1 Introduction
This document outlines how to use the Remote Access VPN. This version covers the single user
VPN solution catalogue item N3-12-1 and the Extended VPN using Cisco VPN client software. The
requisite components are the Cisco VPN client and the RSA SecurID token.
The N3-12-1 VPN solution encrypts the data from the end user device to the N3 VPN Gateway. If the
end user accesses the local LAN using this remote access method it must be noted that the data will
not be encrypted between the users local LAN and the N3 VPN gateway. Security from the VPN
Gateway to the local services or LAN is the responsibility of the NHS LEGAL ENTITY and is not a part
of this VPN Remote access solution.
The Extended VPN solution encrypts the data traffic from the end user device to the designated end
customer site LAN on N3 network. In the Extended VPN solution, a VPN tunnel is established from the
VPN client on the end user device to the N3 VPN Gateway. The VPN tunnel is then extended from the
N3 VPN Gateway to the router (CPE) on the designated customer site inside N3 network.
Audience
This guide is intended for persons using the already installed and configured N3 VPN Client with
the N3-12-1 (VPN Remote Access) or Extended VPN catalogue service. It is intended as a user
guide for the service. The intended audience is expected to be familiar with using the Microsoft
Windows operating system.
Connecting to N3 VPN (N3-12-1) or Extended VPN Client
Switch on the Laptop/PC. To Launch the VPN either click on the “Cisco VPN Client” icon on the
desktop or from the Start Menu, select “Start, All Programs, Cisco Systems VPN Client, Cisco VPN
Client”.
If the RSA SecurID token is new or in “New PIN” mode, a new PIN number will need to be
associated with the token. Follow instructions below (Useful Information, New PIN Mode.)
Otherwise, the user will need the PIN number associated with the token to proceed.
If the VPN client has been configured there will at least be an entry listed below the “Connection Entry”
column. Depending on the type of service the name of the entry will either be “N3 Remote Access” or
“N3 Extended VPN”. Highlight the VPN Entry and click ‘Connect’, the VPN Client User authentication
window will be displayed. Enter the ‘Username’, given by BT. Under the password please enter the PIN
number followed by the number displayed on the RSA SecurID and click OK. While entering the
password please ensure that that there is no character, including space, between the PIN number and
the number displayed on RSA SecureID
File: 116095548
Issue N3SP-TEC-TDT-Error!
3 of 6
Reference source not found.: 17 June 2007
©British Telecommunications Plc 2006
Confidential
Once the VPN successfully authenticates the connection, the Cisco VPN Client minimises itself to the
system tray and a locked padlock icon will be displayed. The Laptop/Pc is now connected to N3
network and further access will be determined by the type of VPN connection.
Disconnecting from N3 VPN (N3-12-6) and Extended VPN
Client
To disconnect from the VPN, double click on the Cisco VPN client icon in the system tray near the
clock. A dialog window will be displayed. Click the disconnect button to exit the Cisco VPN Client.
Click Yes to acknowledge the disconnection and finish.
Useful Information (N3-12-6) and Extended VPN
New PIN Mode
If the token is in “New PIN” mode, select a PIN and associate it with the token in order to
authenticate the connection. When the token is first received, it would usually be in the “New PIN”
mode.
PINs must be four (4) to eight (8) characters in length and must consist of just numeric digits (0
through 9) Memorise the PIN. Do not write it down or reveal it to anyone.
File: 116095548
Issue N3SP-TEC-TDT-Error!
4 of 6
Reference source not found.: 17 June 2007
©British Telecommunications Plc 2006
Confidential
New PIN registration process:
Click “Connect,” enter the Username and Password (only the number displayed on the RSA SecurID)
and click “OK.”
Next, a prompt appears to set a new PIN. Click ‘y’ in the Password field to set your own PIN number
and click “OK”.
Enter and confirm the PIN to set the PIN and connect to the VPN.
Now the new PIN number will be associated with the token. The PIN number will be required for all
subsequent connections.
File: 116095548
Issue N3SP-TEC-TDT-Error!
5 of 6
Reference source not found.: 17 June 2007
©British Telecommunications Plc 2006
Confidential
Next PASSCODE Prompt
Enter Next PASSCODE:" This error occurs when your SecurID card is out of sync or 'Next
Token Mode' is ON. When you get this prompt, you will need to enter the next code
displayed on your SecurID without your 4-digit PIN number. Enter the next number
displayed on your SecurID card at this prompt and click OK you should then be logged into
the VPN as normal and your SecurID will also be resynchronized.
Lost Token
Any lost SecurID tokens should be reported to the Local NHS Helpdesk as soon as
possible to avoid possible security issues.
Broken Token
If the SecurID token is not generating a new number or is displaying 888888, call the local
NHS helpdesk so that a replacement token may be organised.
Unable to Access N3 via the VPN
Before reporting a problem with N3 VPN connectivity to the local helpdesk, it is important to
check that the Internet access is working and all cable connections are correct. Double
click on the Internet icon and browse to a web page (Preferably one not recently accessed
to avoid sites that are stored in memory)
Operating Systems Supported
Windows 2000
Windows XP
VPN Clients
N3SP is aware that it is possible to obtain VPN Clients for Operating Systems and devices
other than those currently supported by the above services. VPN Clients are available from
Cisco and could be used, for example, with Mac’s and various hand held devices.
However, these are not supported by N3SP. It should also be noted that some of these
VPN Clients are not free and would need to be purchased. N3SP accepts no liability for
such VPN Clients and cannot guarantee in any way their ability to work.
Revoking the User
If the remote user token has been lost, stolen or comprised please inform the N3 Helpdesk, who will
then revoke it.
File: 116095548
Issue N3SP-TEC-TDT-Error!
6 of 6
Reference source not found.: 17 June 2007
©British Telecommunications Plc 2006
Download