Remote Connectivity: VPN FAQ
If you don’t understand or are unsure of the meaning of any technical
terms contained in these FAQs, please visit http://en.wikipedia.org up-to-date technical and acronym definitions.
If you still can't solve your problem, here is how you can get additional assitance:
Students: Call ITS Customer Support at 514-4100, option 2, or send email to itscs@its.ucsf.edu.
Campus Faculty & Staff: Contact your Department’s Computer Support Coordinator (CSC).
MedicalCenter Staff: Call the IT Customer Support Center at 514-4100, option 1, or submit a support ticket to Online Customer Support at http://help.ucsf.edu. NOTE TO VENDORS: Please direct questions to your Departmental Contact.
Technical FAQs
How do I get the correct VPN Client?
Visit: http://its.ucsf.edu/services/VPN_survey/login.jsp once you have been notified of your VPN account to obtain the VPN Client software and documentation.
What operating systems work with VPN?
- VPN runs on Windows 98, ME, NT, 2000 and XP
- VPN runs on Mac OS 9.x through OS 10.4.x
What do I need to do to use VPN once I have my account?
To use VPN you need to:
- Subscribe to an Internet Service Provider (ISP) such as AT&T.
- Download VPN Client software as described in FAQ 4
Can I use VPN to access the UCSF network and/or departmental resources if my computer is located on another organization’s network that is behind a firewall?
Yes, if the following protocols are allowed through the firewall:
- Protocol 17 (UDP) source/destination port 500
- Protocol 50 (ESP)
- IPSec Pass-through enabled.
However, this may require co-ordination with the other organization’s IT department to configure their firewall/router to allow the protocols required for VPN to function. Please contact the other organization’s IT Manager and ITS Customer Support to coordinate the required modifications.
Why does my VPN Client software download take so long?
The speed of the download depends on your ISP (Internet Service Provider). A dial-up connection will be slower than a DSL or cable connection.
I already have a VPN Client installed on my PC. I want to make sure there will be no software compatibility issues. What vendor supplies the UCSF VPN software?
The current VPN Client for Windows is Nortel Contivity VPN Client. The current VPN Client for Macintosh is Netlock Extranet Access. Typically, there will be compatibility issues if other IPSec-based VPN Clients (i.e. CISCO VPN) are installed on the same computer.
What should I do if I receive the error message "Negotiation with switch failed" when I try to connect to the VPN server?
If you have a router you may need to upgrade the firmware. Contact the manufacturer for firmware upgrades.
If you have a software firewall (i.e. ZoneAlarm, McAffee, or Norton), as a troubleshooting step temporarily disable the firewall to see if you are able to connect. If you successfully connect to UCSF then you will need to configure your software firewall to allow the VPN Client to operate. Contact the vendor of your software firewall for information on configuration.
Does VPN allow split tunneling?
No. VPN does not allow split tunneling due to UCSF security policy.
Why do I receive the error message: “Maximum Sessions Exceeded”?
This error message indicates you have two VPN sessions running that were not disconnected properly, (i. e. you did not log out of one VPN session before logging into another VPN session). You will need to wait up to fifteen minutes for one of the VPN sessions to automatically timeout so you can log into a new VPN session.
My VPN session automatically quits on me. Is there an automatic timeout for a VPN session?
Yes. If your VPN session is idle for sixty (60) minutes your session will automatically be disconnected.
Windows-Specific FAQs
Can I use the Contivity VPN Client with Windows 2000?
For students, there should be no issues related to using the Contivity VPN Client with Windows 2000.
For faculty and staff, if you’re using Windows 2000 and need to access departmental resources, you need to use version 4.86 with nGina enabled. nGina is a new feature that establishes the VPN tunnel and passes domain authentication through once the tunnel is established and you are connected to the UCSF network.
Can I access VPN on a Windows PC attached to my home LAN using Microsoft Internet Connection Sharing?
No. The Contivity VPN Client does not support Microsoft’s Internet Connection Sharing.
Will I lose wireless capability if I uninstall Intel Proset on my laptop?
You will not lose wireless capability if you uninstall Intel Proset. Windows XP has automatic location switching built into the operating system. In Windows 2000 you will lose automatic location switching and you will have to manually set up each location. If you need assistance with this contact ITS Customer Support at 514-4100, option 2.
Macintosh-Specific FAQs
What version of the Apple Airport Base Station is supported by VPN?
Only the Airport II (white) and Airport Extreme (Chrome Apple) base stations are supported by Netlock VPN. The first (gray) version is not supported.
Does VPN support DHCP routing/NAT through my Apple Airport Base Station?
All versions of Macintosh VPN Clients currently distributed by ITS support DHCP/NAT through the Apple Airport Base Stations as well as most common home DSL routers, both wired and wireless.
What should I do if I receive the error message “Negotiation with switch failed” when I try to connect to the VPN server?
This error is usually caused by other third party extensions conflicting with the extensions for the VPN Client on Mac OS 8 & 9.
If you are using Pretty Good Privacy (PGP) you must turn off all extensions. Some third party modem extensions may also cause problems. You can disable the modem extensions to test whether or not they are interfering with the VPN tunnel. (Go to Control Panel/Extension Manager to locate these extensions.) Then test the VPN connection to verify a tunnel can be established.
If you are using a home router or an Airport Base Station you may need to upgrade the firmware.
I am experiencing problems using EarthLink DSL on my Macintosh when connecting with VPN. What should I do to resolve problems using EarthLink DSL on my Macintosh?
Nortel has a fix for this problem for Macintoshes running version 9.x or earlier. Go to http://www.apani.com/support.html. Enter “MacPoet” in the “Answer Contains” field and click on “Start Search”. You will be taken to a page that explains the issue and contains the link to download the fix.
Macintosh OS X has a built-in PPPoE client and no longer requires the patch.
Other Operating System FAQs
Can Linux or UNIX systems use the VPN?
At this time software is provided for some Linux distributions. At this time no other UNIX or *NIX Like platforms are supported.
Can mobile devices use the VPN?
No, mobile devices are not currently supported by the Nortel VPN system.
|
home
