VPN information for the College of Engineering

This document is a one-stop-shop for VPN information for the college of Engineering.

What is VPN

 

VPN (Virtual Private Network) is a tool that creates a secure network connection from a public or private network (like a cafe or your home) to another network (UW Or CoE). UW-Madison uses VPN technology to enable remote users to securely connect to certain campus and/or college resources.

A FAQ on CAE VPN can be found here: https://kb.wisc.edu/cae/page.php?id=8312

 

Types of VPN available to the CoE

 

There are two basic types of VPN offered to anyone affiliated with the College of Engineering; WiscVPN and CAE VPN. WiscVPN, also known as Campus VPN allows you to connect to the UW campus network. While some of CAE’s resources are available this way, most require some type of CAE VPN. CAE VPN is further broken down into CoE VPN, License (Sofftware) VPN and Collaborator VPN. 

Wisc VPN:  All UW Madison students, faculty and staff should have access to WiscVPN. In addition to general campus use, WiscVPN can be used to access a few CAE resources, such as filespace and groupspace.     

CoE VPN: The College of Engineering VPN network is automatically given all College of Engineering faculty and staff, and graduate students who have an appointment in the CoE (such as TAs). It allows complete access to engineering resources, as if you were physically connected to the engineering network.

If you are a faculty or staff member, or grad student who does not already have this access, you can activate your access using the information in http://kb.wisc.edu/cae/page.php?id=23424 . CoE VPN is generally not available to undergraduate students.

With CoE VPN, you must log in with your CAE credentials. You will have the option of Full and Split tunnel connections.

Split Tunnel means that only network traffic that is destined for a computer on the UW-Madison campus will be sent through the VPN tunnel.  All other network traffic will travel normally over the internet and will appear to come from your computer's IP address.

Full Tunnel means that *all* internet traffic will travel through the VPN tunnel, regardless of its destination and all of the traffic will appear to come from a College of Engineering IP address.

License VPN: Also known as software VPN, the license VPN is a more restricted version of the CoE VPN. It requires CAE credentials, and only allows a user to connect to the CAE license servers and a few other services, such as groupspace and userspace. License VPN will not allow access to research clusters and other CoE resources. The license VPN is available to undergraduate students, and is a split tunnel connection.

The advantage of this is that students can locally install and run some CAE owned and controlled software while your computer is connected to the network or Internet.

The license VPN must be activated prior to first use. Activation information can be found here: https://kb.wisc.edu/cae/page.php?id=32730

Collaborator VPN: Collaborator VPN is also a special restricted version of the CoE VPN for users that have affiliations in the College of Engineering, but do not have access to UW paid resources. This version will give access to researcher's systems, but will not give access to CAE resources, software, or any other UW paid resources (library, etc.). Because of the software restriction, a collaborator account will not be able to SSH into a CAE Tux lab computer. There are, however, provisions (see below) for those who are used to doing this, but no longer have software/lab access. You must use CAE credentials to log into a collaborator account.

Installing and Using the Engineering VPN


Attention: The College of Engineering VPN network is automatically given all College of Engineering faculty and staff. If you are a faculty or staff member who does not already have this access, you can activate your access in the same way that Engineering graduate students can.   If you are a graduate student in the College of Engineering, you may activate your access using the information in http://kb.wisc.edu/cae/page.php?id=23424 .


 Installing the Cisco AnyConnect Client and Connecting for the First Time

1. Navigate your browser to https://dept-ra-cssc.vpn.wisc.edu/ . You will be presented with a login page. 
 
Login

2. Under the GROUP: option, please select the option that best suits your needs. Engineering_Split (Split Tunnel configuration) will work for most situations, however, Engineering_Full (Full Tunnel configuration) is required in some circumstances. College of Engineering collaborators may use the Engineering_Collaborator option. If you are unsure of which option is best for you, please contact your Department Support Person

Group

3. Log in using your CAE USERNAME: and PASSWORD:.

Username and password

4.In the new prompt that appears, run the Cisco Systems application by selecting Run. If you do not see this prompt, please ensure java is installed by visiting http://java.com/

Run the app

5. Wait while the AnyConnect client is being installed.

6. When completed, you will be informed that the Cisco AnyConnect VPN Client is now connected. Note the icon that will now appear in your system tray. 

vpn_in_tray.png
The Engineering VPN client has now been installed and configured and you have been connected for the first time.



 Upgrading to the new Cisco AnyConnect Client

1. Start the AnyConnect VPN client as normal. 

01_upgrade_vpn.png

2. Change the Connect to: field to say dept-ra-cssc.vpn.wisc.edu

02_upgrade_vpn.png

3. Under the GROUP: option, please select the option that best suits your needs. Engineering_Split (Split Tunnel configuration) will work for most situations, however, Engineering_Full (Full Tunnel configuration) is required in some circumstances. College of Engineering collaborators may use the Engineering_Collaborator option. If you are unsure of which option is best for you, please contact your Department Support Person

03_upgrade_vpn.png

4. Log in using your CAE USERNAME: and PASSWORD:

04_upgrade_vpn.png

5. At this point, you should be presented with a window that reads AnyConnect Secure Mobility Client Downloader

05_upgrade_vpn.png

6. After AnyConnect finishes upgrading itself, you will be logged into the new VPN. You should see AnyConnect show a message above the taskbar that says VPN Connected to UW Dept VPN.

06_upgrade_vpn.png

7. If you click on the lock in your taskbar, you will be presented with the new AnyConnect client.

07_upgrade_vpn.png

8. When you want to disconnect from the VPN, simply click on the Disconnect button.

08_upgrade_vpn.png



In order to comply with software licensing agreements, CAE has changed the authorization process for tethered software. In order to use tethered software, you must use a VPN connection. If you already have CoE VPN, you will not need the software VPN. 

These instructions are for Windows. For Mac instructions, please see: https://kb.wisc.edu/cae/page.php?id=34109
 
 
1. Go to https://forms.my.cae.wisc.edu/softwarelicensevpn to request the VPN access.  Be sure to use your CAE credentials, not your NetID and Password.  Click Login.



     


2. If you do not already have access to software VPN, the following page will appear (you will need to click "Submit"). If you do have access, go to the next screenshot.

 


(After you click Submit, the following page will appear:)


 


If you have already installed Cisco AnyConnect for WiscVPN, please proceed to step 8

3. Wait a few minutes for the update to your account to take effect. Then go to https://dept-ra-cssc.vpn.wisc.edu/

4. From the "Group" drop down menu, select "ENGINEERING_LICENSING", then enter your CAE username and password


 



5. A page will appear telling you that once you are connected, you will have to abide by the UW-Madison Acceptable Use Policy.  Click Continue. 





6.  Once you select continue, you will be redirected to the Cisco AnyConnect installer. 




7. You should be able to run through the installer without a problem.  If you do run into any issues, you can use the same general instructions found here, starting with step 3.   ***If AnyConnect fails to install, check the link below titled "Installing Cisco AnyConnect Manually"***

8. Once the AnyConnect client is installed, connecting to the VPN should be simple. Once you've launched the client, select UW Dept VPN (central campus) from the drop down menu, then click connect.

Note: If you had already installed the VPN client (for WiscVPN or another VPN connection) you may need to enter the following into the connect-to box: "dept-ra-cssc.vpn.wisc.edu"





9.  A window should pop-up, allowing you to select from a large number of Groups.  Select "ENGINEERING_LICENSING" then enter you CAE username and password.






10. At this point, another window may pop up, with the same information found in step 5. Again, click Continue.

  
 


11.  The window at the bottom of the screen should now change to say you are connected.





Important Note

"Collaborators" in the College of Engineering have a set of restrictions on their accounts, primarily due to the terms of software licensing. This includes restrictions on the use of software on CAE lab computers. As a result, collaborators will be unable to access Linux computers using SSVNC;There are, however, other ways to access the CAE server. Without connecting to a VPN, use PuTTY, Terminal, or similar SSH client, connect to "sshvpn.cae.wisc.edu" and log in with your CAE credentials. You will then be connected via SSH to the CAE Linux server.

How to setup the Cisco VPN client with the Collaborator Profile to Access the College of Engineering's VPN service

If you would like detailed instructions on how to install the Cisco AnyConnect VPN client, please see these other Knowledge Base articles:

Collaborator Access

Do you have permission to use the Collaborator profile? While the profile to use the collaborator mode is freely available, there are specific access controls on your account that need to be set before you can use this service. If you are not sure if access has been granted, please contact the CAE Helpdesk at helpdesk@cae.wisc.edu

Install the Cisco AnyConnect VPN Client

Please note that you only need to install the AnyConnect Client once!
  1. Navigate your browser to https://dept-ra-cssc.vpn.wisc.edu/
  2. From the drop-down box next to "GROUP:" , select the item "Engineering_Collaborator" and then enter your CAE username and password. This should give you log you in and allow you to install the Cisco AnyConnect VPN client.

    If the VPN client does not install properly, please contact helpdesk@cae.wisc.edu.

Connect to the Engineering VPN

  1. Start the Cisco AnyConnect Client (right-click on the AnyConnect icon in your tool bar) and select "Engineering_Collaborator" as the Group.
  2. When you are asked for your username and password, enter your CAE ID and then enter the password that is associated with your CAE ID.

Congratulations! If the Engineering VPN accepted your username and password, the connection was successful. If you would like to double-check and confirm that you are using an IP address that is allowed through our firewall, click on the menu item "Status" and then select the option "Statistics".

If the connection was successful, you should see an IP address that is in the range of 10.128.61.1 - 10.128.61.255 listed as the "Client" address under the "Address Information" section of that window.


IMPORTANT: These instructions have been written for the latest version of the WiscVPN AnyConnect client. If you are still using the previous version, it is strongly recommended that you upgrade now. The current version is compatible with all supported versions of Windows and Mac OS X and can be downloaded from http://wiscvpn.doit.wisc.edu.

Note: The AnyConnect installer will not uninstall previous versions of WiscVPN, as both can be installed without issue. However, it is recommended to uninstall any old WiscVPN client software before proceeding.

For automatic WiscVPN installation, you must have Java v1.4 or higher installed on your system otherwise you will be given a download link for manual install. Also, make sure you are not connected to another VPN during the installation process.

If you are using Internet Explorer, you will first need to add "https://wiscvpn.doit.wisc.edu/" to Internet Explorer's list of trusted sites. To do this, follow the directions found here: Internet Explorer - Trusting a Web Site.

  1. Point a web browser to the WiscVPN AnyConnect Page https://wiscvpn.doit.wisc.edu/

  2. Set the Group drop down box to the desired connection type and type in your NetID username/password.
    • IP-pool: dynamic IP
    • IP-pool-OffCampus: dynamic IP, split tunneling
    • IP-static: static IP
    • IP-static-OffCampus: static IP, split tunneling

    For more information on connection types, see WiscVPN - Split Tunneling

    For more information about the difference between dynamic and static IP's as well as how to acquire a static IP, see WiscVPN - Static vs. Dynamic IP Addresses

    If you do not know which connection type to select, use the default IP-Pool option. After you have made a selection and entered your NetID credentials, press the Login button.

  3. The download and installation process should begin automatically. Follow along with any popups that may appear.
    • Firefox:
      • Accept the web site's certificate.

        wiscvpn-java_certificate.PNG
      • Allow the Java applet to run.

        wiscvpn-java_run.PNG
      • Proceeding past the last certificate warning.

    • Internet Explorer:

      • Accept any ActiveX installers that appear.
      • If you do not want to or cannot accept the ActiveX control, you can click the Download button to manually download the installation file.

  4. Once the installer is finished, it will immediately connect you to the WiscVPN server and place an icon in the system tray that looks like:

    The AnyConnect client icon will appear in the taskbar.

    You can disconnect from WiscVPN by clicking the icon and selecting the Disconnect button.

  5. In Windows XP, Vista, and 7, the installer will have created a program in the Start menu called Cisco AnyConnect Secure Mobility Client:

    The Cisco AnyConnect Secure Mobility Client appears under All Programs or Program Files.

    In Windows 8, the installed program can be found under Apps on the Start screen.

    The Cisco AnyConnect Secure Mobility Client appears under All Apps.

The WiscVPN client software is now successfully installed. See the following document to connect: WiscVPN (Windows) - Connecting with the WiscVPN AnyConnect Client


 

Activating VPN

 

As mentioned above, if you don’t already have access to VPN, but you believe you should, the problem may be that your VPN has not been activated. This will only need to be done once.

Instructions for graduate students (CoE VPN) can be found here: https://kb.wisc.edu/cae/page.php?id=23424.

Instructions for undergraduate students (License VPN) can be found here: https://kb.wisc.edu/cae/page.php?id=32730.

 

Troubleshooting

 

Here are some solutions to common problems:

1. AnyConnect fails to install: See manual installation https://kb.wisc.edu/cae/page.php?id=37750

2. AnyConnect installs, but cannot establish connection: Verify that the client is pointed to dept-ra-cssc.vpn.wisc.edu/

3. Cannot access best-tux or Linux lab machine: Collaborators do not have access to lab machines. If you are trying to use best-tux to get to a cluster, see the Important Note in the collaborator doc above (https://kb.wisc.edu/cae/page.php?id=13824) for information on sshvpn.cae.wisc.edu. Collaborator VPN must be running for sshvpn.cae.wisc.edu to work.

4. Linux installation issues: https://kb.wisc.edu/cae/page.php?id=29331

5. Userspace, groupspace and myfiles can all be reached from UWnet, WiscVPN or any of the CoE VPN types.

6. No VPN of any kind is needed for XenApp.

 

Getting Help


Troubleshooting can be split into two categories: Installation of Cisco AnyConnect, and connecting to the COE VPN. In either case, you may contact the CAE Help Desk at helpdesk@cae.wisc.edu. Problems installing/connecting with the AnyConnect client (that is, you are unable to install Cisco AnyConnect and/or connect to Wisc VPN) may be referred to the DoIT Help Desk (help@doit.wisc.edu).

 

Internal use only: https://kb.wisc.edu/cae/internal/page.php?id=59233

See Also:




Keywords:vpn lab computer laptop software collaborator cisco any connect anyconnect license remote CoE   Doc ID:5573
Owner:Noel K.Group:Computer-Aided Engineering
Created:2007-03-18 19:00 CDTUpdated:2016-06-15 09:29 CDT
Sites:Computer-Aided Engineering
Feedback:  0   0