Table of Contents
Introduction
Virtual Private Network (VPN) provides a secure connection between your computer and the resources available at your home institution. In the case of SLAC, we offer a VPN service that permits authorized users to gain visibility of SLAC network resources from outside of SLAC. This includes the SLAC Visitor Wireless network.
This page documents the use of the SLAC VPN service.
Implementation
SLAC utilizes Cisco's Remote Access VPN line of products and specifically requires the use of Cisco's AnyConnect software.
In order to connect to SLAC's VPN, a user must install the AnyConnect client. This allows SLAC to enforce certain access restrictions and checks that the user's computer is not running a keylogger, that the user is not running an unsupported version of Windows (95, 98, ME), and enforces an access control list (ACL) to limit access.
Requirements
- You must have a SLAC VPN account, and agree to the usage policies outlined
- The following operating systems are currently supported:
- Windows XP SP3
- Windows Vista
- Windows 7 SP1
- Mac OSX 10.6.7
- Linux
This guide uses Windows Internet Explorer; however, the steps are the same for Mac and Linux with other internet browsers such as Safari, Firefox and Chrome.
Connecting to SLAC's VPN
Open a Web Browser to our VPN Gateway
In order to connect to SLAV's VPN, you must have the AnyConnect software installed. By going to the following webpage, we can check to make sure you have the correct software installed and configured (and up to date), and provide an automated install if it is not.
- Goto:
https://fwvpn1.slac.stanford.edu - Please note the http*s*
Your web browser should come up with the following series of screens
Allow Cisco Secure Desktop to Check Your System
The web page will instantiate a java applet so that it may check your system for the presence of the AnyConnect software.
This may bring up a dialog box which will prompt you to run the application or not.
- If you do not wish to see this dialog again in the future, select 'Always trust content from this publish'
- Click on 'Run' to allow the applet to scan your system
Log In
The following web page will be presented upon the initial system scan:
- Enter your provided VPN credentials.
- For an account, goto SLAC VPN Accounts
Agree to the Banner
Upon successful login, a banner will be shown on the webpage.
- Click Continue
Initiate the AnyConnect Client
A webpage that offers various methods to access the SLAC VPN services will be presented.
- Click on 'Start AnyConnect'
Install the AnyConnect Software (if required)
If necessary (either because it is your first time accessing SLAC's VPN, or if there is a new version of the AnyConnect client), the web page will present that the AnyConnect software needs to be installed.
- If you do not wish to see this dialog again in the future, select 'Always trust content from this publish'
- Click on 'Run' to install the AnyConnect Client onto your system.
Editing the hostname within the VPN client.
- If the hostname does not appear in the VPN client, you can manually enter one of the following hostnames:
Number
Hostname
Description
1
vpn.slac.stanford.edu
load-balanced main hostname
2
fwvpn1.slac.stanford.edu
host number 1
3
fwvpn2.slac.stanford.edu
host number 2
You have connected to SLAC's VPN Service
Upon successful VPN negotiation, you should get the following popup from AnyConnect showing that you have connected to SLAC's VPN service
- you may close this webpage.
Disconnecting from the SLAC VPN
The AnyConnect client exists as a tray icon; you can get to it from the System tray next to the clock in the bottom right of your screen.
- To disconnect click on 'Disconnect'
Frequently Asked Questions (FAQ)
I Get a 'AnyConnect client install failed' Error
Depending on which operating system version you are using, a manual install of the AnyConnect client may be required. If you get the following error, you must manually install the AnyConnect client.
To manually install the client, do the following:
- Download the binary from the webpage
- Locate the binary file that has been downloaded; you can do this from the 'Open Folder' button on the download dialog.
- The AnyConnect client binary install will have a file in the format of
anyconnect-win-*.exe. - Right click on the binary file to get the contextual menu up, and select 'Run as Administrator'
- Follow the installation prompts, agreeing where ever it asks
- Refresh the webpage and the AnyConnect Client should automatically instantiate and connect you to SLAC's VPN.
I'm using Internet Explorer and I get a 'AnyConnect client install failed'
Under Windows 7, ActiveX controls enable Trusted Sites to assume Administrative access. If you get the following page upon logging into SLAC's VPN, then you need to do the following:
- Under IE's Tools menu, select
Options -> Security -> Trusted Sites - Add the following to the list
Refresh the webpage and the AnyConnect Client should automatically instantiate and connect you to SLAC's VPN.
I'm using Linux, can I use SLAC's VPN Service?
Yes, please follow the instructions as outlined above.
In order to install the AnyConnect Client, you must have sudo or root access to your Linux machine. You must also manually download the AnyConnect Client.
I'm using Mac OSX, can I use SLAC's VPN Service?
Yes, please follow the instructions outlined above.
When installing the AnyConnect Client, the following prompt will come up asking for permission to install the software onto your mac:
- Enter your username and password for your Mac and click 'OK'
- After a while, the AnyConnect software will be automatically installed and you will be connected to SLAC's VPN.
I want to connect my Smart Phone to SLAC's VPN
This is not yet supported, but iPhone connections (via IPSec) are planned in the near future. Android and Windows Mobile connectivity are on our roadmap.
What are the timeouts on the VPN connection?
There is a fixed timeout of 8 hours after which your VPN connection is disconnected. There is also a non-activity timeout of 20 minutes.
Can I access the K\: disk?
Currently you cannot access this disk. Once the service is better understood this will be reviewed.