Table of Contents
Introduction
Virtual Private Network (VPN) provides a secure connection between your computer and the resources available at your home institution. In the case of SLAC, we offer a VPN service that permits authorized users to gain visibility of SLAC network resources from outside of SLAC. This includes the SLAC Visitor Wireless network.
This page documents the use of the SLAC VPN service.
Requirements
- You must have a SLAC Windows account
- You must have a SLAC VPN account, and agree to the usage policies outlined
- The following operating systems are currently supported:
- Windows XP SP3
- Windows Vista
- Windows 7 SP1
- Mac OSX Snow Leopard
- Linux
Connecting to SLAC's VPN
The instructions below are for Windows.
Connecting to SLAC's VPN Using Linux
Connecting to SLAC's VPN Using Macintosh
Open a Web Browser to our VPN Gateway
In order to connect to SLAV's VPN, you must have the AnyConnect software installed. By going to the following webpage, we can check to make sure you have the correct software installed and configured (and up to date), and provide an automated install if it is not.
- Goto:
https://vpn.slac.stanford.edu - Please note the http*s*
Your web browser should come up with the following series of screens
Allow Cisco Secure Desktop to Check Your System
The web page will instantiate a java applet so that it may check your system for the presence of the AnyConnect software.
This may bring up a dialog box which will prompt you to run the application or not.
- If you do not wish to see this dialog again in the future, select 'Always trust content from this publisher'
- Click on 'Run' to allow the applet to scan your system
Log In
The following web page will be presented upon the initial system scan:
- Enter your provided VPN credentials.
- For an account, goto SLAC VPN Accounts
Agree to the Banner
Upon successful login, a banner will be shown on the webpage.
- Click Continue
Initiate the AnyConnect Client
A webpage that offers various methods to access the SLAC VPN services will be presented.
- Click on 'Start AnyConnect'
Install the AnyConnect Software (if required)
If you have problems installing the AnyConnect Client, please refer to the Troubleshooting section of this document.
If necessary (either because it is your first time accessing SLAC's VPN, or if there is a new version of the AnyConnect client), the web page will present that the AnyConnect software needs to be installed.
- If you do not wish to see this dialog again in the future, select 'Always trust content from this publish'
- Click on 'Run' to install the AnyConnect Client onto your system.
Editing the hostname within the VPN client.
- If the hostname does not appear in the VPN client, i.e. it appears as:
then you can manually enter the following hostname: Number
Hostname
Description
1
fwvpn1.slac.stanford.edu
load-balanced main hostname
2
fwvpn2.slac.stanford.edu
load-balanced secondary hostname
You have connected to SLAC's VPN Service
Upon successful VPN negotiation, you should get the following popup from AnyConnect showing that you have connected to SLAC's VPN service
- you may close this webpage.
Disconnecting from the SLAC VPN
The AnyConnect client exists as a tray icon; you can get to it from the System tray next to the clock in the bottom right of your screen.
- To disconnect click on 'Disconnect'
Frequently Asked Questions (FAQs)
What are the timeouts on the VPN connection?
There is a fixed timeout of 8 hours after which your VPN connection is disconnected. There is also a non-activity timeout of 20 minutes which takes effect if no network traffic passes for 20 minutes. If you have a legitimate requirement for a VPN connection which is not subject to these timeouts, please contact net-admin@slac.stanford.edu to request an exception. Your VPN will also be disconnected if your system goes to sleep. IT Department Support can assist you if you need to adjust the sleep settings of your system, they can be contacted at itds-support@slac.stanford.edu .
I'm using Mac OSX, can I use SLAC's VPN Service?
Yes, please follow these instructions:
Connecting to SLAC's VPN Using Macintosh
Can I Connect to SLAC's VPN with my Linux Machine?
Yes, please follow these instructions:
[Connecting to SLAC's VPN Using Linux|https://confluence.slac.stanford.edu/display/netmanpub/Connecting+to+SLAC+VPN+Using+Linux]
I want to connect my Smart Phone to SLAC's VPN
This is not yet supported, but iPhone connections (via IPSec) are planned in the near future. Android and Windows Mobile connectivity are on our roadmap.
Can I access the K: disk?
Currently you cannot access this disk. Once the service is better understood this will be reviewed.
Can I access PeopleSoft?
Access to PeopleSoft is not currently available via the new VPN. Once the service is better understood, this will be reviewed.
Can I access the license server?
The license server is very fragile. There are many failure modes, and most vendors have not upgraded to more recent flexlm versions that are more reliable, nor to support alternative license servers when one fails or needs to be restarted due to upgrades/patching/failure. Also serving a license across a VPN may be a license violation (e.g. if the licenses is limited to a site). For more on this see VPN and license server. At the moment it appears to work, however there are no guarantees.
Can I use RDP
You should be able to access RDP. If not please report this with details as a problem to net-admin@slac.stanford.edu.
Can I access Confluence?
You should be able to access Confluence. If not please report this with details as a problem to net-admin.
Does all traffic go via VPN or does SLAC traffic go direct?
Once connected to our VPN service, policy states that all traffic will go through SLAC. We do not use split tunneling.
I could not ping vpn.slac.stanford.edu
You can't ping the vpn servers directly if you have established a VPN connection. You should be able to ping www.slac.stanford.edu to test your connection.