Difference: WebProxy (6 vs. 7)

Revision 72020-08-26 - WilliamSeligman

Line: 1 to 1
 
META TOPICPARENT name="Computing"
Changed:
<
<

Secure connections at Nevis

>
>

Secure web connections

 
Changed:
<
<
While you work inside Nevis, your computers are protected by our firewall. When you use a system outside of Nevis, you can still take advantage of our network security by making a secure connection. There are two types available:
  • A web proxy
  • VPN (Virtual Private Network)
>
>
While you work inside Nevis, your computers are protected by our firewall. When you use a system outside of Nevis, you can still take advantage of our network security by making a secure connection. There are two types available: a web proxy, and VPN. This page discusses two forms of web proxies:

  • proxy.nevis.columbia.edu, a way to route all your web browser's traffic securely;
  • WebVPN, to make individual secure connections within your web browser.
 

Web proxies

Line: 127 to 128
 

Connect to the firewall via your web browser.

Changed:
<
<
The URL is https://129.236.255.60
>
>
The URL is https://vpn.nevis.columbia.edu
  If you see a message about certificates, indicate that you accept it.

At the screen, you'll be prompted for the username and password you created during the previous step. Type the URL of the web page you want to visit in the Cisco screen. Note the icons which will be, by default, on the top right-hand corner of every page; tooltips will appear when you hover the mouse over them.

Deleted:
<
<

VPN network connection

Why use VPN?

By using VPN, you can establish a direct connection to the local network at Nevis from the outside.

Normally, to access a machine on the local network, you use ssh to login to one of the workgroup servers, then ssh again to the local machine. But there are times when this become inconvenient or complicated; e.g., accessing a Windows machine at Nevis. A VPN connection can be a simpler solution.

Here are the steps; the first two only have to be done once.

Create a VPN account

This is the same account/procedure as with the firewall's proxy above: You can stop by the office of WilliamSeligman (room 116) at Nevis; it takes about three minutes to create a VPN account on the firewall. An alternative is to e-mail me and arrange for an account. Don't tell me your Nevis password! Instead, I'll probably assign you a random password using the apg command.

Configure a VPN client.

If you don't have a Macintosh running Snow Leopard or later, you'll have to get and configure the VPN client program from CIsco.

Install the Cisco VPN client

Download the version of the client for your operating system. You'll have to go through the procedure of registering as a Guest user on the Cisco web site. Follow Cisco's instructions to install the software.

Using the VPN client

On the Cisco VPN client, you need to create a new connection:

Connection Entry - can be anything; e.g., "Nevis"
Description - again, can be anything or left blank
Host - 129.236.255.60

Group Authentication
Name: Nevis
Password: higgsino
Confirm Password: higgsino

Then click on "Connect". Enter your VPN account name and password.

Mac VPN client

One-time configuration

Open System Preferences > Network and click on the + symbol. Add a VPN Interface of type "Cisco IPsec", give it a good new name (I used VPN (Nevis)), and click on "Create".

Server address: 129.236.255.60
Click on "Authentication Settings"
Shared secret: higgsino
Group Name: Nevis
Click "OK"
Account name = the VPN account name created on the firewall
Leave the password blank; the server will prompt for it each time even if you fill this in.
Click on "Connect"

Using the built-in Mac VPN client

It is a good idea to click on "Show VPN status in menu bar". You get a one-click solution to open a VPN connection. Otherwise, you'll have to go to the Network Preferences Pane and click on the "Connect" button each time.

That's it. You should now be able to directly connect to any system on the local network; e.g., winnie.nevis.columbia.edu.

 \ No newline at end of file
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback