VPN Client Setup
Windows VPN CLients
MAC VPN CLients
What is VPN?
Virtual Private Network. Communicates from remote network to private network.
Why do we need it?
Securely access computers, files, connecting Outlook to Exchange remotely.
How do I set it up?
There are several different VPN clients to use.
What info is needed?
Local user or domain login, public IP/domain name, VPN group name, pre-shared key, username, and password.
LDAP – Allows applications running on almost any platform to obtain directory info.
RADIUS – Authenticates to a RADIUS server installed on Active Directory.
Local Accounts – Uses local user accounts on the firewall itself.
When is it billable?
VPN client installs are non-billable. Troubleshooting connections are billable.
Public vs Private IPs
There are static and dynamic addresses.
Public IPs face outward to the internet.
Private IPs are for internal networks.
Profile Configuration File. Automatically configures VPN client when imported.
TCP and UDP
Transmission Control Protocol (TCP) is a connection-oriented protocol.
User Datagram Protocol (UDP) is a connectionless protocol.
TCP will wait for information if it gets lost during delivery. UDP will not.
How the connection process unfolds
Establishing a connection
Try the VPN connection on your computer
The client only partially installs
Check to see if there is an error code
Uninstall the client
Clear temp files
Remove other VPN clients*
Status stuck on “Connecting”
Ping Public IP or VPN domain name
New ISP or other ISP issue
Connectivity at remote location
192.168.0.x on both remote and office locations
See if their AV blocks communication
See if their firewall blocks communication
Find out if ports are blocked
Open Command Prompt
Type telnet PublicIPAddress port
Common VPN ports
Allow inbound and outbound ports
Start > Control Panel > Windows Firewall > Advanced Settings > Inbound Rules (or Outbound Rules) >
New Rule > Select Port > Click Next > Select which protocol (TCP or UDP) > Select Specific local ports > Type port or port range > Click Next > Select Allow the connection > Click Next > Select Domain, Private, and Public > Click Next > Name the rule > Click Finish >
Cannot get past the group name or username screen
Case sensitive usernames
VPN connects, but there is no access to anything
Same subnet or wrong subnet
192.168.0.x on both office and remote locations
APIPA address – 169.254.x.x
Connect by IP or Fully Qualified Domain Name
Servername.domain.local instead of servername
Reinstall the VPN client.
Remove VPN client
Consult Tier 2
Less common issues (Example: DNE Update for Cisco)
Connecting to a firewall
Find the information to connect to a firewall
Put the IP address into a browser
May need to specify https:// and/or port number
Common ports: 8080 and 4443.
Setting up a local user in the firewall
Local versus AD accounts
LDAP not supported
Few users allowed
Not using Active Directory
|ADPreferred authorization method
Less hassle on user’s end
Connect to Sonicwall Navigate to:
Users > Local Users > Add User… > Enter username and password > Go to Groups tab >
Check Groups – Everyone, Trusted Users, and VPN
Highlight group name
Click the right arrow below to send it to Member Of:
Go to VPN Access tab
Go to VPN Access tab
Find “Firewalled Subnets” under Networks and Highlight it
Click the right arrow below to send it to the Access List
Connect to Cisco Navigate to:
Remote Access VPN
Enter username and password
Set privilege to No ASDM, SSH, Telnet, or Console access
Escalate to Tier 2
Domain User Setup
Setting up or modifying a domain user
Suggested account setup
Username = (First initial of first name)(last name)
Password = Password1
Uncheck all settings
Uses Routing and Remote Access
Active Directory group
Local firewall user
VPNs on laptops
Will not affect work functionality
How users might ask
“I need to get to my folders”
Could mean desktop folders (RDP)
Could mean server folders (Mapped Drives)
Can they access the resources they were calling in about?