You are here

Introducing the SMU SSL VPN

Overview

When faculty and staff are away from campus they often need to connect with servers back at SMU to do their work. When this work involves sensitive information, it is important that the Internet connection back to SMU be secure.

The SMU SSL VPN service provides SMU faculty and staff with a way to connect securely to the SMU campus network. This VPN connection works from any location, whether in Oakland, or anywhere around the world.

When you need to connect your computer to SMU's network remotely, using the SSL VPN service offers these advantages:

  • Your computer will be given a secure path onto the SMU campus network. If you handle sensitive data as part of your work or research, a secure connection is important.
  • Your computer will appear to have an IP address local to the SMU campus network. This allows you to connect to resources such as library databases that may require your computer to use an SMU campus address in order to gain access.
  • You can use services that may have been restricted at SMU's border. For instance, for security reasons, SMU currently blocks access to Microsoft services when computers connect to SMU from off-campus. Other on-campus services, including departmental ones, may restrict which "ports" or services function. The SSL VPN may allow you to overcome such restrictions.

The service uses a product from Cisco Any Connect called Secure Access SSL VPN.

Upgrade notice

As of Tuesday, January 31, 2012, the IPSEC VPN service will be upgraded to SSL VPN to improve support for Microsoft Windows 7.

Anyone using the IPSEC VPN Service will need to upgrade in order to access SMU resources remotely.

The new SSL VPN service that we operate - regardless of the operating system used (Windows, Mac) - will need to download and install new client software (in the form of a Java applet). The installation will require Administrator privileges. If you do not have Administrator rights please contact your system administrator for help with this installation.

Who can access SMU's SSL VPN?

The SSL VPN service is available for all regular faculty, staff at SMU.
Requests for access by other users not fitting into the above categories, should be made by contacting the Network Services Team

Virtual VPN service

The primary applications for the virtual VPN service are:

  • Ability to authorize a limited set of user ids or to use a local authentication server, e.g. to restrict to departmental staff only.
  • Availability of a dedicated IP address range, which can be added to local system firewalls for remote access needs.

Downloading the VPN software (administrator privileges required)

When necessary, (first time use or re-installation necessary), the SSL VPN service will prompt you through the steps necessary to install a Java "applet" from Cisco Systems that will allow you to connect using the SSL VPN service.

When the install is necessary, you must be logged into an account with Administrator privileges in order to install the Java applet. For future connections, you may use accounts with limited privileges. (However, when the ITS Network team installs a newer version of the Java client software, you will need to log in with Administrator privileges once again. Once the new applet is installed, you will be able to connect again.)

Your SMU SSL VPN tunnel and security

SMU's SSL VPN works by creating what is known as a "tunnel." When the tunnel is created, all of your Internet traffic will travel via SMU's SSL VPN. From there your data will continue to and from its destination(s) whether on campus or elsewhere on the global Internet.

Please understand the limitations of your VPN tunnel. It provides you secure access to SMU's campus network, but it does not ensure an encrypted path between you and the servers your department may host. Think of the SSL VPN service as a way to gain the same security you'd have if your computer was physically on campus. If you need end-to-end security -- between you and the servers you trust -- then work with ITS administrators to ensure end-to-end security. For instance, if you work with sensitive data over the Web, be sure your communications are secure end-to-end.

End-to-end security is important. If you aren't sure if your connection is secure, ask questions until you are comfortable that your communications are encrypted as they should be.

Supported Operating Systems and Browsers

The Cisco SSL VPN applet supports a variety of operating systems, Web client works on various versions of Windows, MacOS X, and Linux.
As of Tuesday, January 31, 2012, the IPSEC VPN service will be upgraded to SSL VPN to improve support for Microsoft Windows 7.

Following is a list of platforms that are known or expected to work with the Cisco SSL VPN applet Note that we have not tested all combinations. Also note that the product works under various versions of Linux, but we can provide only limited support for Linux use of this product.

  • Windows 7: Internet Explorer 6.0, 7.0, 8.0; Firefox 2.0, 3.0, 3.5
  • Windows Vista: Internet Explorer 6.0, 7.0, 8.0; Firefox 2.0, 3.0, 3.5
  • Windows XP SP2 and SP3: Internet Explorer 6.0, 7.0, 8.0; Firefox 2.0, 3.0, 3.5
  • Windows 2000 Professional SP4: Internet Explorer 6.0, 7.0, 8.0; Firefox 2.0, 3.0, 3.5
  • Mac OS X 10.7.x Lion: Safari 5.0 and above running Sun JVM 5
  • Mac OS X 10.7.x Lion: Safari 5.0 and above, running Sun JRE 6
  • Mac OS X 10.6.x Snow Leopard: Safari 1.0 and above running Sun JVM 5
  • Mac OS X 10.5.x Leopard: Safari 2.0 and above, running Sun JRE 6
  • Mac OS X 10.5.x Leopard: Safari 1.1 and above, running Sun JVM 5
  • Mac OS X 10.4.3 Tiger: Safari 2.0 and above, running Sun JRE 5
  • Mac OS X 10.4.x Tiger: Safari 1.1 and above, running Sun JVM 5
  • Mac OS X 10.3.x Panther: Safari 1.1 and above, running Sun JVM 5

Download

To download client Click here: https://sslvpn.samuelmerritt.edu

 

Marcus Walton, CCNAS
Network Services Manager
Samuel Merritt University