| Table of Contents | ||||
|---|---|---|---|---|
|
...
With the campus VPN in place, it is now possible for IT managers on campus to be more pro-active in securing services. In particular, websites that provide sensitive services can be restricted to campus addresses only, and off-campus access can be provided through the authenticated VPN connection.
...
Using the VPN
Accessing on-campus websites
...
the VPN
...
Accessing campus network resources
...
The Secure client installs as a networking pseudo-device, e.g. "Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64" for 64-bit Windows devices.
The client pseudo-device will be assigned an address in the local General VPN IPv4 or IPv6 range.
The DNS name associated with the dynamic IP address will be vpn-uw-general-IP-address.dynamic.uwaterloo.ca, for example vpn-uw-general-10-40-0-1.campus-dynamic.uwaterloo.ca.
A split-tunnel routing model is used. Traffic to global IP addresses will be routed via the VPN connection, and all other traffic will use the client's normal default route.
The VPN server will not route any non-Waterloo traffic (i.e. global IP addresses) to an off-campus address. A typical user scenario is that after starting the VPN, they can get to campus addresses, but not anywhere else. In this situation the failure is probably on the client-side with its routing setup.
The number of routing hops to an on-campus address will likely be reduced, although the first hop may take more time.