VPN

Windows client

Installation

Staff usage

Student usage

Uninstall

Macintosh client

Installation

Staff usage

Student usage

Uninstall

Further information

FAQs

Contacts

FAQs

Q1. Do I need to use the VPN if I dial-in to La Trobe's modems?

No. When dialling-in to the La Trobe University modems your computer receives a La Trobe IP address (an IP address that starts with 131.172 or 149.144). The VPN is only required when using a computer that does not have a La Trobe IP address.

Q2. Why can't I get the VPN to work?

The VPN requires a working internet connection. This can be confirmed by opening your web browser and opening La Trobe University's home page. Failure to display the web page usually indicates a network problem with either your ISP or La Trobe University. Access to La Trobe University's VPN service will not be available until the network problem is resolved.

If you are able to access La Trobe University's home page but still encountering problems with the VPN please follow the instructions below.

• Check that your username and password are correct. Usernames should be entered in the format of LTU\username
• Make sure the VPN has been installed correctly. Try reinstalling the VPN client and rebooting your computer
• Check whether a newer version of the VPN client is available. If so, install this newer VPN client

If you are still unable to make a successful VPN connection and wish to report the problem to your local IT support staff make sure you include the following information:

1. Your IP address
2. Your user name
3. The exact time and date you tried to connect
4. The error message you received
5. Your operating system
6. Which version of the VPN client you are using

Q3. When or why do I need a VPN connection?

If you are a La Trobe University staff member or student working from a site not directly connected to the University network, but require access to La Trobe IT services through the Internet, you will need a VPN connection to protect and safeguard transmission of sensitive data.

Also certain services such as SAP, ESS or PCMS are accessible only if you are on the La Trobe network. The VPN connection makes your client machine appear like any other node on the La Trobe network, and thus freely access University IT resources after proper authorisation.

Q4. Does the VPN work when the client is behind a NAT gateway?

Yes.

Q5. What firewall ports might I need to open to use the VPN?

Transparent tunnelling allows secure transmission between the VPN Client and a secure gateway through a router serving as a firewall, which may also be performing Network Address Translation (NAT) or Port Address Translations (PAT). If your firewall requires manual configuration you may need to open the following ports:

• UDP port 500 (ISAKMP/IPSEC Key Management)
• UDP+TCP port 10000 (Encapsulated [NAT Support])
• UDP port 4500 (NAT Traversal)

Q6. What happens to my Internet connection and my home network?

When accessing La Trobe University's VPN a device is directly connected to La Trobe University's network. ALL network traffic is directed through La Trobe University's network.

For security reasons all direct connections to other networks will be disabled. Access to other networks will only be made through La Trobe University's network. This means there will be limited access for some network applications as per La Trobe University's security policy.

Some affected network functions include:

• File sharing outside of La Trobe University
• Access to home LAN's (ie other computers and printers on a home network).

See below for information on how to:

• access the internet when the VPN is active
• access the La Trobe University Exchange server when the VPN is active

Q7. What happens to the BigPond Cable heartbeat signal?

The VPN has been configured to allow the BigPond Cable heartbeat signal to continue to function when the VPN is active.

Q8. How can I access the internet from my ISP when the VPN is active?

When using the VPN client software your computer becomes part of La Trobe University's network. All computers at La Trobe University must use the La Trobe University proxy server to access the internet. The proxy settings for La Trobe University can be found at the Proxy Information website .

ICT strongly suggests that normal Internet browsing NOT be done while connected to the VPN. Instead, normal internet browsing should be performed using the normal home/ISP connection.

Important: Write down your existing ISP proxy settings before changing them to La Trobe University's proxy settings. After you have finished using the VPN client change your proxy settings back to your original ISP's settings.

Q9. How can I access La Trobe University's Exchange server (email) when the VPN is active?

Please refer to the Email Access and Support website. For further assistance please refer to your local IT support staff.

Q10. Are there any time limits on VPN connections?

A VPN connection will automatically disconnect after:

• 30 minutes idle time
• 3 hours connection time

Q11. Can I use AppleTalk to access AppleShare servers through the VPN?

No. The VPN only supports IP, not AppleTalk.

Q12. Can I delete the icon for the VPN Client in the Startup menu?

The VPN icon in the Startup menu is only used when the option to Start Before Logon is chosen (for the VPN client). If this option is not being used the icon can be removed from the Startup menu. If you wish to use the option after the icon has been removed please re-install the client.

Q13. How do I turn on logging?

To help resolve VPN problems you may be asked to turn on logging.
If you are using the Windows VPN client:

• Close the VPN client if it is open
• Edit the vpnclient.ini file where the VPN client was installed (usually C:\Program Files\Cisco Systems\VPN Client)
• Find the following line: EnableLog=0
• Change the 0 to a 1 (so the line now reads EnableLog=1)
• Start the VPN client
• Logs will be stored in the Logs directory where the VPN client was installed (usually C:\Program Files\Cisco Systems\VPN Client\Logs)
• Logging should be turned off when no longer required by changing the EnableLog=1 line in the vpnclient.ini file to EnableLog=0

If you are using the Macintosh VPN client:

• Close the VPN client if it is open
• Edit the vpnclient.ini file where the VPN client was installed (usually /etc/CiscoSystemsVPNClient/)
• Find the following line: EnableLog=0
• Change the 0 to a 1 (so the line now reads EnableLog=1)
• Start the VPN client
• Logs will be stored in the Logs directory where the VPN client was installed (usually /etc/CiscoSystemsVPNClient/Logs)
• Logging should be turned off when no longer required by changing the EnableLog=1 line in the vpnclient.ini file to EnableLog=0