Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
Documentation Index
Networking
VPN
VPN: Cisco Client
Step 1: Download & Install
Step 2: Register VPN Certificate
Step 3: Import the VPN Certificate
Step 4: Create Connection
Step 5: UDP Connection
Step 6: Firewall
Step 7: Windows XP Only
Step 8: Advanced Configuration-Windows Only
Step 9: Establish a Connection
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

Step 2: Register and Download VPN Certificate

Please see the VPN Certificates: Understanding and Managing document for more information on how the VPN service uses certificates for authentication.

  1. Go to http://netreg.net.cmu.edu/
  2. Review the information provided on the Network Registration page and click Enter at the bottom of the display.
  3. Log in at the WebISO screen using your Andrew userID and password. The Network Registration page displays.
  4. Click Register New Machine.
  5. From the Select the Network drop-down list, select the appropriate VPN network (e.g., VPN-General Users, VPN-Library) and click Continue.
    -OR-
    From the Select the Subnet drop-down list, select the appropriate VPN subnet (e.g., VPN-General Users, VPN-Library) and click Continue.

    Which Subnet do I need?

    If you need to access:

    Register in subnet:

    - Library licensed resources
    (ArtSTOR, NetLibrary ebooks, and AP Photo Archive)

    VPN - Library*

    - Windows file shares

    VPN - General Users

    - ACIS services (SIS, DecisionCast, HRIS)

    VPN - General Users
    *VPN-Library Subnet : When you are connected using the VPN-Library network ALL of your Internet traffic is tunneled through the VPN connection. This may reduce performance. If you need to use VPN to access Windows file shares and/or ACIS services, we recommend that you also register within the VPN-General Users subnet.

    Note: If you are not sure which subnet to register in, please check with your system administrator.

  6. In the Hostname field, type a unique hostname for this "machine". We recommend the naming convention of hostnamevpn (e.g., VPNHomeGeneral).
    Note: This hostname must be unique. You cannot use the same hostname that you assigned to a wired or wireless machine registration. Do not use any special characters or symbols.
  7. Click Continue at the bottom of the page.
  8. The Registered Machines page will redisplay with the VPN registration that you JUST added highlighted at the top (xxx.user.vpn.cmu.local or for the VPN-Library network xxx.library.vpn.cmu.edu). Click on the new registration name (i.e., vpnhomegeneral.user.vpn.cmu.local).
  9. Under the Machine Information title bar, click the Manage Certificates link.
  10. The following message displays, click on the Generate new certificate link preceding this message.
  11. The Certificate Authority page displays with your connection hostname (e.g., smithhomevpn) and the number of days until expiration. This defaults to the maximum of 365 days. Click Issue Certificate.
  12. Once the certificate is issued, information about it displays. Under the Download Certificate column, click the Download Certificate link.
  13. Enter an "import" password to encrypt the certificate. You will be asked to enter this password when you import the certificate into the Cisco VPN Client.
  14. Re-enter the password and then click Download Certificate.
  15. The File Download dialog box displays. Click Save to save the file to your machine.
    Note: We recommend that you create a VPN Certificates directory to store your certificate downloads (i.e., from the Save As dialog box, click the Create New Folder icon).
  16. Once your certificate has been downloaded, click Signoff at the top of the NetReg page to signoff and exit the NetReg system.

    Note    : New VPN registrations normally take between 15 and 45 minutes from the time of creation to become fully active.  If you experience connection problems with a newly registered connection, please wait 15 minutes and try again.  If you still cannot connect after 45 minutes from the time of registration, please contact the Computing Services Help Center at x8-HELP(4357) or send email to advisor@andrew.cmu.edu.

next stepStep 3: Import the VPN Certificate

Last Updated: 2/20/08