Summary: If you need to connect to UCInet from off campus, Virtual Private Network (VPN) may be the solution for you. VPN allows you to connect to on campus-only resources like the Library and encrypts the information you are sending over the network, protecting your data.
Peer-to-peer file sharing services and other high-bandwidth applications should not be used while using the VPN service. You may be automatically blocked from using the VPN if your bandwidth exceeds the maximum bandwidth limit.
Note: Regarding the Windows 8 RT plaform, at this time there are no Cisco VPN Client's available.
Note: AnyConnect VPN users, on inital start up type vpn.nacs.uci.edu in the "connect to window" of the AnyConnect client and press Enter to connect.
|AnyConnect Client||Current Version||Updated|
|Windows 7/Vista/XP AnyConnect 32/64 bit||3.0.08057||August 28, 2012|
|Mac OS X 10.5 - 10.8 AnyConnect Intel 32/64 bit||3.0.08057||August 28, 2012|
|Mac OS X 10.5-10.6 AnyConnect PPC||2.5.3054||August 26, 2011|
|Linux AnyConnect 32/64 bit||3.0.08057||August 28, 2012|
|Windows 7/Vista 64 bit||5.0.07.0290||June 28, 2010|
|Windows 7/Vista/XP 32bit||5.0.07.0290||June 28, 2010|
|Windows 2000/2003||4.8.01.0300||July 24, 2007|
|Mac OS 10.4 - 10.6||4.9.01.0280||April 8, 2011|
Network Traffic Encryption
When you connect to another site using a VPN, your traffic is encrypted so that if anyone intercepts the traffic, they cannot see what you are doing unless they can break the encryption. Your traffic is encrypted from your computer through the network to the VPN concentrator hardware at UCI. At that point the traffic is un-encrypted and sent out over the campus network. If you are using software like ssh, your traffic on the campus network is still encrypted because ssh encrypts its traffic.
Access UCI Resources
When you are using a VPN connection, it will appear to systems on campus that you are also on campus - you will have a UCI IP address instead of the one you have at home (Cox, AT&T, PacBell, etc). This allows you to connect to resources that you would not be able to from home, and bypass any port blocking at the campus border router.
Windows File Shares
The VPN offers a way for authorized users to mount Microsoft Windows file shares from off campus. As of November 5th, 2002, a VPN is required to use "shares" from outside of UCInet because of special port blockades.
You need VPN if:
You don't need VPN if:
Downsides to using VPN if it is not needed.
UCI has two types of VPN tunnels, a "split" tunnel and a "full" tunnel.
The "split" tunnel only sends traffic destined for UCI over the VPN connection. All other traffic goes through your normal cable modem/dsl connection. Use the "split" tunnel for connections to and from UCI only. If you are using online Library resources, use the "full" tunnel.
It allows you to talk directly to the Internet, but when your machine "talks" to UCI network addresses the traffic is put through the established VPN tunnel to the UCI VPN node, where it is decrypted and given a UCInet network address.
This is useful for people who need access to things at UCI which require a UCInet IP address (such as connecting to a system that restricts access to UCI hosts only), or to use services which are blocked for security reasons at the campus firewall (such as NetBIOS ports, used in mounting shared drives and other ports used by Microsoft Windows). Only traffic to/from UCI is sent through the VPN connection, so if you were to access Yahoo, it would go through your regular network connection (cable modem, dsl, etc).
The "full" tunnel sends all your internet traffic through the VPN connection, and then out to the internet through UCI's connection.
The "full" tunnel is useful for people who need to access sites off-campus that need a UCI IP address to allow access to a resource. The UCI Library has links to resources such as these. If you wanted to access the Oxford English Dictionary (OED), you can't get to it with a split tunnel because it's off campus and your off-campus packets aren't network address translated to UCI addresses. By using the "full" tunnel, this problem is circumvented. However, note that *all* your traffic is sent through the VPN connection and then out UCI's internet connection.
You should use the "full" tunnel VPN connection with care since heavy use can cause an increase in UCI's internet connection costs, and is likely slower than the split tunnel method.
Once you bring up your VPN client and initiate a connection, you will remain connected as long as you're actively using it. If the connection is idle for one hour, it will "timeout". If you are not going to use your computer, it is best to take down the connection yourself, to free-up a tunnel for someone else to use. In either case, when you later come back to your computer you will need to re-initiate a connection if you still need to use the VPN.
There is a limit of 2 VPN tunnels which may be simultaneously established under one UCInetID.
The campus VPN provides off-campus users access to university resources not normally available to remote users and is thus a critical resource. The VPN appliance handles connections for all users through the same 100 Mb interface. Users of bandwidth-intensive applications that are not related to the University's academic mission can detrimentally impact other users on the VPN.
For this reason, Gnutella, Kazaa, Bit Torrent, E-Donkey, and other peer to peer (p2p) file sharing programs (as well as internet gaming and other recreational, high-bandwidth applications) are not allowed on the VPN.
188.8.131.52 - 184.108.40.206