The VPN-secured wireless network
|Policy||Departments can operate their own wireless
Ethernet, but it must be secured to prevent unauthorized use of the
IU network. Beginning in June 2001, UITS offers a centralized mechanism
for securing wireless. Departments can choose to allow UITS to manage
its wireless equipment using this security system. The equipment must
be supported by UITS (as of 6/01Lucent 500 and 1000 and Cisco Aeronet
access points were supported). The access point must have a dedicated
data jack, that is, it cannot be connected via a hub or switch.
If departments choose to manage their own wireless network, it must be secured in the manner specified in the document http://www.indiana.edu/~uits/telecom/data/wirelesspol.html
The VPN-secured wireless network places all secured wireless access points on a campus (currently IUB and IUPUI campuses) on a single subnet use VLAN technology. The only router off the subnet is a VPN server. Use of the VPN server requires authentication using an ADS account, the successor to the IUB and IUPUI NT domain accounts. Once authenticated, traffic between the wireless laptop and the VPN server is encrypted with an encryption key unique to the user.
The protocol currently supported by the VPN server is the Point-to-Point Tunneling Protocol (PPTP). MS-Chap v2 is the strongly recommended authentication protocol, but MS-Chap v1 is supported for Macintosh clients.
|Current Status||The VPN-secured wireless network is undergoing final testing by UITS staff and will be a production service sometime in June 2001.|
|Knowledge Base||The IU Knowledge Base has articles describing how to install the PPTP software. Go to the KB (http://kb.indiana.edu/) search for "VPN" and pick the article referring to your operating system.||Problem analysis, problem reporting||
Once you have installed the PPTP software as outlined in the Knowledge Base, you should be able to create a PPTP "tunnel session" with the VPN server. If you cannot, check that your wireless card is in communication with the wireless access point. If you are communicating with a wireless access point, make sure it is one that is on the VPN-secured wireless network. If it is, the network name your wireless client reports will be IUB-Secure or IUPUI-Secure. If this is the case, you may want to call the IUB support center at 855-6789 or the IUPUI support center at 274-4357 for help.
Advanced users may wish to check a few more items. For starters, determine that you received a DHCP lease using Start\Run\Ipconfig or Winipcfg. If so, see if you have DNS services via the command "nslookup www.cisco.com. Also, see if you can ping the VPN gateway: iub-wireless-vpn.indiana.edu or iupui-wireless-vpn.iupui.edu, depending on your campus
|Required Software||To use the VPN-secured wireless network, you must install PPTP software on your laptop. For information on obtaining and installing PPTP clients, search the Knowledge Base for "VPN" for details.|