A user establishes the VPN connection by opening a web browser and logging in at the start page found at https://vpn.emory.edu (See Figure 1).
The F5 solution uses standard SSL to establish a connection to the remote network. A wide variety of platforms and browsers are supported. See F5 Firepass SSL VPN overview for a current list.
Figure 1: F5 SSL VPN Logon Page
Depending on the access granted to a particular individual, the user will get one of two possible screens after a successful logon. Those with access to the Admin Core will get a screen with two network choices (See Figure 2), while everyone else will get a screen with just one choice (See Figure 3).
Figure 2: F5 SSL VPN Screen for Admin Core Users
Admin Core users should be careful to select the correct Network Access from this screen. If they are attempt to access the Admin Core from an on campus location, then they should select Admin Core Remote Access Only From On or Off Campus. If they select the other option while they are on campus, then all of their internal Emory traffic will be routed through F5 VPN, even if it is not bound for the Admin Core, creating inefficiencies for one's own traffic and unnecessary congestion on the VPN server.
Admin Core users who connect from an off campus location may select either option but should select Emory University Remote Network Access INCLUDING Admin Core if they need an internal Emory IP address (170.140.*) to gain access to systems or services on the Academic Core network. If they just need access to the Admin Core, then selecting the first option will be fine.
Figure 3: F5 SSL VPN Screen for All Other Users
Non-Admin Core users will be presented with a single Network Access option. Do not use the F5 SSL VPN while computing on campus, since doing so will unnecessarily send all their internal Emory traffic through the VPN server.
The first time remote Network Access is requested, the user will be asked to install an ActiveX component or similar plug-in. The user should follow the instructions as they are presented. Windows users will see something like the following:
F5 SSL VPN ActiveX Screen
Note: if a yellow pop-up blocker warning appears, wait until java has had time to run before clicking on it.
F5 SSL VPN Binary Screen
F5 SSL VPN Security Warning Screen
Users should select Yes when they are presented with this screen.
Once the first time controls or plugins have been installed, the user will see the normal connection process take place. The following window with automatically minimize after the remote network connection has been established.
F5 SSL VPN Authentication Screen
F5 SSL VPN Authentication Welcome Screen
At this point, the original logon page may be closed. Do not close the minimized Welcome window unless you want to break the SSL VPN connection. If you want to close the connection, we recommend maximizing the Welcome window and selecting Close, rather than just deleting the widow.
Once connected, users will receive an IP address from a different pool, depending on the access their ID allows. Admin Core, DMZ, and HIPPA users will receive an IP address from the 10.110.0.0/16 retwork range. All other users will receive an IP address from the 220.127.116.11-254 range. The VPN pool address will be the IP that the remote systems see when one makes a connection attempt through the F5 SSL VPN.