How To Connect to F5 Firepass VPN: Internet Explorer on Windows XP

Getting Started

A user establishes the VPN connection by opening a web browser and logging in at the start page found at https://vpn.emory.edu (See Figure 1).

The F5 solution uses standard SSL to establish a connection to the remote network. A wide variety of platforms and browsers are supported. See F5 Firepass SSL VPN overview for a current list.

img8

Figure 1: F5 SSL VPN Logon Page

Selecting the Correct Network

Depending on the access granted to a particular individual, the user will get one of two possible screens after a successful logon. Those with access to the Admin Core will get a screen with two network choices (See Figure 2), while everyone else will get a screen with just one choice (See Figure 3).

img5

Figure 2: F5 SSL VPN Screen for Admin Core Users

Admin Core users should be careful to select the correct Network Access from this screen. If they are attempt to access the Admin Core from an on campus location, then they should select Admin Core Remote Access Only From On or Off Campus. If they select the other option while they are on campus, then all of their internal Emory traffic will be routed through F5 VPN, even if it is not bound for the Admin Core, creating inefficiencies for one's own traffic and unnecessary congestion on the VPN server.

Admin Core users who connect from an off campus location may select either option but should select Emory University Remote Network Access INCLUDING Admin Core if they need an internal Emory IP address (170.140.*) to gain access to systems or services on the Academic Core network. If they just need access to the Admin Core, then selecting the first option will be fine.

imgs

Figure 3: F5 SSL VPN Screen for All Other Users

Non-Admin Core users will be presented with a single Network Access option. Do not use the F5 SSL VPN while computing on campus, since doing so will unnecessarily send all their internal Emory traffic through the VPN server.

Initial Setup

The first time remote Network Access is requested, the user will be asked to install an ActiveX component or similar plug-in. The user should follow the instructions as they are presented. Windows users will see something like the following:

img1

F5 SSL VPN ActiveX Screen
Note: if a yellow pop-up blocker warning appears, wait until java has had time to run before clicking on it.

img4

F5 SSL VPN Binary Screen

img7

F5 SSL VPN Security Warning Screen

Users should select Yes when they are presented with this screen.

Regular Connection

Once the first time controls or plugins have been installed, the user will see the normal connection process take place. The following window with automatically minimize after the remote network connection has been established.

img2

F5 SSL VPN Authentication Screen

img3

F5 SSL VPN Authentication Welcome Screen

At this point, the original logon page may be closed. Do not close the minimized Welcome window unless you want to break the SSL VPN connection. If you want to close the connection, we recommend maximizing the Welcome window and selecting Close, rather than just deleting the widow.

VPN Pool Addresses

Once connected, users will receive an IP address from a different pool, depending on the access their ID allows. Admin Core, DMZ, and HIPPA users will receive an IP address from the 10.110.0.0/16 retwork range. All other users will receive an IP address from the 170.140.129.1-254 range. The VPN pool address will be the IP that the remote systems see when one makes a connection attempt through the F5 SSL VPN.

Related Information