Using the Secure Access Gateway (SSL VPN)

A printer friendly version of this document is available by clicking the "Print" link in the footer of this page.

Background

CSU provides secure access to on-campus resources via a Juniper Secure Access gateway, also known as an SSL VPN. When connecting to the CSU Secure Access gateway the user will be presented with a web page. This page can have both predefined links and user-defined links to resources such as web pages, terminal sessions (both SSH and Windows Remote Desktop) and file shares (if set up in advance by the department). Individual users may or may not be able to define links on their own page based on departmental security policies.

Connection Prerequisites

There are system requirements to use the Secure Access gateway, such as having the correct combination of Java version, web browser version and operating system. The Help button on the login page has extensive information about these subjects. If you have problems connecting, please look there for assistance first. If you still need help or cannot connect to the help file at https://secure.colostate.edu, please call the CSU Help Desk at 970-491-7276.

How to Connect to the Secure Access Gateway

  1. The link to the Secure Access gateway is: https://secure.colostate.edu. Once there you will be presented with a realm to login to, such as the eID system or a particular domain like CNR.
    • SSL VPN Login
  2. The first time you access the Secure Access gateway in Windows you may be presented with a request to install an ActiveX control from Juniper called JuniperSetupSP1.cab.
    • Install ActiveX Control
  3. We suggest installing the ActiveX control.
    • Install ActiveX Control
  4. Additionally you may be presented with a request from Juniper to install software; we suggest always trust or allow / remember this decision. If you choose not to always trust/allow, you will be presented with this prompt each time you access the Secure Access gateway.
    • Internet Security

Using the Secure Access Gateway

There are five sections included below: the Navigation Menu, Web Bookmarks, Files, Terminal Sessions, and Client Application Sessions.

The Navigation Menu

The main navigation buttons are:

Navigation Menu
  • Home - Returns you to the main page
  • Preferences - Manage the general layout of the main page
  • Session Timer - The Session timer is a countdown timer from one hour at the end of which you will have to re-login to the Secure Access gateway
  • Help - The Secure Access gateway comprehensive online help
  • Sign Out - Leave the Secure Access gateway

Web Bookmarks

Web Bookmarks

The Web Bookmarks panel on the Secure Access gateway main page provides a centralized location for links to CSU and external resources. A resource can be any web page or web application that can be accessed through the Secure Access gateway. The Secure Access gateway rewrites the links in this panel in order to secure traffic between your computer and the resource. When you click a link or use the Browse field at the top of the Secure Access gateway main page, the transmitted page content is rewritten.

On the right-hand side of this field there are three options:

  • Panel Preferences
  • Add a bookmark
  • Expand or Collapse

How to add a bookmark (this option may not available in all realms):

  1. Click the + icon to add a web bookmark link:
    • Add Web Bookmark
  2. Use a descriptive name for the bookmark
  3. Complete the URL (e.g. http://www.google.com)
  4. Choose your desired display options.
  5. Click the add bookmark button at the bottom of the page.

Note: after adding a web bookmark, it appears under the gray bar in the web bookmarks section. The gray bar separates the preset links from user-defined links.

Files

Files

The Files panel on the Secure Access gateway main page provides a centralized location for links to files that reside on an internal-to-CSU network. If your system administrator enables the option for personal bookmarks, you can create your own links in the Files panel.

On the right-hand side of this field there are four options:

  • Panel Preferences
  • Add a Windows Directory
  • Add a Unix/NFS Directory
  • Expand or Collapse

Note: You may have a file server already mapped on the main page depending on the realm that you logged into and the security policies of your department.

How to create a Windows/Unix/NFS Directory (This option is not available in the eID realm):

  1. Click the appropriate icon to add the Windows directory or Unix/NFS directory link (the icon with the four solid white boxes for Windows; the icon with the X for Unix/NFS):
    • Add File
  2. Servers that have already been mapped by departmental policy will appear as a list. To add a directory on a server that is not already listed (if allowed by policy), you will have to browse to it via the Browse button just under the Navigation menu.
    • Server List
  3. Browse to the folder that you want to bookmark and add it to the current bookmarks by checking the box beside the folder name then click the Bookmark Selected button.
    • Windows File Sharing
  4. The resulting screen will allow you to provide an optional description for the bookmark; click the Add Bookmark button to finish adding the bookmark. A link to this file share will be available for future use whenever you login to the Secure Access gateway.
    • Add Bookmark
    • Note: after adding a file share it appears as a link under the gray bar in the web bookmarks section. The gray bar separates the preset shares from the user-defined shares.
  5. Lastly, when connecting to a predefined file server you may need to provide extra credentials if the server authenticates to a different realm than you logged in to. For example, you logged in using eID credentials but want to access a file server on the CSUDOM domain. In this case, you will be challenged to provide CSUDOM credentials.
    • Credentials

Terminal Sessions

Terminal Sessions

Services in the Terminal Sessions panel enable a user to connect to a Windows remote desktop or to Telnet/SSH to a UNIX/Linux server. When you run an application on the terminal server, most actions are performed on the server itself rather than on your workstation.

On the right-hand side of this field there are three options:

  • Panel Preferences
  • Add a Terminal Session
  • Expand or Collapse

Note: you may have a terminal session already mapped on the main page depending on the realm that you logged in to and the security policies of your department.

How to create a Terminal Service Session link (This option is not available in the eID realm):

  1. Click the Add a Terminal Session icon on the right-hand side of the Terminal Sessions bar.
    • Add Terminal Sessions
  2. Choose the terminal session you want to create from the Session Type drop-down list. The options are:
    • Windows Terminal Services
    • Citrix
    • Telnet
    • SSH Secure Shell
    • For Telnet and SSH Sessions, one must only configure the Host and Username entries, e.g.:
      • Settings
      • Authentication
    • For Windows Terminal Services/Remote Desktop Sessions, first define the Host (by IP address or fully qualified domain name) and the Server Port (generally 3389):
      • Settings
    • One may also consider the settings located in the Connect Devices section at the bottom of the screen - these will allow printers or drives connected to the remote system to be visible in the terminal session:
      • Settings
  3. Click the Add button at the bottom of the page, and the link will be added to the Terminal Sessions section on the main page.
    • Add Terminal Services Session

Client Application Sessions

Client Application Sessions

While most services can be reached by links in the above Web, Files, or Terminal Sessions sections, some campus resources require more permissive access to the CSU network. The Client Application Session panel includes two tools to enable this kind of connection:

  • Network Connect
  • Secure Application Manager (offered as Java or Windows ActiveX, depending on the system from which you're connecting)

Each of these tools re-directs traffic coming from applications, including web browsers, on the computer requesting the remote connection. In this sense, both Network Connect and Secure Application Manager (SAM) are similar to the Cisco VPN client that has been in use at CSU. Network Connect is the most similar, tunneling all traffic to the CSU network, whereas SAM is a more secure tool that only tunnels certain kinds of application traffic. SAM must be configured in advance by the ACNS security team to support specific applications; questions about SAM can be sent to noc@colostate.edu.

To launch either of the tools:

  1. Click the Start button on the right side of the panel opposite the name of the tool.
    • Client Applications Start Buttons
  2. The first time you use these tools, you will have to accept one or more downloads.
  3. The tool will launch, and a status icon will appear in the system notification area.
    • Systray Icons
  4. Once one of the above icons is displayed, the connection should be ready. You may launch the applications that require connectivity to CSU resources.