Skip to main content Skip to local navigation
University Information Technology (UIT)
Home » Student Services » VPNYork SSLVPN Step-by-Step Guide

VPNYork SSLVPN Step-by-Step Guide


Step 1.

  1. Enter the following URL in any supported browser: https://vpngateway.yorku.ca/vpnyork.
  2. When presented with the SSLVPN VPNYork login screen enter your Passport York username and password.


Note that the idle timeout is 30 minutes and the maximum session time is 10 hours.
There is a pop up warning 10 minutes before the idle timer expires.
Periodic application activity is counted as session activity and will reset the idle timer.

Loading Components

The Host Checker and Cache Cleaner applications may be pushed down if they are not already installed on the SSLVPN client computer.   Cache Cleaner is fully supported on Windows.  Not all Cache Cleaner features are available on MacOS and Linux platforms.
Note the information in the message bar.
“This site might require the following ActiveX control: ‘JuniperSetupClient.cab’ from ‘Juniper Networks, Inc.’.  Click here to install…"

  1. Select “Click here to install…”  to proceed with the SSLVPN login.


If ActiveX is unavailable on the client’s system then Java (if enabled) is used. If neither ActiveX nor Java is available the vpngateway device issues an error message indicating that some functionality may not be available.  In some cases the SSLVPN session may be terminated.
The vpngateway’s certicate has been verified by a trusted certificate authority.

  1. Select “Yes” to proceed with the SSLVPN login.

Step 2.

After the SSLVPN components are installed the Host Checker and Cache Cleaner applications are run.
If  the client computer fails the computer security check there will be a remediation page similar to the screen shots below.  At this point the user may do the following:
Recommended:

  1. Ensure that there is a current anti-virus software installed and there are current virus definition files/updates.
  2. Run a clean full scan.  A clean full scan is where all files are scanned and remediated.Both a) and b) must must be completed to pass the computer security test.
  3. Select “CONTINUE” and perform a) and b) at a later date.

The virus definition file must be no older than 2 updates. This means that automatic updates must be enabled and running on the anti-virus software. 

Change Settings > Client Management Settings > Scheduled Updates > Enable Automatic Updates

This is the default setting for UIT managed hosts.
The vpngateway device supports over 100 anti-virus software applications on the Windows operating systems. 

The following is a screen shot of the Anti-Virus Windows remediation page. The text of the Anti-Spyware remediation page and other operating system Host Checker remediation page is similar with notes specific to the OS.

Step 3.

If the IPSec client called Network Connect is not already installed it will be pushed down to the workstatIons and started.  At this point the user may see the following message: "Please Wait.   Launching Network Connect.”

 

Step 4.

  1. After the Network Connect has successfuly launched the user may view the network settings by right clicking the Nework Connect icon and selecting Basic View.


In this sample SSLVPN session the IP address of the workstation has been changed to:  130.63.0.15

Network Connect Advanced View

  1. To get the Network Connect Advanced View right click on the Network Connect  icon in the task bar.
  2. The Network Connect Advanced View allows the user to view the SSLVPN logs written locally.
    (See Client Side Changes for a list of log file locations.)

Step 5.

The VPNYork landing page is  www.yorku.ca

Step 6.

At this point the VPNYork IPSec tunnel is established and you may run your applications using your normal procedures. Some profiles (including VPNYork) starts the IPSec tunnel automatically.
The presence of the NC icon      indicates that the IPSec tunnel is established.
Some YorkU servers restrict access to specific source IP addresses.  Please ensure that you are using the correct profile to access specific resources.

Step 7.

Host Checker is run at regular intervals during the IPSec session. If the Host Checker security assessment fails the remediation page will be presented as follows:

Note the options at the bottom. "Try Again" and "Do not show remediation again for this session". Choosing "Do not show remediation..." will disable the reme diation page during the session. Host Checker will continue to run at regular intervals and will not inform the user of any Host Checker security assessment failure during the session.
To see the results of the Host Checker security assessments (after selecting "Do not show remediation...") left click on the Host Checker icon HC Icon. Ignore the "You can opt to display this page again in your Advanced Preferences" notice at the bottom of the in-session Host Checker remediation page. This option was disabled.

Step 8.

Please log off when finished.

Quick Links