Click on the question or the down arrow icon to display the answer.

A VPN or Virtual Private Network allows you to establish a secure connection to another network. At MSU, a VPN connection is required to access many resources on the campus network (like Opal, Sympa list server, etc.) when you are off-campus so the servers remain secure. All MSU faculty, students, and staff in good standing can use the MSU VPN.

MSU's VPN is Cisco Secure Client. The Cisco Secure Mobility client is available for almost all devices and platforms and will allow more MSU employees to work securely from any location at any time.

 

MSU-Employee-VPN

By logging in via this group, users will have a secure connection to the MSU network. However, anything else they do - like Spotify or a personal banking website - will be through their home/off-campus location's network. While the connection through the VPN tunnel to MSU's network will be secure, this cannot be confirmed for everything else.

 

MSU-Employee-Full

By logging in via this group, users will have a secure connection to the MSU network for all activities on their devices - everything is navigated through the VPN tunnel. While this creates a secure environment encompassing the whole device, it can clog the VPN bandwidth and is recommended more for off-campus locations that are not a trusted network.

Yes, you will need to download the Secure Mobility Client. Please visit  http://www.montana.edu/uit/computing/desktop/vpn/index.html for instructions.

Yes, Secure Client needs admin rights to be installed, however subsequent updates will not need them. If you do not have admin privileges on your computer please contact your Departmental IT staff or the MSU Service Desk (994-1777 or helpdesk@montana.edu) for installation assistance.

Yes, you must contact the UIT Service Desk to request access in addition to downloading the new Secure Client .  Contact the Service Desk at 994-1777 or helpdesk@montana.edu.

Yes, your VPN connection will timeout after 30 minutes of inactivity. As long as the VPN tunnel is being used you will stay connected.

The only exception is for the ADMIN-VPN, which does not timeout due to inactivity.

A VPN Tunnel is an encrypted communication between two devices. The network device is commonly a firewall as it is in our case. We have a Cisco ASA for our network device. The client device is commonly yourlaptop or phone with the client software installed. The tunnel is created when the client device initiates a connection to the firewall. This connection is now like a virtual wire going through the internet to build a connection to network resources behind the firewall. 

 

The VPN is setup as a Split Tunnel this configuration was a group decision from the VPN working Group. The Split Tunnel is setup to only route traffic through the VPN Tunnel that is destined for MSU network resources, all other traffic will go out your regular internet connection.

When this happens it is likely because the In Common Intermediate Certificate needs to be "trusted". When the error pops up, you will need to "trust" the certificate. Depending on your situation, you may have to check a box to "Always trust this..." And/or also click a button to Connect Anyway or Always Connect.

Reboot (restart) the computer. This will log out all of the other users who are logged into the computer.  You'll then be able to log back in and connect. 

A screenshot of the Cisco AnyConnect error that reads: Cisco AnyConnect failed to start.  It is already running in another user's session.

To access local resources, like your home printer while at home and connected to MSU through the full tunnel VPN  (the MSU-Employee-full group), make this change to Secure Client on your computer before connecting.

  1. Open the Secure Mobility Client and click Settings icon in lower-left corner as shown in image below.
    Screenshot of the AnyConnect VPN connect window showing the Settings "gear" icon located in the lower-left corner.
  2. If on Windows, select Preferences tab. On Mac go directly to step 3.
  3. Check box next to Allow local (LAN) access when using VPN (if configured),  then close box. 
    Screenshot of AnyConnect Preferences tab and options available for checking.  On a mac there are no tabs, just the preference options when you click settings.

Now when you connect to MSU-Employee-full group of VPN you will have access to local as well as MSU resources. 

Please note that this will not work if you are connecting from a large segmented network like the MSU campus network, you will only have access to resources in the same VLAN.