Download presentation
Presentation is loading. Please wait.
Published byTrevon Gammage Modified over 9 years ago
1
Connect2TI Upgrade Using Broadband at Home Updated February 28, 2005 Charise Bell / Rondo Estrello Remote Connectivity Customer Care Client Services & Support, ITS
2
2 Introduction Connect2TI Pilot Upgrade http://remcon.itg.ti.com/connect2ti3.0/pilot http://remcon.itg.ti.com/connect2ti3.0/pilot –iPassConnect 3.3 –Cisco VPN Client 4.6 –CyberArmor software firewall (replaced ZoneAlarm Pro) Broadband at Home –Hardware firewall (router) –Software installation
3
3 RAS How Connect2TI Works 1.iPassConnect includes dial access directly to TI (RAS) RAS numbers are listed first, if available. Look for $0.00/hr.
4
4 RAS Internet iPass How Connect2TI Works 1.iPassConnect also organizes how you connect to the Internet
5
5 RAS VPN Tunnel Internet iPass How Connect2TI Works 2. Cisco Systems VPN Client Virtual Private Networking software creates an encrypted tunnel for data to TI's network
6
6 RAS VPN Tunnel Internet iPass How Connect2TI Works 3. CyberArmor a software firewall that provides another layer of security
7
7 iPass brings the Internet iPass works with Internet Service Providers (ISPs) Connect to the Internet iPass manages billings –Charges hit cost center the same way your calling card calls do
8
8 Problem with access
9
9 Internet Explorer and TI’s auto-proxy Proxy used to get to the Internet when connected to TI network Auto-proxy uses proxy as needed Is set when the browser opens Using CTRL-N to create a new browser window inherits the proxy settings “Change Proxy Settings” utility on ESD.itg.ti.com Tools, Internet Options, Connections (tab). LAN settings: http://client.itg.ti.com/software/ie/configure.shtm#vpn Close browser when moving from Intranet to Internet
10
10 Setting up VPN over Broadband at Home
11
11 Connect2TI (VPN) from Home Hardware router –Security settings –Wireless Software –VPN client –CyberArmor –iPassConnect (not required) –Symantec AntiVirus
12
12 Home Broadband – Hardware Firewall (Router) Router required at home –Print installation instructions –Gather ISP information –Turn off wireless cards –Wait 10-15 seconds for router to save settings –Cisco Aironet 350 card works at TI sites and at home
13
13 Router Basics Installing a Router for use with Connect2TI / VPN For basic information about wireless networking and routers, see http://computer.howstuffworks.com/wireless-network.htm Security Requirements A router is required equipment for any computer on home broadband that will be connecting to the TI network. –“Always on” connection –Hides IP address Some cable or DSL modems include router functions (ex: 2Wire). If you have a combination broadband modem/router, an additional router will not be required Any brand of router is acceptable with: –Network Address Translation (NAT) –IPSec passthrough IT Security documentation: http://itsecurity.ti.com/itsec/procedure.tsp?procedureId=103713
14
14 Help Desk Support Help Desk Support for Routers at TI Approximately 30 minutes of router support With Internet access working Available on a "best effort" basis Documentation for NetGear and Linksys routers Check website before calling
15
15 Pre-installation Before you connect the router Have a working Internet connection –Call ISP for help –Help Desk cannot help with router unless Internet was working before you started Uninstall ISP software –Some ISPs require PPPoE (Point to Point Protocol over Ethernet) –Router will provide PPPoE services Most routers are configured to work "out of the box." Some settings must be changed in the configuration step to comply with TI Information Security requirements
16
16 Know your ISP – Fill out this form Document information required for the router to work with ISP PPPoE (usually used with DSL rather than cable) Does your ISP use PPPoE (PPP over Ethernet)? If yes, you may need to input your username and password –Username (typically your email address): ____________________ –Password: ________________________ Did the ISP provide a static IP address? (Ex.: 167.192.5.10) If no, you are using DHCP, which is commonly used with cable and most DSL services If yes, a. What is the IP address: _____________________ b. What is the subnet mask: _____________________ c. What is the gateway: _____________________ d. What are the DNS servers: ______________________
17
17 Know Your ISP – Fill out this form Document information required for the router to work with ISP Does the ISP require a MAC address (also known as physical address)? If yes, find the computer’s physical address by using the ipconfig utility from the command prompt. [Start, Run, type in cmd, OK. At the prompt, enter ipconfig /all. Look for Physical Address.] _____-_____-_____-_____-_____-_____ If the ISP requires a host name, what is it? _______________
18
18 Installing the Router Follow the manufacturer's instructions: Cable the router between the broadband modem and the computer If your broadband modem does not have a router built in, it must have an Ethernet connection ( RJ45) to your computer DO NOT attempt to configure your router wirelessly
19
19 Configuring the router Use your Internet browser to connect to the router's configuration pages –D-Link and NetGear routers use http://192.168.0.1 –Linksys routers use http://192.168.1.1 The router will have an initial username and password, which you must change later –Linksys Username: [leave blank] Password: admin –D-Link Username: admin Password: [leave blank] –NetGear Username: admin Password: password
20
20 Setup Wizard Run the configuration wizard, using information about your ISP gathered earlier
21
21 Setup Wizard
22
22 IT Security Requirements Then, test your connection –Open a new browser to http://www.google.com –Make sure your browser is using auto-proxy or no proxy Once your connection to the Internet is working, go back to the router configuration pages, one by one, and change the configuration to match IT Security Requirements: –Enable Network Address Translation (NAT) –Disable UPnP services, if supported –Block all WAN requests –Enable IPSEC passthrough –Disable SPI, if supported –Disable PPTP passthrough –Disable Multicast passthrough –Disable Remote Management –Disable remote upgrade –Enabling WEP (for wireless), using a 128-bit key is a security requirement. Don't set the WEP key just yet. –Disable SSID broadcast, if supported by router. This hides your router from those nearby (your neighbors, for instance)
23
23 Enable NAT NAT is automatically enabled already
24
24 Disable UPnP services
25
25 Block all WAN requests Respond to ping unchecked
26
26 Enable IPSEC passthrough Automatically enabled
27
27 Disable SPI, if supported
28
28 Disable PPTP passthrough
29
29 Disable Multicast passthrough Commonly used for streaming media. IGMP is part of multicast Ask security to remove from list?
30
30 Disable Remote Management
31
31 Disable remote upgrade
32
32 Enable WEP –Enabling WEP (for wireless), using a 128-bit key is a security requirement. Don't set the WEP key just yet.
33
33 Disable SSID broadcast
34
34 Set SSID and WEP key – Wireless only Test your connection to the Internet again If your Internet connection is working, go back to the router configuration pages and set the SSID Test
35
35 Set WEP Key last The WEP key is needed for all wireless computers attached to your home network, including your TI laptop. Carefully write down the new WEP key and type/insert it into the Wireless Network settings for your wireless card. –Instructions for Cisco Aironet Client Utility (ACU) –Instructions for internal wireless card Test your connection to the Internet again At this point, your router should be configured and fully operational Instructions Instructions : http://remcon.itg.ti.com/connect2ti3.0/wirelessforhome-acu.htm for use with Cisco Aironet 350 cards Wirelessforhome-wzc.htmWirelessforhome-wzc.htm : Wirelessforhome-wzc.htm for use with internal WLAN cards
36
36 Software Installation
37
37 Home Broadband - Software Software installation at home Download from the Internet – my.ti.com, Computer Services, Remote Connectivity (VPN) Turn off Windows firewall –Control Panel, Network Connections, Properties, Advanced tab Connect2TI 2.33 installs –iPassConnect 2.40 –Cisco VPN Client 3.6.4 (A) –CyberArmor Symantec AntiVirus –Intranet: ESD – esd.itg.ti.com –Home version available from Remote Connectivity website –Keep virus signatures up to date! Note: SBC Yahoo! installs Visual IP Insight, which must be removed before Connect2TI software is installed.
38
38 Configuring CyberArmor for home networks How to allow other computers on your network to get access to the VPN computer when not connected to VPN Find the instructions on Trey’s website.
39
39 Tips & Tricks
40
40 Problem with access If you see: But you can ping mercury.ext.ti.com (CMD window) You have Internet access Your browser is using the wrong proxy setting
41
41 Internet Explorer and TI’s auto-proxy Proxy used to get to the Internet when connected to TI network Auto-proxy uses proxy as needed Is set when the browser opens Using CTRL-N to create a new browser window inherits the proxy settings “Change Proxy Settings” utility on ESD.itg.ti.com Tools, Internet Options, Connections (tab). LAN settings: http://client.itg.ti.com/software/ie/configure.shtm#vpn Close browser when moving from Intranet to Internet
42
42 Getting Help Call the Central Help Desk if you need help –CHD phone numbers are in iPassConnect under Help, Technical Support Ask CHD to call iPass if problem isn’t immediately resolved
43
43 Update the Phonebook Update your phonebook before traveling While LAN connected, select –the Settings menu –Update iPassConnect –Phonebook Phonebook is updated at least every two weeks
44
44 Wired Troubleshooting Turn off Cisco Aironet 350 card Ensure that both network cable plugs are snugly inserted into wall and notebook (or card) If your location is not listed in iPassConnect, use Home Broadband directions Turn off proxy in browser to test Internet connection. Turn proxy back on when connected to TI. Retype userID and password in iPassConnect: Options / User info Call 972-575-HELP or 1-800-527-4740 for assistance from Central Help Desk. More help is available at http://my.ti.com, Computer Services, Remote Connectivity, Support Information
45
45 Wireless Troubleshooting Turn ON Wireless card (lights are blinking) Turn off proxies in browser to test Internet connection. Turn proxies back on when connected to TI. Retype userID and password in iPassConnect: Options / User info If your location is not listed in iPassConnect, use Home Broadband directions If the card associates with a poor signal, move around until you find a location with at least a fair signal If first attempt using iPassConnect fails, on subsequent attempts, use Cisco VPN Client instead Call 972-575-HELP or 1-800-527-4740 for assistance from Central Help Desk
46
46 Join the Connect2TI Upgrade Pilot http://remcon.itg.ti.com/connect2ti3.0/pilot Still have questions? Contact Remote Connectivity Customer Care Charise Bell / Rondo Estrello 214-567-9888
47
47 Wireless Troubleshooting Turn ON Cisco Aironet 350 card (lights are blinking) Turn off proxies in browser to test Internet connection. Turn proxies back on when connected to TI. Retype userID and password in iPassConnect: Options / User info Use iPass profile in Cisco ACU if location is listed in iPassConnect If your location is not listed in iPassConnect, use Home Broadband directions: edit Cisco ACU Public profile to make sure the SSID is correct. If your card will not associate using either iPass or Public profiles (Cisco ACU), turn off Zone Alarm and try again If the card associates with a poor signal, move around until you find a location with at least a fair signal If first attempt using iPassConnect fails, on subsequent attempts, use Cisco VPN Client instead Call 972-575-HELP or 1-800-527-4740 for assistance from Central Help Desk
48
You are now ready to use Connect2TI over Broadband at Home Still have questions? See FAQs on my.ti.com Computer Services Remote Connectivity (VPN) Additional help is available at 1-800-527-4740 or 972-575-HELP
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.