Secure Remote Access: Connect with IPSec (Windows)
The Secure Remote Access service is the preferred mechanism to establish virtual private network (VPN) connections to PCs, servers, databases, and printers on the University network. This service (often referred to by the shorthand “SRemote”) allows client systems running the Pulse Secure application to set up a VPN session with resources in a University network zone. These sessions can be used to connect to a printer, a file share, a database or to establish a remote desktop connection to a PC or server.
The University also supports an alternative VPN service that is based on the IPSec network security protocol. This service was established to support specialized VPN needs such as clients running a Linux/Unix operating system as well as high-performance applications that require more capacity than the Secure Remote Access service can support.
The IPSec service was created to fill specific remote access needs that may have been addressed by recent changes to the Secure Remote Access service. Before attempting to set up a VPN session using IPSec, you should investigate whether suitable VPN access is available using the Pulse client.
Multifactor and Secure Remote Access
If you use the University’s Secure Remote Access service, either through the recommended Pulse client or via the IPSec client, you will need to use multifactor authentication for your secure remote connections. This requirement affects all students, faculty, and staff who use the Secure Remote Access service.
Note that you must already have registered a device for multifactor authentication before you can complete the steps below.
You must be approved by your Responsibility Center Account Administrator to access restricted network resources using Secure Remote Access with the Cisco IPSec VPN client. Contact the Technology Help Desk at 412-624-HELP  to request the service.
Prior to installing the Cisco IPSec VPN application, you must obtain the following:
- Membership in an IPSec access group (set up by your department’s RC Administrator)
- A pre-shared text key (provided by your department’s IT administrator or Responsibility Center administrator)
- Group name information (provided by your department’s IT administrator or Responsibility Center administrator)
You must also have administrative privileges to your computer, and it must meet the following requirements:
- Windows Vista or higher (32-bit or 64-bit)
- Microsoft TCP/IP installed
- At least 50 MB of free hard disc space
- Minimum of 128 MB RAM
Note: Known issues occur with use of the following: a tethered Internet connection, smart card authentication for ST Microelectronics models, McAfee versions prior to 4.6, or Tablet PC 2004/2005.
- Log in to My Pitt and click the Software Download Service on the right-hand side of the screen.
- Select Cisco from the Vendor menu and click the Remote Access 32-bit link or the Remote Access 64-bit link.
- Download the Cisco Systems VPN client for your Windows computer.
- Extract the compressed files and double click the Cisco for Windows 32-bit or 64-bit file. A setup wizard will guide you through the installation.
Configure the IPSec Client
1. Click the Start menu, select the Cisco Systems VPN Client folder, then select Start the VPN Client.
Note: If you are using Windows 8, you can type VPN from the tiled Start screen and then click the VPN Client icon.
2. Click the New connection type icon.
3. Enter the following connection entry settings:
- Connection Entry: Choose a connection name, such as Pitt IPSec VPN
- Description: PittNet VPN
- Host: vpn.pitt.edu
4. Click the Authentication tab, select the Group Authentication option, then enter the following settings:
- Name: Your department’s group name
- Password: Your department’s pre-shared text key or shared password
- Confirm Password: Your department’s pre-shared text key or shared password.
- Click the Save button.
5. Click Yes to restart your machine and complete the installation.
Establish a Secure Connection
1. Double click the Cisco IPSec Client on your desktop, then select the VPN configuration from the Connection Entry list. The VPN connection entry list window will display.
2. Click the IPSec connection that you use under the Connection Entry column.
3. Click the Connect button.
4. Enter your University Computing Account username in the Username field.
5. In the password field, you have several options to authenticate with multifactor authentication:
- Type your password only. This will use the default multifactor authentication method you selected when registering your device. For example, if you chose to always receive a Push notification, then typing your password will automatically send a Duo Push notification to your registered device. Accept the Push notification to complete the authentication process.
- If you want to use the "Call Me" option for multifactor authentication, type your password followed by the word phone in this format: password,phone. This will automatically call your registered device. Press 1 on your dialpad to authenticate.
- If you want to authenticate with a passcode, generate a passcode within the Duo mobile app, then type your password followed by Duo passcode in this format: password,token. For example, if the passcode you generated was 123456, you would type password,123456 in the Password field.
- If you want to be sent a passcode via text message (SMS), then type your password followed by sms in this format: password,sms. Your login attempt will fail and you will receive a six-digit passcode via text message. Retype your password followed by the passcode that you received in this format: password,123456.
6. Click the OK button.
7. A VPN icon will display in your menu bar once the connection has been established.
8. Start the application that requires a secure connection, such as a database client or web application.
Disconnect from the Service
- Close any applications that are using the secure connection.
- Click the Disconnect button.