VPN stands for "virtual private network" and is used to establish a secure connection between the host and another computer or network. The type of VPN Information Technology Services offers is commonly known as a remote access or tunnel VPN service. The K-State VPN service allows you to establish an encrypted tunnel between your computer and K-State's network via the Internet. Use of this VPN allows you to establish a connection to the K-State network that will be secure even if accessed from an unsecure location like an airport or coffee shop.
By connecting to K-State's VPN, you assure that the data you transmit or receive will be
secure between your computer and K-State.
It also allows access to resources that are restricted based on the K-State source IP addresses
(10.130.x.x and 129.130.x.x) as well as services that are restricted, such as Samba.
Note:Traffic between the VPN and the computer you are communicating with will not be encrypted unless you are using SSL-enabled applications.
When using a split tunnel only your traffic to campus will be encrypted and secured between your computer and the VPN. When using a full tunnel all of your network traffic will be routed through an encrypted connection to the VPN and then from the VPN to its intended destination. With both options traffic between the VPN and the remote system you are communicating with will not be encrypted, unless you are using SSL-enabled applications.
A VPN profile can be set up for a department which gives users an address from a smaller predefined pool, which allows tighter firewall rules to be applied to a specific resource. These profiles can be used from both on and off campus allowing you to configure firewalls for only one IP range. This will help to eliminate the need for static IP addresses and will allow for greater flexibility, like being able to access resources from wireless networks with dynamic addresses.
Yes. There is a dedicated tunnel group defined for 3rd-party vendors to be able to connect to systems that are only accessible on-campus due to existing in local address space or protection by firewalls. Each individual that will be needing access to this tunnel group should register for an eID. The K-State employee sponsoring their access should then fill out the special access eID form and follow the directions below to add the vendor.
Yes. The password is encrypted using SSL.
No. A VPN provides security by encrypting and decrypting data that passes through a VPN connection. It does not offer protection from viruses or other malware. Computers that connect to the K-State network are required to run antivirus software and up-to-date virus definition files to prevent infection by viruses and malware.
Yes. SSH provides end-to-end encryption, whereas the VPN only provides encryption from your client up to the VPN itself, which is located in the K-State core network. If you are using non-SSL-enabled applications, or websites, data between the VPN and the computer you are communicating with will not be encrypted.
When prompted to enter a username and password, you will need to enter your eID and password.
Yes. If you have an unstable network connection and your connection to the VPN server is interrupted, the default behavior is that the client will automatically reconnect when it can. It can also be configured to reconnect when resuming from sleep mode if it was connected before going to sleep. This can be configured in the AnyConnect preferences: