Remote Access Guide ssl vpn/ipsec vpn



Download 24.55 Kb.
Date conversion28.01.2017
Size24.55 Kb.

CoreLogic

Remote Access Guide

SSL VPN/IPSec VPN




InfoSec Architecture & Operations

7/8/2014



This document describes setting up remote access through the SSL VPN systems in the Quincy and Plano data centers.


Contents


Background 3

Accessing SSL VPN in Quincy and Plano Data Centers 4

Step 1 - Accessing the new SSL VPN Portal and AnyConnect 4

SSL VPN Portal URLs 4

Supported Browsers: 4

Supported Anti-Virus 5

Other Considerations 5

Step 2 – Self-provisioning a Client Side Certificate 7

Verify the Certificate 14

Step 3 - Accessing SSL VPN Portal 15

Step 4 – Installing AnyConnect Client 18

Viewing Details of the Connection 21

Launching AnyConnect via the Start Menu 22

Disconnecting AnyConnect 24




Background


CoreLogic provides remote access to its networks via Virtual Private Network (VPN) systems. The VPN system assures security of the data flowing offsite through the Internet by the use of Secure Socket Layer encryption.

Accessing SSL VPN in Quincy and Plano Data Centers

Step 1 - Accessing the new SSL VPN Portal and AnyConnect


There are two new Dell DataCenters, each with a SSL VPN system. A user can select either and expect a similar experience. However selecting the one closer geographically may reduce latency. Modern Enterprise class Anti-Virus is required for all AnyConnect connections.

SSL VPN Portal URLs


  • Pacific and Mountain Time Zone Users : https://vpn.wtc.corelogic.com – Quincy

  • Central and Eastern Time Zone Users: https://vpn.ptc.corelogic.com – Plano

Supported Browsers:


  • Internet Explorer 8, 9, 10

    • Please use the 32 bit version of the browser if you are on a 64 bit machine

    • c:\users\jmperk~1\appdata\local\temp\snaghtml162123b9.png

  • Chrome 35+

Supported Anti-Virus


  • Symantec

  • MacAffee

  • TrendMicro

  • AVG

Other Considerations


  • *.corelogic.com websites should be added to “Trusted Websites” list in your browser security settings

  • Admin rights are required to run the secure desktop check and install AnyConnect client. Please submit an OPAS ticket to Service Desk with the description “VPN Installation Assistance Required”


Step 2 – Self-provisioning a Client Side Certificate


Open a supported browser and go to the URL determined above.

Depending on the browser, you will get a warning to either run an ActiveX control (IE) or Java Applet (Chrome). The following screenshots are what Chrome users will see. IE users will be very similar.



IE Users– When prompted click “Run Active X Control”



Chrome Users - When Prompted Click “Always run on this site”



Chrome – When prompted, click Allow



Chrome – When prompted, click the checkbox and then Run

If you do not have a valid certificate, the following screen will show up with the UserName field blank. If the user name field is pre-populated with your ISC account, this means you already have a valid certificate. You can skip to Step 3 – Accessing SSL VPN Portal

Since the username is not populated, the system will go through the out of band self-provisioning process upon successful authentication.

Select your domain from the drop down list box, enter your domain account credentials (Username & Password). Then click Login.

Click Continue



Your ISC account name will be included in the instructions text. Click the Continue button.



Depending on the data stored on your AD Account, you may see more than one option for One Time Passcode (OTP) delivery. This screen allows you to instruct the system to send the OTP to either Email, Voice, or SMS Text.



TIP If no viable option is available please submit an OPAS – Remote Access Digital Certificate ticket. In it, supply the method for receiving the One Time Passcode

Select the desired channel and click Submit.



The OTP is sent out from the system. You will receive the message depending on the selection made in the previous step. If you do not receive the OTP, click the link “Please click here to use and alternate registration method.”

When the OTP is received, enter it into the Registration Code: field and click Submit.

The system will then ask for your domain credentials.



Enter your ISC password and click Submit

The system will install a certificate into your browser’s certificate cache. Depending on your browser’s security settings you may get a bar at the top of the screen with a security warning regarding installing Active X controls. Right click the bar and “Allow” the browser to install the Active X control. After doing so a countdown timer will be displayed. Please wait until the certificate is completely installed.

When the certificate is installed, the screen above will be displayed. Do not click Restart Login, rather close down the browser and re-open the SSL VPN Portal URL



  • Pacific and Mountain Time Zone Users : https://vpn.wtc.corelogic.com – Quincy

  • Central and Eastern Time Zone Users: https://vpn.ptc.corelogic.com – Plano


Verify the Certificate


To verify a certificate is installed correctly, open Internet Explorer and select ToolsInternet OptionsContent. Click the Certificates button. Your certificate should be in the list of “Personal Certificates” It will be Issued To your ISC account user name and Issued by MFCIssuer3Sierra.banner.


Step 3 - Accessing SSL VPN Portal


You should now be able to access the SSL VPN Portal.

  • Pacific and Mountain Time Zone Users : https://vpn.wtc.corelogic.com – Quincy

  • Central and Eastern Time Zone Users: https://vpn.ptc.corelogic.com – Plano

Upon entering either website, you may be prompted to select your certificate.

If so, find the one issued to your domain account by MFCIssuer3Sierra.banner.multifactortrust3.com and click OK.



The portal login page is displayed. Notice that your domain user ID is pre-populated. This is a sign that your certificate is recognized by the system.



Click Continue to access the SSL VPN Portal

The SSL VPN Portal page will be displayed with a number of options:


  • Home / Web Applications– Presents bookmarks to a few common sites both internal and external to the CoreLogic Network

  • AnyConnect – Provides a link to connect to the network through the “AnyConnect”client. If your machine does not have the AnyConnect client, it will automatically download and install it.

  • Application Access – Advanced users can access internal resources through the Application Access list of “Smart Tunneled” applications. Please note RDP access is limited to systems on the Enterprise side of the network only (ie user desktops). To RDP to Production areas of the network, you must use AnyConnect to connect.

  • MetaFrame Access – Provides an address box to allow a user to submit a url to a Citrix environment and access a Citrix portal. Note, the Credco Citrix portal and CL Citrix web are available via the Links on the Home/Web Applications as well.


Step 4 – Installing AnyConnect Client


Installation of the AnyConnect client is done through the SSL VPN portal. Please refer to Step 3 above for details on accessing the portal.

AnyConnect on the navigation bar on the left and then click the Start AnyConnect link in the middle of the screen. If the machine connecting does not have an AnyConnect client, one will be downloaded and installed.



IE Users – Click the Install button when prompted



Chrome Users – Click the Run Button when prompted



The installation status screens will update you on the progress of the install. Once completed, the AnyConnect client will initialize a new AnyConnect connection to the network.



The AnyConnect Session is established. Notice the green checkmark on the padlock in the screen above.



c:\users\jmperk~1\appdata\local\temp\snaghtml5aaa92.png

You can logout of SSL VPN portal at this point by clicking the “Logout” or RedX button on the top right of the portal screen. Doing so will not disconnect the AnyConnect session.


Viewing Details of the Connection


Establishing an AnyConnect connection will re-ip your machine on your network. You can see the new IP address along with other diagnostic information through the Advanced settings screen.

Access the Advanced Settings screen by:



  1. right click the AnyConnect icon in the system tray,

  2. Select Open AnyConnect Option

  3. Click the gear icon in the Cisco AnyConnect Secure Mobility Client window

  4. Click the Statistics tab on the AnyConnect Secure Mobility Client details window.


Launching AnyConnect via the Start Menu


Once the Cisco AnyConnect client is installed on the machine, subsequent connections to the VPN system can be initiated through the Start Menu. The location of the application in the Start Menu may vary.

Start  Cisco AnyConnect Secure Mobility Client

Select the connection profile to connect to. You should have a similar experience on either. Select the profile closest to you geographically:

West Coast and Mountain – vpn.wtc.corelogic.com

Central and East Coast – vpn.ptc.corelogic.com

Enter your ISC account password and click the “OK” button.


Disconnecting AnyConnect


Right click the task bar icon for the Cisco AnyConnect Secure Mobility client



Click the Disconnect button to terminate the AnyConnect VPN Session.


The database is protected by copyright ©ininet.org 2016
send message

    Main page