4/16/10 nih wireless lan
TRANSCRIPT
![Page 1: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/1.jpg)
04/12/23
NIH Wireless LAN
NIH Technical LAN Coordinator Training
August 2006
![Page 2: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/2.jpg)
04/12/232
Agenda CIT’s wireless network architecture VPN’s place in this new wireless
network architecture Basic wireless LAN equipment &
software Wireless client setup demo VPN client setup for wireless Questions
![Page 3: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/3.jpg)
04/12/233
CIT Wireless & VPN Support First level support:
NIH Help Desk 301-496-HELP (4357)or 866-319-HELP
e-mail: [email protected]/CIT Support Web Page: http://support.nih.govCIT Web Page:http://cit.nih.gov/home.asp General Information page:http://wireless.nih.gov
![Page 4: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/4.jpg)
04/12/234
CIT Wireless & VPN Support Second level support:
Network Operations Center (NOC) Third level support:
NEB/Network Operations Section Fourth level support:
NEB/Engineering Operations SectionWireless and VPN groups
![Page 5: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/5.jpg)
04/12/235
Wireless and VPN Client Software Download Download client software and
documents from SDP (Software Distribution Product) Web site:
http://isdp.cit.nih.gov/downloads/wireless_lan.asp
http://isdp.cit.nih.gov/downloads/vpn_tools.asp
http://RemoteAccess.nih.gov
![Page 6: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/6.jpg)
04/12/236
NIH Wireless Consolidation Scope
802.11x devices in locations with NIH employees using wireless networking
Point-to-point wireless network connections
Bluetooth wireless networking Bridge devices that convert to/from
802.11x wireless protocols Specialized wireless laboratory or
biomedical devices that use 802.11x networking
![Page 7: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/7.jpg)
04/12/237
Wireless Consolidation Consolidation Cost Savings
Volume efficiencies Vendor discounts and operational
costs Multiple vendors provide competition
but increase operations costs Elimination of duplicate
overlapping networks Decrease in IRT costs to monitor
wireless security
![Page 8: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/8.jpg)
04/12/238
Wireless Security Approach to be followed
Utilize VPN to meet encryption and user authentication requirements –
HIPAA (HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 )
Relevant provision: Guarantee security and privacy of health information
Develop and follow security and wireless policies All wireless devices registered and secured Scan for unauthorized devices
![Page 9: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/9.jpg)
04/12/239
NIH Wireless Security Implementation Approach
Install wireless using a configuration that allows multi-vendor environment (i.e. no proprietary vendor extensions) Static WEP and Non-broadcast SSID
Require VPN over wireless to meet security requirements for encryption and user authentication per NIST recommendation Cisco VPN Client ( Version 4.x ) AES-256 and 3DES-168 encryption.
Install security devices at the wireless “On Ramp” to NIHnet in each building to restrict traffic
![Page 10: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/10.jpg)
04/12/2310
NIH Wireless Security Implementation Approach
Allow VPN users to have direct access to NIH network
Authenticate users via Active Directory Tunnel non-NIH users to a perimeter wireless
DMZ Install web portal for authorized external users
to access the Internet over NIH wireless network
Take advantage of future standards when they mature to enhance security and functionality
![Page 11: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/11.jpg)
04/12/2311
Basic Wireless LAN Equipment and Software Wireless Adapter Access Point (AP) RADIUS Server Active Directory Server VPN Client and Server Wireless Gateway
![Page 12: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/12.jpg)
04/12/2312
Wireless Network Model
Wireless Access Point (AP)
On-ramp IC-net NIHnet DMZ Internet
![Page 13: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/13.jpg)
04/12/2313
Types of Wireless Users
Type 1 – Wireless user within their primary building
Type 2 – Wireless user who has roamed to another building
Type 3 – Wireless guest or patient Type 4 – Specialized wireless
devices Example: lab scanner or biomedical device
![Page 14: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/14.jpg)
04/12/2314
Type 1 User
Wireless Access Point (AP)
VPNIC-net NIHnet
Wireless ClientNon-Broadcast SSID
and Static WEP
VPN Client3DES/AES Encryption
Encrypted VPN SessionUser AuthenticationUser Network Traffic
On-Ramp
RADIUS
AD
![Page 15: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/15.jpg)
04/12/2315
Type 2 User - Roaming to another building
Wireless Access Point (AP)
IC-net
NIHnet
Wireless ClientNon-Broadcast SSID
and Static WEP
RADIUS
AD
VPNEncrypted VPN SessionUser AuthenticationUser Network Traffic
IC-netVPN Client
3DES/AES Encryption
On-Ramp
![Page 16: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/16.jpg)
04/12/2316
Type 3 Guest User
Non-Broadcast SSID and Static WEP
Different from NIHInternal Users
Wireless Client
Wireless Access Point (AP)
InternetNIHnet WirelessGateways
SSL Encrypted Session (Login only)Point-to-Point Tunnel
RADIUS
Redundant GatewaysLimited Internet accessNo direct access to NIHnet
AD
On-Ramp
![Page 17: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/17.jpg)
04/12/2317
Type 4 User – No User Login
Wireless Access Point (AP)
IC-net NIHnet
Wireless Device Non-Broadcast SSID
and Static WEP
Network Traffic
Server
On-Ramp
System withoutVPN capability
![Page 18: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/18.jpg)
04/12/2318
Wireless Consolidation Phases Each IC will progress through phases independently Phase 1
CIT installs On-Ramp device(s) CIT monitor wireless network 24x7 CIT takes over management of wireless devices Wireless assets transferred to CIT
Phase 2 IC install VPN clients on user machines
Phase 3 CIT enable security on On-Ramp when Phase 2 is complete
![Page 19: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/19.jpg)
04/12/2319
Wireless ConsolidationPhase 1
Wireless Access Point (AP)
IC-net NIHnet
VPN
DMZ Internet
VPN
Centrally locatedRedundant
VPN Devices
On-Ramp installed and traffic allowedto go anywhere on IC or NIHnet.
CIT manages wireless access pointsand On-Ramp router.
VPN not required.
No change from current operation.
Router
![Page 20: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/20.jpg)
04/12/2320
Wireless ConsolidationPhase 2
Wireless Access Point (AP)
IC-net NIHnet DMZ Internet
Centrally locatedRedundant
VPN Devices
VPN optional.
IC install VPN clients onwireless user devices.
Optional IC-specificVPN Devices
Router
VPN
VPNVPN
![Page 21: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/21.jpg)
04/12/2321
Wireless ConsolidationPhase 3
Wireless Access Point (AP)
IC-net NIHnet DMZ Internet
Centrally locatedRedundant
VPN Devices
IC completes installation of VPNclients on wireless user devices.
VPN required.
Security enforced on On-Ramp router.
Optional IC-specificVPN Devices
Router
VPN
VPNVPN
![Page 22: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/22.jpg)
04/12/2322
Wireless Authentication Overview
Wireless ClientNIH
WirelessGateway
B12 WLAN VPN
Concentrator
IC Network
NIH Network
Wireless DMZ
B45
VP
N
GRE Tunnel
Internet
RadiusActive Directory
1a
2a
3a
4a
2b3b
4b
On-RampRouter
1b
B12
VP
N
AP
Wireless ClientGuest
IC VPNConcentrator
WirelessGateway
B45 WLAN VPN
Concentrator
Internet
GRE Tunnel
Wireless DMZ
DHCP Server
AP
![Page 23: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/23.jpg)
04/12/2323
Wireless Client Setup
Insert the Cisco wireless client adapter
Click Cancel
![Page 24: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/24.jpg)
04/12/2324
Wireless Client Setup
Cisco Aironet Desktop Utility (ADU)
Double click to start the installation
![Page 25: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/25.jpg)
04/12/2325
ADU and Driver Installation
Click Next Click Next
![Page 26: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/26.jpg)
04/12/2326
ADU and Driver Installation
Click Yes
Click Next
Click Next
![Page 27: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/27.jpg)
04/12/2327
ADU and Driver Installation
Click Next Click Next
![Page 28: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/28.jpg)
04/12/2328
ADU and Driver Installation
Click OK
Click OK to reboot
![Page 29: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/29.jpg)
04/12/2329
ADU Configuration
Double Click ADU Icon
Select Profile Management
Select Default and click Modify
![Page 30: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/30.jpg)
04/12/2330
ADU Configuration
Rename the Profile NameEx: NIH WLANSSID1: Enter the NIH SSIDSSID2: Enter NIH Guest SSIDSelect Security tab
Select Pre-Shared Key (Static WEP) Click Configure
![Page 31: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/31.jpg)
04/12/2331
ADU Configuration
WEP 1: Enter NIH Static WEP KeyWEP Key Size: select 128
Click OK to return to Profile Management
windowSelect Advanced tab
![Page 32: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/32.jpg)
04/12/2332
ADU Configuration
Click OK to return toProfile Managementwindow
Uncheck 5 GHz 54 Mbps
![Page 33: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/33.jpg)
04/12/2333
ADU Configuration
Select Current Status tab Verify the Wireless Connection
Congratulation! ADU Installation and Configuration have been completed.
![Page 34: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/34.jpg)
04/12/2334
Wireless VPN Setup
New VPN Client (ver. 4.8)
Double Click Icon to begin Installation.
NOTE: This will install the configuration for Remote Access VPN as well as Wireless VPN. (not shown)
![Page 35: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/35.jpg)
04/12/2335
VPN Client InstallClick Upzip to place Installation Files in Folder.
The extraction process will look like this.
Then
![Page 36: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/36.jpg)
04/12/2336
VPN Client Install
Open the Directory for the Client Installation Files and then Click the Setup Icon (circled).
![Page 37: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/37.jpg)
04/12/2337
VPN Client Install
MSI or InstallShield installation process will begin.
![Page 38: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/38.jpg)
04/12/2338
VPN Client Install
If this is a new Client Install, Skip Two Slides.
Otherwise, You will see the following message:
Click Yes
![Page 39: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/39.jpg)
04/12/2339
VPN Client Install
When you receive the restart request from the Installer, please Click Finish and allow computer restart.
If you do not, when you try to install the client later, you’ll receive an error.
![Page 40: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/40.jpg)
04/12/2340
VPN Client Install
Click Next and/or Yes where the MSI Installer Wizard asks you for input.
Install should progress to dialog showing install in progress.
If you uninstalled a previous client and rebooted, after re-boot the Installer continues as shown below.
If you didn’t have to uninstall a previous client, the Installer continues as below.
![Page 41: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/41.jpg)
04/12/2341
VPN Client Install
Click Finish to restart the Computer and complete Install.
![Page 42: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/42.jpg)
04/12/2342
VPN Client Install
After computer has been restarted per previous instructions:
Click Start menu to find VPN Client and Click it to start VPN Client.
![Page 43: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/43.jpg)
04/12/2343
Wireless VPN Setup
There are no other steps!!
![Page 44: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/44.jpg)
04/12/2344
Wireless VPN SetupCaveat #1: The newest version of the VPN client is an MSI Installer. This MSI client is not designed to replace older clients installed previously using the INSTALLSHIELD Wizard. If you used the Windows Installshield installer to install your old VPN Client, you’ll need to UNINSTALL the old VPN Client first before installing the new 4.8x VPN Client. (We are finding that we have to use an older client on some new XP Machines. We are still gathering information to present to Cisco.) The new MSI client will be supported by Cisco on an on-going basis. The Installshield client will not. The MSI client will do future updates without rebooting the user’s PC.
If you are not sure, uninstall the old VPN before trying this install.Caveat #2: This product is designed to be used with all versions of Windows, however we have encountered problems with and do not support the Cisco VPN client on XP Home edition.
![Page 45: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/45.jpg)
04/12/2345
Wireless VPN Connection
Highlight Wireless VPN and then Click Connect.
![Page 46: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/46.jpg)
04/12/2346
Wireless VPN Connection
Enter Active Directory (NT Logon)
<Domain>\<Username> and <Password> in form shown above.
(The slash mark MUST be entered in the \ direction.)
Click OK.
![Page 47: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/47.jpg)
04/12/2347
Wireless VPN Connection
Click Continue and you are now connected to
Wireless VPN!!
The Client will confirm your credentials.
![Page 48: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/48.jpg)
04/12/2348
Wireless VPN Connection
A VPN Client Lock symbol should appear in the System Tray symbolizing that you are indeed connected to NIHnet via VPN.
If you right-click on it, you can click Statistics to view your connection statistics. >>>>>
![Page 49: 4/16/10 NIH Wireless LAN](https://reader036.vdocument.in/reader036/viewer/2022062300/55586ff8d8b42aaa7e8b4fbb/html5/thumbnails/49.jpg)
04/12/2349
Wireless VPN Connection
To cause the VPN Client to reappear while connected, double-click the VPN Lock icon in the system tray.