connect2ti upgrade using broadband at home updated february 28, 2005 charise bell / rondo estrello...
TRANSCRIPT
Connect2TI Upgrade
Using Broadband at Home
Connect2TI Upgrade
Using Broadband at Home
Updated February 28, 2005
Charise Bell / Rondo EstrelloRemote Connectivity Customer CareClient Services & Support, ITS
2
Introduction
Connect2TI Pilot Upgrade http://remcon.itg.ti.com/connect2ti3.0/pilot
– iPassConnect 3.3– Cisco VPN Client 4.6– CyberArmor software firewall (replaced ZoneAlarm Pro)
Broadband at Home– Hardware firewall (router)– Software installation
3
RAS
How Connect2TI Works
1. iPassConnect includes dial access directly to TI (RAS)
RAS numbers are listed first, if available. Look for $0.00/hr.
4
RAS
Internet
iPass
How Connect2TI Works
1. iPassConnect also organizes how you connect to the Internet
5
RAS
VPN Tunnel
Internet
iPass
How Connect2TI Works
2. Cisco Systems VPN Client Virtual Private Networking software creates an encrypted tunnel for data to TI's network
6
RAS
VPN Tunnel
Internet
iPass
How Connect2TI Works
3. CyberArmora software firewall that provides another layer of security
7
iPass brings the Internet
iPass works with Internet Service Providers (ISPs)
Connect to the Internet
iPass manages billings– Charges hit cost center the same way your calling card
calls do
8
Problem with access
9
Internet Explorer and TI’s auto-proxy
Proxy used to get to the Internet when connected to TI network
Auto-proxy uses proxy as needed
Is set when the browser opens
Using CTRL-N to create a new browser window inherits the proxy settings
“Change Proxy Settings” utility on ESD.itg.ti.com
Tools, Internet Options, Connections (tab). LAN settings: http://client.itg.ti.com/software/ie/configure.shtm#vpn
Close browser when moving from Intranet to Internet
10
Setting up VPN over Broadband at HomeSetting up VPN over Broadband at Home
11
Connect2TI (VPN) from Home
Hardware router– Security settings– Wireless
Software – VPN client– CyberArmor– iPassConnect (not required)– Symantec AntiVirus
12
Home Broadband – Hardware Firewall (Router)
Router required at home– Print installation instructions – Gather ISP information– Turn off wireless cards– Wait 10-15 seconds for router to save settings– Cisco Aironet 350 card works at TI sites and at home
13
Router Basics
Installing a Router for use with Connect2TI / VPN For basic information about wireless networking and routers, see
http://computer.howstuffworks.com/wireless-network.htm
Security Requirements A router is required equipment for any computer on home
broadband that will be connecting to the TI network. – “Always on” connection– Hides IP address
Some cable or DSL modems include router functions (ex: 2Wire). If you have a combination broadband modem/router, an additional router will not be required
Any brand of router is acceptable with:– Network Address Translation (NAT)– IPSec passthrough
IT Security documentation: http://itsecurity.ti.com/itsec/procedure.tsp?procedureId=103713
14
Help Desk Support
Help Desk Support for Routers at TI
Approximately 30 minutes of router support
With Internet access working
Available on a "best effort" basis
Documentation for NetGear and Linksys routers
Check website before calling
15
Pre-installation
Before you connect the router Have a working Internet connection
– Call ISP for help– Help Desk cannot help with router unless Internet was working
before you started Uninstall ISP software
– Some ISPs require PPPoE (Point to Point Protocol over Ethernet)
– Router will provide PPPoE services
Most routers are configured to work "out of the box." Some settings must be changed in the configuration step to comply with TI Information Security requirements
16
Know your ISP – Fill out this form
Document information required for the router to work with ISP
PPPoE (usually used with DSL rather than cable)Does your ISP use PPPoE (PPP over Ethernet)? If yes, you may need to input your username and password
– Username (typically your email address): ____________________
– Password: ________________________
Did the ISP provide a static IP address? (Ex.: 167.192.5.10)
If no, you are using DHCP, which is commonly used with cable and most DSL services
If yes,
a. What is the IP address: _____________________
b. What is the subnet mask: _____________________
c. What is the gateway: _____________________
d. What are the DNS servers: ______________________
17
Know Your ISP – Fill out this form
Document information required for the router to work with ISP
Does the ISP require a MAC address (also known as physical address)? If yes, find the computer’s physical address by using the ipconfig utility from the command prompt.
[Start, Run, type in cmd, OK. At the prompt, enter ipconfig /all. Look for Physical Address.]
_____-_____-_____-_____-_____-_____
If the ISP requires a host name, what is it? _______________
18
Installing the Router
Follow the manufacturer's instructions: Cable the router between the broadband modem and the computer
If your broadband modem does not have a router built in, it must have an Ethernet connection ( RJ45) to your computer
DO NOT attempt to configure your router wirelessly
19
Configuring the router
Use your Internet browser to connect to the router's configuration pages
– D-Link and NetGear routers use http://192.168.0.1
– Linksys routers use http://192.168.1.1
The router will have an initial username and password, which you must change later
– Linksys Username: [leave blank] Password: admin – D-Link Username: admin Password: [leave blank] – NetGear Username: admin Password: password
20
Setup Wizard
Run the configuration wizard, using information about your ISP gathered earlier
21
Setup Wizard
22
IT Security Requirements
Then, test your connection – Open a new browser to http://www.google.com– Make sure your browser is using auto-proxy or no proxy
Once your connection to the Internet is working, go back to the router configuration pages, one by one, and change the configuration to match IT Security Requirements:– Enable Network Address Translation (NAT)– Disable UPnP services, if supported – Block all WAN requests – Enable IPSEC passthrough – Disable SPI, if supported – Disable PPTP passthrough – Disable Multicast passthrough – Disable Remote Management – Disable remote upgrade – Enabling WEP (for wireless), using a 128-bit key is a security
requirement. Don't set the WEP key just yet. – Disable SSID broadcast, if supported by router. This hides your
router from those nearby (your neighbors, for instance)
24
Disable UPnP services
27
Disable SPI, if supported
28
Disable PPTP passthrough
30
Disable Remote Management
32
Enable WEP
– Enabling WEP (for wireless), using a 128-bit key is a security requirement. Don't set the WEP key just yet.
34
Set SSID and WEP key – Wireless only
Test your connection to the Internet again If your Internet connection is working, go back to the router
configuration pages and set the SSID Test
35
Set WEP Key last
The WEP key is needed for all wireless computers attached to your home network, including your TI laptop. Carefully write down the new WEP key and type/insert it into the Wireless Network settings for your wireless card. – Instructions for Cisco Aironet Client Utility (ACU) – Instructions for internal wireless card
Test your connection to the Internet again At this point, your router should be configured and fully
operational
Instructions : http://remcon.itg.ti.com/connect2ti3.0/wirelessforhome-acu.htm for use with Cisco Aironet 350 cards
Wirelessforhome-wzc.htm : Wirelessforhome-wzc.htm for use with internal WLAN cards
36
Software InstallationSoftware Installation
37
Home Broadband - Software
Software installation at home Download from the Internet –
my.ti.com,Computer Services, Remote Connectivity (VPN)
Turn off Windows firewall– Control Panel, Network
Connections, Properties, Advanced tab
Connect2TI 2.33 installs– iPassConnect 2.40– Cisco VPN Client 3.6.4 (A)– CyberArmor
Symantec AntiVirus– Intranet: ESD – esd.itg.ti.com– Home version available from
Remote Connectivity website– Keep virus signatures up to date!
Note: SBC Yahoo! installs Visual IP Insight, which must be removed before Connect2TI software is installed.
39
Tips & TricksTips & Tricks
40
Problem with access
If you see:
But you can ping mercury.ext.ti.com (CMD window) • You have Internet access• Your browser is using the wrong proxy setting
41
Internet Explorer and TI’s auto-proxy
Proxy used to get to the Internet when connected to TI network
Auto-proxy uses proxy as needed
Is set when the browser opens
Using CTRL-N to create a new browser window inherits the proxy settings
“Change Proxy Settings” utility on ESD.itg.ti.com
Tools, Internet Options, Connections (tab). LAN settings: http://client.itg.ti.com/software/ie/configure.shtm#vpn
Close browser when moving from Intranet to Internet
42
Getting Help
Call the Central Help Desk if you need help– CHD phone numbers are in iPassConnect
under Help, Technical Support
Ask CHD to call iPass if problem isn’t immediately resolved
43
Update the Phonebook
Update your phonebook before traveling
While LAN connected, select – the Settings menu– Update
iPassConnect– Phonebook
Phonebook is updated at least every two weeks
46
Join the Connect2TI Upgrade Pilot
Join the Connect2TI Upgrade Pilot
http://remcon.itg.ti.com/connect2ti3.0/pilot
Still have questions? Contact
Remote Connectivity Customer CareCharise Bell / Rondo Estrello
214-567-9888
You are now ready to use Connect2TI over Broadband at Home
Still have questions? See FAQs on my.ti.com
Computer ServicesRemote Connectivity (VPN)
Additional help is available at 1-800-527-4740 or 972-575-HELP