Connect2TI Upgrade

Using Broadband at Home

Connect2TI Upgrade

Using Broadband at Home

Updated February 28, 2005

Charise Bell / Rondo EstrelloRemote Connectivity Customer CareClient Services & Support, ITS

2

Introduction

Connect2TI Pilot Upgrade http://remcon.itg.ti.com/connect2ti3.0/pilot

– iPassConnect 3.3– Cisco VPN Client 4.6– CyberArmor software firewall (replaced ZoneAlarm Pro)

Broadband at Home– Hardware firewall (router)– Software installation

3

RAS

How Connect2TI Works

1. iPassConnect includes dial access directly to TI (RAS)

RAS numbers are listed first, if available. Look for $0.00/hr.

4

RAS

Internet

iPass

How Connect2TI Works

1. iPassConnect also organizes how you connect to the Internet

5

RAS

VPN Tunnel

Internet

iPass

How Connect2TI Works

2. Cisco Systems VPN Client Virtual Private Networking software creates an encrypted tunnel for data to TI's network

6

RAS

VPN Tunnel

Internet

iPass

How Connect2TI Works

3. CyberArmora software firewall that provides another layer of security

7

iPass brings the Internet

iPass works with Internet Service Providers (ISPs)

Connect to the Internet

iPass manages billings– Charges hit cost center the same way your calling card

calls do

8

Problem with access

9

Internet Explorer and TI’s auto-proxy

Proxy used to get to the Internet when connected to TI network

Auto-proxy uses proxy as needed

Is set when the browser opens

Using CTRL-N to create a new browser window inherits the proxy settings

“Change Proxy Settings” utility on ESD.itg.ti.com

Tools, Internet Options, Connections (tab). LAN settings: http://client.itg.ti.com/software/ie/configure.shtm#vpn

Close browser when moving from Intranet to Internet

10

Setting up VPN over Broadband at HomeSetting up VPN over Broadband at Home

11

Connect2TI (VPN) from Home

Hardware router– Security settings– Wireless

Software – VPN client– CyberArmor– iPassConnect (not required)– Symantec AntiVirus

12

Home Broadband – Hardware Firewall (Router)

Router required at home– Print installation instructions – Gather ISP information– Turn off wireless cards– Wait 10-15 seconds for router to save settings– Cisco Aironet 350 card works at TI sites and at home

13

Router Basics

Installing a Router for use with Connect2TI / VPN For basic information about wireless networking and routers, see

http://computer.howstuffworks.com/wireless-network.htm

Security Requirements  A router is required equipment for any computer on home

broadband that will be connecting to the TI network. – “Always on” connection– Hides IP address

Some cable or DSL modems include router functions (ex: 2Wire). If you have a combination broadband modem/router, an additional router will not be required

Any brand of router is acceptable with:– Network Address Translation (NAT)– IPSec passthrough

IT Security documentation: http://itsecurity.ti.com/itsec/procedure.tsp?procedureId=103713

14

Help Desk Support

Help Desk Support for Routers at TI

Approximately 30 minutes of router support

With Internet access working

Available on a "best effort" basis

Documentation for NetGear and Linksys routers

Check website before calling

15

Pre-installation

Before you connect the router Have a working Internet connection

– Call ISP for help– Help Desk cannot help with router unless Internet was working

before you started Uninstall ISP software

– Some ISPs require PPPoE (Point to Point Protocol over Ethernet)

– Router will provide PPPoE services

Most routers are configured to work "out of the box." Some settings must be changed in the configuration step to comply with TI Information Security requirements

16

Know your ISP – Fill out this form

Document information required for the router to work with ISP

PPPoE (usually used with DSL rather than cable)Does your ISP use PPPoE (PPP over Ethernet)? If yes, you may need to input your username and password

– Username (typically your email address):     ____________________

– Password:   ________________________

Did the ISP provide a static IP address? (Ex.: 167.192.5.10)

If no, you are using DHCP, which is commonly used with cable and most DSL services

If yes,

a. What is the IP address:   _____________________

b. What is the subnet mask:      _____________________

c. What is the gateway:       _____________________

d. What are the DNS servers:       ______________________

17

Know Your ISP – Fill out this form

Document information required for the router to work with ISP

Does the ISP require a MAC address (also known as physical address)? If yes, find the computer’s physical address by using the ipconfig utility from the command prompt.

[Start, Run, type in cmd, OK. At the prompt, enter ipconfig /all. Look for Physical Address.]  

_____-_____-_____-_____-_____-_____

If the ISP requires a host name, what is it? _______________

18

Installing the Router

Follow the manufacturer's instructions: Cable the router between the broadband modem and the computer

If your broadband modem does not have a router built in, it must have an Ethernet connection ( RJ45) to your computer

DO NOT attempt to configure your router wirelessly

19

Configuring the router

Use your Internet browser to connect to the router's configuration pages

– D-Link and NetGear routers use http://192.168.0.1

– Linksys routers use http://192.168.1.1

The router will have an initial username and password, which you must change later

– Linksys    Username: [leave blank]     Password: admin – D-Link      Username: admin     Password: [leave blank] – NetGear   Username: admin     Password: password

20

Setup Wizard

Run the configuration wizard, using information about your ISP gathered earlier

21

Setup Wizard

22

IT Security Requirements

Then, test your connection – Open a new browser to http://www.google.com– Make sure your browser is using auto-proxy or no proxy

Once your connection to the Internet is working, go back to the router configuration pages, one by one, and change the configuration to match IT Security Requirements:– Enable Network Address Translation (NAT)– Disable UPnP services, if supported – Block all WAN requests – Enable IPSEC passthrough – Disable SPI, if supported – Disable PPTP passthrough – Disable Multicast passthrough – Disable Remote Management – Disable remote upgrade – Enabling WEP (for wireless), using a 128-bit key is a security

requirement. Don't set the WEP key just yet. – Disable SSID broadcast, if supported by router. This hides your

router from those nearby (your neighbors, for instance)

24

Disable UPnP services

27

Disable SPI, if supported

28

Disable PPTP passthrough

30

Disable Remote Management

32

Enable WEP

– Enabling WEP (for wireless), using a 128-bit key is a security requirement. Don't set the WEP key just yet.

34

Set SSID and WEP key – Wireless only

Test your connection to the Internet again If your Internet connection is working, go back to the router

configuration pages and set the SSID Test

35

Set WEP Key last

The WEP key is needed for all wireless computers attached to your home network, including your TI laptop. Carefully write down the new WEP key and type/insert it into the Wireless Network settings for your wireless card. – Instructions for Cisco Aironet Client Utility (ACU) – Instructions for internal wireless card

Test your connection to the Internet again At this point, your router should be configured and fully

operational

Instructions : http://remcon.itg.ti.com/connect2ti3.0/wirelessforhome-acu.htm for use with Cisco Aironet 350 cards

Wirelessforhome-wzc.htm : Wirelessforhome-wzc.htm for use with internal WLAN cards

36

Software InstallationSoftware Installation

37

Home Broadband - Software

Software installation at home Download from the Internet –

my.ti.com,Computer Services, Remote Connectivity (VPN)

Turn off Windows firewall– Control Panel, Network

Connections, Properties, Advanced tab

Connect2TI 2.33 installs– iPassConnect 2.40– Cisco VPN Client 3.6.4 (A)– CyberArmor

Symantec AntiVirus– Intranet: ESD – esd.itg.ti.com– Home version available from

Remote Connectivity website– Keep virus signatures up to date!

Note: SBC Yahoo! installs Visual IP Insight, which must be removed before Connect2TI software is installed.

39

Tips & TricksTips & Tricks

40

Problem with access

If you see:

But you can ping mercury.ext.ti.com (CMD window) • You have Internet access• Your browser is using the wrong proxy setting

41

Internet Explorer and TI’s auto-proxy

Proxy used to get to the Internet when connected to TI network

Auto-proxy uses proxy as needed

Is set when the browser opens

Using CTRL-N to create a new browser window inherits the proxy settings

“Change Proxy Settings” utility on ESD.itg.ti.com

Tools, Internet Options, Connections (tab). LAN settings: http://client.itg.ti.com/software/ie/configure.shtm#vpn

Close browser when moving from Intranet to Internet

42

Getting Help

Call the Central Help Desk if you need help– CHD phone numbers are in iPassConnect

under Help, Technical Support

Ask CHD to call iPass if problem isn’t immediately resolved

43

Update the Phonebook

Update your phonebook before traveling

While LAN connected, select – the Settings menu– Update

iPassConnect– Phonebook

Phonebook is updated at least every two weeks

46

Join the Connect2TI Upgrade Pilot

Join the Connect2TI Upgrade Pilot

http://remcon.itg.ti.com/connect2ti3.0/pilot

Still have questions? Contact

Remote Connectivity Customer CareCharise Bell / Rondo Estrello

214-567-9888

You are now ready to use Connect2TI over Broadband at Home

Still have questions? See FAQs on my.ti.com

Computer ServicesRemote Connectivity (VPN)

Additional help is available at 1-800-527-4740 or 972-575-HELP