Connect To CUHK SSL VPN On Android Platform
Connect to CUHK SSL VPN on Android platform (This user guide uses Android 9 as illustration.) Table of Contents A. Get Started . 1 B. Install SSL VPN client (Aruba VIA) . 2 C. Set up CUHK SSL VPN Profile . 2 D. Connect to CUHK SSL VPN . 4 E. Disconnect from CUHK SSL VPN . 6 For enquiries, please contact ITSC Hotline: 3943 8845 (during office hours) Online Service Desk: http://servicedesk.itsc.cuhk.edu.hk Get help General Enquiries A. Get Started Secure Sockets Layer Virtual Private Network (SSL VPN) provides CUHK staff with a secure remote access to on-campus resources over an Internet connection. Once connected, all traffic for accessing on-campus resources go through the VPN tunnel. The rest traffic goes through your original Internet connection. Prerequisites: Aruba Virtual Intranet Access (Aruba VIA), as SSL VPN client, installed on your Android device. Maximum Connection Time Per Session: 12 hours with 1-hour idle time out, you can make the connection again when the session expires. Known Issue: You may experience an unstable VPN connection from mainland China with the gradual upgrade of China’s Great Firewall. 1
B. Install SSL VPN client (Aruba VIA) Aruba Virtual Intranet Access (Aruba VIA) client is used for connecting SSL VPN service. You can download it direct from Google Play. 1. Open Google Play 2. Install Aruba VIA C. Set up CUHK SSL VPN Profile Note: Before setting up ArubaVIA client for SSL VPN service, please ensure that (1) DUO Two Factor Authentication (2FA) has been enabled on your account. (2) DUO Mobile has been properly installed on your mobile device. 1. Open ArubaVIA Click to download VPN profile 2. Enter to Download VPN Profiles Server URL: intranet.cuhk.edu.hk Username: CUHK email address (e.g. Student: student id@link.cuhk.edu.hk Staff: alias@cuhk.edu.hk ) Password: CUHK OnePass Tap Download. For some Android OS, you may be prompted to enter Server URL only. 2
3. Enter Username: CUHK email address (eg: Student: student id@link.cuhk.edu.hk Staff: alias@cuhk.edu.hk ) Password: CUHK OnePass Tap Proceed to complete the set up. 4. Click to Connect to continue the set up. 5. Login with CUHK Email Address (e.g. Student: student id@link.cuhk.edu.hk Staff: alias@cuhk.edu.hk) CUHK OnePass password Tap Proceed to connect. 6. To continue, you must agree to the Privacy policy and allow ArubaVIA to set up a VPN connection on your device. If you do, tap Accept OK to complete the set up. 3
7. SSL VPN requires DUO 2FA. In this illustration, DUO Push is used. Tap Login request Approved to complete the profile setup. The setup is now completed and a SSL VPN connection is made too. D. Connect to CUHK SSL VPN 1. Open ArubaVIA , VPN DISCONNECTED will then be prompted. Click to Connect to establish a SSL VPN connection Then input either one of the following forms of password (2A, 2B or 2C), follow the format exactly the same as shown: 2A. Password (DUO Mobile App – Push) Login with CUHK Email Address (e.g. Student: student id@link.cuhk.edu.hk Staff: alias@cuhk.edu.hk) OnePass Password Tap Proceed to connect. Open the DUO Mobile App on your mobile device, then tap on the notification message, a Login Request with the information of requesting source is displayed. Tap Approve, the VPN connection should be established successfully. Reminder: DUO Push is not available offline. 4
Please ensure you got a good Internet connection when using this method. Or, you switch to log in with passcode which does not required an Internet connection. 2B. password, passcode (DUO Mobile App – Generate Codes) You can get the passcode from your DUO Mobile App. Open the DUO Mobile App on your mobile device, then tap on the key icon next to your account, a one-time passcode is generated. Login with CUHK Email Address (i.e. Student: student id@link.cuhk.edu.hk Staff: alias@cuhk.edu.hk) OnePass password, DUO Passcode Tap Proceed, the VPN connection should be established successfully. 2C. password, bypasscode (Use a temporary DUO Bypass Code) In case you have problem with your mobile (e.g. forgot to bring, malfunction, lost or stolen) and cannot provide the 2nd factor for VPN connection, you can generate a temporary DUO Bypass Code by yourself via DUO Self-Service Portal at https://duo.itsc.cuhk.edu.hk. Login with CUHK Email Address (i.e. Student: student id@link.cuhk.edu.hk Staff: alias@cuhk.edu.hk) OnePass password,Bypasscode Then tap Proceed. The VPN connection should be established successfully. 5
E. Disconnect from CUHK SSL VPN 1. Open Virtual Internet Access 2. When VPN CONNECTED is shown, CLICK TO DISCONNECT to terminate the current SSL VPN connection. Prepared by: User Support Services, Information Technology Services Centre Last Update: 5 February 2021 Copyright 2021. All Rights Reserved. Information Technology Services Centre, The Chinese University of Hong Kong 6
7. SSL VPN requires DUO 2FA. In this illustration, DUO Push is used. Tap Login request Approved to complete the profile setup. The setup is now completed and a SSL VPN connection is made too. D. Connect to CUHK SSL VPN 1. Open ArubaVIA , VPN DISCONNECTED will then be prompted. Click to Connect to establish a SSL VPN connection
Go to SETUP - VPN Settings - SSL VPN Server - SSL VPN Policies, create a policy that allow the SSL VPN users to access remote network. Add a SSL VPN policy and follow below parameters on SSL VPN Policy Configuration Page. Policy For: Global Apply Policy to: All Addresses Policy Name: Allow_all_address Begin: 0 End: 65535 Service: All .
SSL VPN Client for Windows/Mac OS ZyWALL 110 VPN Firewall ZyWALL 1100 VPN Firewall USG20W-VPN VPN Firewall ZyWALL 310 VPN Firewall. Datasheet ZyWALL 110/310/1100 and USG20(W)-VPN 5 Model ZyWALL 110 ZyWALL 310 ZyWALL 1100 USG20-VPN USG20W-VPN Prod
IPsec VPN Throughput (512 byte) 1 98 Gbps Gateway-to-Gateway IPsec VPN Tunnels 20,000 Client-to-Gateway IPsec VPN Tunnels 100,000 SSL-VPN Throughput 10 Gbps Concurrent SSL-VPN Users (Recommended Maximum, Tunnel Mode) 30,000 SSL Inspection Throughput (IPS, avg. HTTPS) 3 17 Gbps SSL Inspection CPS (IPS, avg. HTTPS) 3 9,500 SSL Inspection .
The information in this document applies both to IPsec VPNs and SSL VPNs unless otherwise noted. The encrypted tunnels for SSL VPNs use TCP port 443, which is usually allowed by intermediate firewalls by default. SSL VPN tunnels and the SSL VPN Portal are different remote access methods. You access SSL VPN tunnels using the Stonesoft VPN .
VPN Passthrough: having the device installed as an intermediate part of a secure VPN, requires additional VPN gateway. Remote User VPN Site-to-Site VPN Termination PPTP Termination ( refer to page 15) Peplink Site-to-Site VPN ( refer to page 10) . t Requirement System Requirement for Site-to-Site VPN Configuration When configuring a VPN .
Chapter 15 IPsec VPN 423 Chapter 16 Dynamic Multipoint VPN (DMVPN) 469 Chapter 17 Group Encrypted Transport VPN (GET VPN) 503 Chapter 18 Secure Sockets Layer VPN (SSL VPN) 521 Chapter 19 Multiprotocol Label Switching VPN (MPLS VPN) 533 Part IV Security Monitoring 559 Chapter 20 Network Intrusion Prevention 561 Chapter 21 Host Intrusion .
Global Management System SSL VPN About SSL VPN 7 3 Click the Groups view. 4 In the User Groups column, select SSLVPN Services. 5 Click the Right Arrow to move it to the Member Of column. 6 Click the VPN Access view. The VPN Access view configures which network resources VPN users (GVC, NetExtender, or Virtual Office bookmarks) can access.
Asset Management has now spread to many utility organizations and large and small companies are adopting similar programs. 3 The changing role of Maintenance Management in Asset Management: To illustrate how maintenance managers can contribute to an Asset Management improvement program, the table below lists some common issues facing management in the first column, and thoughts on how these .
