Home :: Content

Remote Access Security: SSL-VPN - Version 1.0


project mockup.jpg
Quick View
Summary: 

The retirement date for usage of CheckPoint VPN SecuRemote will occur on Wednesday Oct. 21, 2009.

===================================================================================================== 

SSL-VPN is live in production. 

Note:  Open issue - being able to print when using Advantage in Citrix - work in progress to resolve.

=====================================================================================================

This project will replace the current VPN with CheckPoint SSL-VPN to more effectively meet the needs of faculty, staff and students.

Outcomes: Increased usability, increased Mac/Windows/Linux "friendliness", and sufficient security protection.

SSL-VPN is accessible at:  http://sslvpn.asu.edu

Installation link and other information is available in the Help Center:  http://help.asu.edu/search/node/sslvpn

 

Start Date: 
April 14, 2008
Go Live: 
March 31, 2009
End Date: 
October 31, 2009
Current Milestone: 
In Production
Stage: 
Complete - In operation and supported by UTO.
People
Sponsor/Champion: 
Adrian Sannier, Vice President and University Technology Officer
Lead Customer: 
Scott Banks
Project Manager: 
Sharan Johnson
Contact for more information: 
sharan.johnson@asu.edu
Associate VP University Technology: 
Bob Nelson
University Technology Director: 
Robin Manke-Cassidy
More Info
Source: 
Internal
Department: 
UTO
Priority: 
High
Scope: 

Scope includes :

  • Installation of SSL-VPN
  • Migration of user groups to SSL-VPN
  • Sunsetting of CheckPoint
All Milestones and Schedule: 
  • Project Plan. (Completed)
  • Order hardware/software: (Completed)
  • Install Hardware: (Completed)
  • Configure Software:  (Completed)
  • Communication to Pilot Team: (Completed)
  • Pilot: (Completed)
  • Final configuration changes. (Completed)
  • End-User (TechBase) Documentation:  (Completed)
  • Documentation and training for ASU Help Desk:  (Completed)
  • Deployment. (Completed)
  • Re-Design User Interface:  (Completed)
  • User Interface Testing:  (Completed)
  • New Requirement - To include Group access (Completed)
  • Rebaseline for new requirement -- (Completed)
  • Additional milestones -- (Completed)
    • Determine the requirements and configuration for authentication and authorization within the Cisco solution. (Completed)
    • Test the new group access -- (Completed)
    • Coordination of Implmention resources and timeline -- (Completed)
    • Communication to UTC and TAG on group access and priority list -- (Completed)
    • Configuration of group management with EDNA - (Completed)
    • Creation of new LDAP groups for SSLVPN initial access (i.e Advantage) - (Completed)
    • A "bug" was discovered which causes a session to time out. -- "Bug" Fixed (Completed)
    • Creation of remaining LDAP groups for SSL-VPN -- (Completed)
    • End user documentation in UTO Help Center -- (Completed)
    • ASU Help Desk training/documentation -- (Completed)
    • Communication to ASU Community:  --  Completed)
    • Configuration of SSL-VPN DAP groups and ACL rules -- (Completed)
    • Modification to CheckPoint firewalls to accommodate new SSL-VPN access -- (Completed)
    • Document configuration, rules, etc. and met with Security Officer.  (Completed)
  • Go Live:  March 31, 2009 (Completed)
  • Submit new CMT request:  CheckPoint no longer accessible after July 31, 2009 -- (Completed)
  • CMT Request Approved -- (Completed)
  • Address intermittent issue with Vista Operating System -- (Completed)
  • Address issues when accessing to some ASU networks from SSL VPN when on campus -- (Completed)
  • Email to end users who are still using SecuRemote -- (Completed)
  • Advantage Application:
    • Problem Documented -- (Completed)
    • Move Advantage to Citrix -- (Completed)
    • Test Advantage Functionality in Citrix -- (Completed)
    • Problem Resolved (with printing in Citrix) -- Work in Progress
  • CheckPoint VPN SecureRemote - no longer accessible -- Milestone to be met by October 30, 2009
  • Implementation Complete -- Milestone to be met by October 31, 2009

 

Deliverables: 
  • Installed SSL-VPN.
  • Intuitive User Interface
  • Replacement of CheckPoint for VPN client access
Risk & Threats: 
  • Single point of failure for VPN. No redundant routers. To be addressed in network re-design.

 Issues to be resolved:

  • Vista issue with SSL VPN access to on-campus resources. -- Resolved
  • Access to some ASU networks from SSL VPN when on campus.  -- Resolved
  • Automatic launch of the SSL VPN before windows starts up to address timelags and dependencies -- Resolved - Documentation in Help Center
  • RDP to XP workstations to run SSL VPN to Advantage -- Work in Progress - installation of Advantage into Citrix
Links
Cisco SSL-VPN Solution
Syndicate content