Body
Overview
The ASC Cisco AnyConnect VPN provides secure remote access to ASC resources.
Note: Please, do not use the VPN if your service does not require it, click here for alternatives to the VPN. Always On VPN replaces the Cisco AnyConnect on ASCTech managed Windows machines: click here for more information.
Transition to OSU VPN on September 17th, 2024
On September 17th, 2024 the ASC VPN was replaced by the main OSU VPN on OSU managed endpoints.
The ASC VPN is retired as of October 1st. The old ASC address redirects to the OSU VPN
Direct communications to VPN users were sent as the date approaches.
This has several advantages and changes:
- For OSU managed machines, there will no longer be a need to enter username and password when connecting to the OSU VPN.
- It will use the same machine credentials to place you on the proper network.
- This credential change will be pushed out during the September 17th maintenance window.
- The VPN address will change from vpn.asc.ohio-state.edu to vpn.service.osu.edu
- For smooth transition we redirected the old name to the new on October 1st.
- Since the OTDI VPN uses the same CIsco Secure Client, there is no need to download a new client for OSU managed or personal machines.
- The OSU/OTDI hardware has more capacity.
- VPN Profile names will change.
- The Tunnel All profile will go away.
- For off campus journal access please access the Journal through the OSU Library Catalog. As needed the library system with have you name.# authenticate, and this will work off campus.
- Non-OSU managed machines use the profile OSU-CNET. If you find you are unable to connect to something that you were able to connect to using the ASC VPN, please open a ticket with support and include the hostname of the service you are trying to connect to and the approximate date/time you tried.
- Note: some machines that you used the short name to connect to (asctso-nc123456) may now require the fully qualified domain name (FQDN) like asctso-nc123456.asc.ohio-state.edu.
- This Knowledge Base article will be updated as the project progresses. OSU/OTDI's instructions are at: https://admin.resources.osu.edu/buckeyepass/vpn-and-buckeyepass .
Contents
Alternatives to the VPN
If not required, it is best to use an alternative to the VPN. The VPN adds overhead (slowness) to connections and there are finite slots available on the VPN. There are many services that do not require the VPN.
Requires the VPN: (These are included with Always On VPN on ASCTech managed Windows endpoints.)
- Connecting to shared and private Windows drives.
- Re-validating your Windows license if the machine has not connected to the OSU network for 180 days.
- Connecting to certain software license servers.
- Syncing your OSU password on legacy computers.
Does not require the VPN:
- Workday, Compass, and many other OSU services.
- OneDrive, Carmen/Canvas, Zoom, CrashPlan and other cloud services.
- University Email System, Office 365 apps.
- Remote Desktop to Windows or Linux running XRDP:
- ASC's RDP Gateway is preferred for on campus and off campus connections.
- Guacamole for Windows Remote Desktop to Windows machines and ASC Standard Linux machines running xrdp.
- Guacamole has the advantage that it doesn't require a client, just a web browser.
- As of February 2, 2021, RDP will cease to function over the VPN.
- SSH to Linux machines using Jump. (This includes Unity, but see OnDemand below.)
- Unity has an OnDemand feature which can let you check on your jobs, start jobs, and even get a full desktop.
- SFTP to Linux hosts, this can be tunnelled through Jump and is faster.
Linux users are strongly encouraged to use Jump, but if the VPN is required we suggest using openconnect (see related articles) instead of the Cisco client.
Always On VPN - Windows
If your machine is an ASCTech managed Windows computer, your machine will connect using an "Always On VPN" to certain ASC/OSU services.
This enables anywhere access to:
- ASC Windows file shares.
- ASC run license servers, such as Autodesk, Cinema 4D, Comsol, Deadline, IDL, Keyshot, Maple, Matlab, Mathematica, OriginPro, SolidWorks, SPSS, etc.
- If you need a license that works without any network connectivity, contact ASCTech.
- Windows Software Center, for installing OSU licensed software.
- Immediate password syncing with your OSU lastname.# account from anywhere.
- Patching and configuration, keeping your computer secure.
- WiFi icons showing the connection to a VPN. The shield color depends on system theme.
What Always on VPN does not do:
- The AOVPN does not pass Remote Desktop, X Windows, or SSH.
- Use Gateway and the SSH Jump Host to connect to these without the Cisco VPN.
- AOVPN does not route all your traffic via OSU.
- Just traffic that would need to go to OSU anyway is routed.
If your ASC Windows computer does not appear to have access to the Always On VPN, please contact us. AOVPN was deployed February 21, 2022.
Note for Macintoshes: Recently imaged Macs do sync your OSU password, and Self-Service Software is available everywhere. We are looking at ways to enable file shares and license servers on Macs as well.
OSU VPN Procedure for OSU Managed Windows and Macintosh
We will push out the new clients on September 17th, 2024, but if you want to use the OSU VPN before then you can.
On this profile your OSU managed computer will have the same access as if it was on eduroam on campus.
1. Install the client from your computer's Software Center / Self Service (not OTDI or ASC's web site):
- Windows: install ASC - Cisco Secure Client Configuration (OTDI) from Software Center.
- Software Center is an application on your OSU managed windows machine with commonly used software.
- Macintosh: install ASC - Cisco Secure Client Configuration (OTDI) from Self Service
- Self Service is an application on your OSU managed Macintosh with commonly used software.
- These will install without needing administrator rights.
2. Once the program has been installed, open Cisco Secure Client. On a Mac, you can open it in Applications, but on Windows, just search for Cisco from the Start Menu.
3. On launch the VPN will have OSU Managed Devices Only pre-filled. Clicking Connect will connect automatically. (There will be a dialogue box to accept a warning about using this profile only for OSU Managed Devices.). If you get prompted for a password, please open a ticket with ASCTech.
4. To disconnect look for the icon with a lock; right click and select Disconnect. On a Mac it will be in the top bar, on Windows in the system tray, and may be hidden:
Note: some machines that you used the short name to connect to (asctso-nc123456) may now require the fully qualified domain name (FQDN) like asctso-nc123456.asc.ohio-state.edu.
OSU VPN Procedure for Non-ASCTech Managed Machines
The OSU VPN can be used by ASC affiliated faculty, staff, and students on non-ASCTech managed machines as follows:
1. Install the client:
2. Once the program has been installed, open Cisco Secure Client. On a Mac, you can open it in Applications, but on Windows, just search for Cisco from the Start Menu.
3. On launch the VPN hostname will be blank, enter in vpn.service.osu.edu. (This address will be saved.) Then click Connect.
4. Select the group OSU-CNET and fill in your username and password. Second password will be your Duo option, for most people this will be push, but you can also enter a passcode from the Duo Mobile app or token, you can also put sms in to get a one time code texted to your mobile device.
If you get denied to OSU-CNET submit a ticket to ASCTech.
5. To disconnect look for the icon with a lock; right click and select Disconnect. On a Mac it will be in the top bar, on Windows in the system tray, and may be hidden:
Note: some machines that you used the short name to connect to (asctso-nc123456) may now require the fully qualified domain name (FQDN) like asctso-nc123456.asc.ohio-state.edu.