Remote Access Guide - CoreLogic



CoreLogicRemote Access GuideSSL VPN/IPSec VPNInfoSec Architecture & Operations7/8/2014This document describes setting up remote access through the SSL VPN systems in the Quincy and Plano data centers. Contents TOC \o "1-3" \h \z \u Background PAGEREF _Toc394036825 \h 2Migration Approach PAGEREF _Toc394036826 \h 2Accessing SSL VPN in Quincy and Plano Data Centers PAGEREF _Toc394036827 \h 3Step 1 - Accessing the new SSL VPN Portal and AnyConnect PAGEREF _Toc394036828 \h 3SSL VPN Portal URLs PAGEREF _Toc394036829 \h 3Supported Browsers: PAGEREF _Toc394036830 \h 3Supported Anti-Virus PAGEREF _Toc394036831 \h 3Other Considerations PAGEREF _Toc394036832 \h 3Step 2 – Self-provisioning a Client Side Certificate PAGEREF _Toc394036833 \h 4Verify the Certificate PAGEREF _Toc394036834 \h 11Step 3 - Accessing SSL VPN Portal PAGEREF _Toc394036835 \h 12Step 4 – Installing AnyConnect Client PAGEREF _Toc394036836 \h 15Viewing Details of the Connection PAGEREF _Toc394036837 \h 17Launching AnyConnect via the Start Menu PAGEREF _Toc394036838 \h 18Disconnecting AnyConnect PAGEREF _Toc394036839 \h 19BackgroundCoreLogic provides remote access to its networks via Virtual Private Network (VPN) systems. The VPN system assures security of the data flowing offsite through the Internet by the use of Secure Socket Layer encryption. Accessing SSL VPN in Quincy and Plano Data CentersStep 1 - Accessing the new SSL VPN Portal and AnyConnectThere are two new Dell DataCenters, each with a SSL VPN system. A user can select either and expect a similar experience. However selecting the one closer geographically may reduce latency. Modern Enterprise class Anti-Virus is required for all AnyConnect connections.SSL VPN Portal URLsPacific and Mountain Time Zone Users : – QuincyCentral and Eastern Time Zone Users: – PlanoSupported Browsers:Internet Explorer 8, 9, 10Please use the 32 bit version of the browser if you are on a 64 bit machineChrome 35+Supported Anti-VirusSymantecMacAffeeTrendMicroAVGOther Considerations*. websites should be added to “Trusted Websites” list in your browser security settingsAdmin rights are required to run the secure desktop check and install AnyConnect client. Please submit an OPAS ticket to Service Desk with the description “VPN Installation Assistance Required”Step 2 – Self-provisioning a Client Side CertificateOpen a supported browser and go to the URL determined above.Depending on the browser, you will get a warning to either run an ActiveX control (IE) or Java Applet (Chrome). The following screenshots are what Chrome users will see. IE users will be very similar.IE Users– When prompted click “Run Active X Control”Chrome Users - When Prompted Click “Always run on this site”Chrome – When prompted, click AllowChrome – When prompted, click the checkbox and then RunIf you do not have a valid certificate, the following screen will show up with the UserName field blank. If the user name field is pre-populated with your ISC account, this means you already have a valid certificate. You can skip to Step 3 – Accessing SSL VPN PortalSince the username is not populated, the system will go through the out of band self-provisioning process upon successful authentication.Select your domain from the drop down list box, enter your domain account credentials (Username & Password). Then click Login.Click ContinueYour ISC account name will be included in the instructions text. Click the Continue button.Depending on the data stored on your AD Account, you may see more than one option for One Time Passcode (OTP) delivery. This screen allows you to instruct the system to send the OTP to either Email, Voice, or SMS Text. TIP If no viable option is available please submit an OPAS – Remote Access Digital Certificate ticket. In it, supply the method for receiving the One Time PasscodeSelect the desired channel and click Submit.The OTP is sent out from the system. You will receive the message depending on the selection made in the previous step. If you do not receive the OTP, click the link “Please click here to use and alternate registration method.” When the OTP is received, enter it into the Registration Code: field and click Submit. The system will then ask for your domain credentials.Enter your ISC password and click SubmitThe system will install a certificate into your browser’s certificate cache. Depending on your browser’s security settings you may get a bar at the top of the screen with a security warning regarding installing Active X controls. Right click the bar and “Allow” the browser to install the Active X control. After doing so a countdown timer will be displayed. Please wait until the certificate is completely installed.When the certificate is installed, the screen above will be displayed. Do not click Restart Login, rather close down the browser and re-open the SSL VPN Portal URLPacific and Mountain Time Zone Users : – QuincyCentral and Eastern Time Zone Users: – Plano Verify the CertificateTo verify a certificate is installed correctly, open Internet Explorer and select ToolsInternet OptionsContent. Click the Certificates button. Your certificate should be in the list of “Personal Certificates” It will be Issued To your ISC account user name and Issued by MFCIssuer3Sierra.banner.Step 3 - Accessing SSL VPN PortalYou should now be able to access the SSL VPN Portal. Pacific and Mountain Time Zone Users : – QuincyCentral and Eastern Time Zone Users: – PlanoUpon entering either website, you may be prompted to select your certificate. If so, find the one issued to your domain account by MFCIssuer3Sierra.banner. and click OK.The portal login page is displayed. Notice that your domain user ID is pre-populated. This is a sign that your certificate is recognized by the system.Click Continue to access the SSL VPN PortalThe SSL VPN Portal page will be displayed with a number of options:Home / Web Applications– Presents bookmarks to a few common sites both internal and external to the CoreLogic NetworkAnyConnect – Provides a link to connect to the network through the “AnyConnect”client. If your machine does not have the AnyConnect client, it will automatically download and install it.Application Access – Advanced users can access internal resources through the Application Access list of “Smart Tunneled” applications. Please note RDP access is limited to systems on the Enterprise side of the network only (ie user desktops). To RDP to Production areas of the network, you must use AnyConnect to connect.MetaFrame Access – Provides an address box to allow a user to submit a url to a Citrix environment and access a Citrix portal. Note, the Credco Citrix portal and CL Citrix web are available via the Links on the Home/Web Applications as well.Step 4 – Installing AnyConnect ClientInstallation of the AnyConnect client is done through the SSL VPN portal. Please refer to Step 3 above for details on accessing the portal.AnyConnect on the navigation bar on the left and then click the Start AnyConnect link in the middle of the screen. If the machine connecting does not have an AnyConnect client, one will be downloaded and installed.IE Users – Click the Install button when promptedChrome Users – Click the Run Button when promptedThe installation status screens will update you on the progress of the install. Once completed, the AnyConnect client will initialize a new AnyConnect connection to the network. The AnyConnect Session is established. Notice the green checkmark on the padlock in the screen above.You can logout of SSL VPN portal at this point by clicking the “Logout” or RedX button on the top right of the portal screen. Doing so will not disconnect the AnyConnect session.Viewing Details of the ConnectionEstablishing an AnyConnect connection will re-ip your machine on your network. You can see the new IP address along with other diagnostic information through the Advanced settings screen.Access the Advanced Settings screen by: right click the AnyConnect icon in the system tray, Select Open AnyConnect OptionClick the gear icon in the Cisco AnyConnect Secure Mobility Client windowClick the Statistics tab on the AnyConnect Secure Mobility Client details window.Launching AnyConnect via the Start Menu Once the Cisco AnyConnect client is installed on the machine, subsequent connections to the VPN system can be initiated through the Start Menu. The location of the application in the Start Menu may vary. Start Cisco AnyConnect Secure Mobility Client Select the connection profile to connect to. You should have a similar experience on either. Select the profile closest to you geographically:West Coast and Mountain – vpn.wtc.Central and East Coast – vpn.ptc.Enter your ISC account password and click the “OK” button. Disconnecting AnyConnect Right click the task bar icon for the Cisco AnyConnect Secure Mobility clientClick the Disconnect button to terminate the AnyConnect VPN Session. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download