VPN Access & Usage Policy
Table of Contents
I. Need for Policy
The deployment of VPN services will allow JLVpn users to connect directly to the
JLVpn network through the Internet. In order to allow this connectivity, secure
connection issues, performance issues, and bandwidth utilization criteria must be
addressed.
II. Definitions
• ITS – Information Technology Services
• ITAC – Information Technology Services Advisory Committee
• Intranet- Assets located on the JLVpn network such as files, applications, servers,
printers, etc.
• IPSec – A secure network protocol used for VPN sessions.
• VPN Gateway/Concentrator – A device in which VPN connections and sessions are
terminated inside the JLVpn network.
• Split Tunneling – Opening more that one VPN session at one time which doubles the
bandwidth required.
• VPN – Virtual Private Network
• Web – The Internet or World Wide Web
• Web Surfing – The searching for and accessing of various Internet web sites
III. Statement of Policy
Authorized JLVpn faculty, staff and third parties (customers, vendors, etc.) may utilize
the benefits of a VPN. An existing connection to the Internet is required and is not
provided by JLVpn State University. While dialup access can utilize a VPN
connection, performance is very slow and is not recommended
Requests must be made to the IT Service Center. Approval will be based on a demonstrated
need for remote VPN access. No reasonable request will be refused, but the process is
necessary to account for utilization of VPN services. Appeals may be made through the
normal channels.
Additionally,
1. It is the responsibility of those with VPN privileges to ensure that unauthorized users are
not allowed to access JLVpn internal networks.
2. When actively connected to the JLVpn network, the VPN will force all traffic to and
from the workstation over the VPN tunnel: all other traffic will be dropped.
3. Dual (split) tunneling is NOT permitted; only one network connection is allowed.
4. Users shall not use the VPN for web surfing that does not otherwise require it for access.
In other words, when the user has completed accessing the JLVpn Intranet, they must
end the VPN session prior to normal web access. However, it is completely acceptable to
use the VPN to access JLVpn specific resources such as the Library databases or
other resources requiring the session to be generated from the JLVpn IP address
range.
5. VPN gateways/concentrators will be set up and managed by ITS.
6. All computers connected to JLVpn internal networks via VPN or any other technology
must use properly configured, up-to-date anti-virus software; this includes all personallyowned
computers.
7. VPN users will be automatically disconnected from the JLVpn network after thirty
minutes of inactivity. The user must then logon again to reconnect to the network. Pings
or other artificial network processes are not to be used to keep the connection open.
8. ITS reserves the right to configure the VPN concentrator to limit connection times to
normal business hours or as determined by demonstrated need.
9. Users of computers that are not JLVpn-owned equipment must configure the
equipment to comply with all JLVpn VPN and Network policies.
10. Only Cisco IP Sec VPN client may be used. Clients are available for all operating
systems and may be found on the ITS website.
11. By using VPN technology with personal equipment, users acknowledge that their
machines are a de facto extension of the JLVpn network, and as such are subject to
the same acceptable use policy that applies to JLVpn-owned equipment. Therefore
these systems must be configured to comply with any ITS Security Policies.
IV. Scope
This policy applies to all JLVpn faculty, staff, contractors, consultants, temporary
employees, and all personnel affiliated with third parties utilizing VPN to access the
JLVpn network. This policy applies to implementations of VPN that are directed
through IPSec Cisco VPN devices and authentication.
V. Exceptions
Any exceptions to this Policy must be approved in writing by ITS.
VI. Enforcement
If security is breeched as a result of a violation of this policy, the person guilty of such
violation may be subject to disciplinary action. ITS reserves the right to restrict any device
or connection that does not comply with this policy.
VII. Attachments
None.