Set Up a Departmental VPN
With a departmental virtual private network (VPN), a Cornell department, college, or unit can establish and manage VPNs for exclusive use by their staff.
This article applies to: CU VPN
The departmental VPN option allows units to establish and manage VPNs for exclusive use by their own staff—effectively restricting access to individuals identified by and working within the unit. Departments can have one or more private networks, and individuals can be in as many as the department allows.
Going forward, all new Departmental VPNs will require Two-Step Login.
The service consists of the secure provision of a block of IP addresses. Due to resource considerations, departmental VPNs must match the master configuration. It is not possible to do custom configurations of:
- Access control lists
- Login expiration times
- System security
- Security
Set Up a Departmental VPN
- First, choose the Active Directory group you'll use for the departmental VPN.
- If you have an Active Directory group ready to use, continue with step 2.
- If you need to create a new Active Directory group, see our Create a Group article.
- Submit an Add/Remove VPN Pool request including the name of your Active Directory group. You'll receive an email when the pool has been created, typically within three business days.
- Next, add or remove NetIDs for your group.
- Once your departmental VPN is ready, you can share the set-up and connection procedures with your users.
Departmental VPNs that have not been used for 90 days or more may be deactivated. Network Engineering will contact the appropriate Network Administrators before deactivation occurs. The IT Security Office will then contact the appropriate Security Liaisons to remove references to the departmental VPN in the Managed Firewall Service.
Comments?
To share feedback about this page or request support, log in with your NetID