Caltech VPN Troubleshooting

If you haven't already done so,go to https://help.caltech.edu to request VPN service.
Select request type IMSS-->Network, Wireless & Remote Access-->VPN Request Form.


Important note when using access.caltech applications

When using access.caltech applications, please select the Group: 2- Tunnel- All -Traffic option when connecting to Caltech VPN. 

Important note for Library journal database users

Remote journal access should now be done through the Library's authenticated proxy server using your IMSS (access.caltech) username and password. No special URL is needed; when you visit the Library pages and click on a database link, the Library proxy server will automatically detect whether you are connecting from a campus address, and will ask for your access.caltech username and password if you are connecting from off campus. VPN is no longer necessary for Library journal database access.


Troubleshooting common problems

  1. AnyConnect will not start.
    You may need to temporarily disable your anti-virus program to use AnyConnect. Check with your anti-virus vendor to see if there's an update.

  2. AnyConnect does not establish a secure connection.

    • Check to see if you are properly connected to the VPN tunnel:
        When you click on this Caltech link, When you click on this DSLreports.com link
      If you are using the 'Caltech-Only' profile, you should see: An IP address starting with 131.215.248.xxx or 131.215.249.xxx Your normal IP address (as assigned by your ISP)
      If you are using the 'Caltech-TunnelAll' profile, you should see: An IP address starting with 131.215.248.xxx or 131.215.251.xxx An IP address starting with 131.215.249.xxx or 131.215.251.xxx
    • Check to see your password is being entered correctly.
      Go to https://utils.its.caltech.edu and log in using your access.caltech username and password. If you cannot log in, that means you are misremembering either your username or your password. You may wish to contact the Help Desk at x3500 to have your password reset.
      If you can log in, check to make sure that it says, "VPN access is enabled". If it's not, click here to sign up for VPN access. If you used to have VPN access and it has suddenly been disabled, please contact us at http://help.caltech.edu (request type IMSS-->Network, Wireless & Remote Access-->Cannot connect to-->VPN).
    • Check to see if Internet Connection Sharing (ICS) is turned on (Windows only).
      To see if ICS is turned on, go to Control Panel->Network and Sharing Center. Click on Change adapter settings. One of your network connections will be the one connected to your DSL router, cable modem, etc. Right click on the icon and choose the Properties item. In the dialog that comes up, click on the Sharing tab. If ICS is enabled, the checkbox labeled "Allow other network users to connect through this computer's Internet connection" will have a check in it. Click on it to remove the check mark. Then click on OK.
      If you don't see the Sharing tab in the Properties dialog, then ICS is not active.
    • Check with the system administrators of the site you want to connect to.
      If you are not able to connect to a site that you used to be able to connect to, you may need to contact the site's administrators. The range of IP addresses AnyConnect uses is 131.214.248.xxx to 131.215.249.xxx. If you don't know who administers the site you want to connect to, talk to your supervisor or system administrator, orcontact us at http://help.caltech.edu (request type IMSS-->Network, Wireless & Remote Access-->Cannot connect to-->VPN).
    • On MacOS, if the Back to My Mac feature is running, VPN connections via AnyConnect will fail.

      Temporarily stopping Back To My Mac will allow AnyConnect to function properly. To stop the Back to My Mac service, choose System Preferences from the Apple Menu. Within System Preferences, choose Internet & Sharing, then Mobile Me. In the Mobile Me window, click on Back To My Mac. Click on the Stop button to stop the service.

  3. Mac OS Snow Leopard and Lion hang when using the Caltech VPN web site.

    A recent update to Java on the Mac OS appears to be incompatible with a number of Java applications. The AnyConnect installer is affected by this issue. Users can work around the problem by temporarily disabling Java in the web browser.
     
    Safari:
    From the Safari menu, choose Preferences. In the Preferences dialog, choose the Security tab. In the Web content section, click on the Enable Java checkbox to remove the checkmark. Close the Preferences window.
     
    Firefox:
    Depending on the version of Firefox, the Enable Java option may be in one of two places.
     
    1. From the Firefox menu, choose Preferences. In the Preferences dialog, chose the Content tab. Click on the Enable Java checkbox to remove the checkbox. Close the Preferences dialog.
     
    2. From the Tools menu, choose Add-ons. In the Add-ons dialog, find the Java Plugin or Java Embedding Plugin entry. Click on the Disable button. Close the Preferences dialog.
     
    With Java disabled, users can go to the https://vpn.caltech.edu web site and log in. The AnyConnect installer will attempt to detect the Java installation, but will time out after one minute. The option for a manual install will then be presented. Complete instructions for a manual installation are here: http://www.imss.caltech.edu/node/745#manual_install
    Users should understand that the web site is primarily intended for installation, and is not the normal way to launch the Caltech VPN. Detailed usage instructions are here: Using the Caltech VPN AnyConnect Client
  4. AnyConnect fails to install on Mac OS Mountain Lion

    On Mountain Lion, the AnyConnect installation may fail with the error message "vpn.pkg is damaged and can't be opened. You should eject the disk image." This is due to the new security protections in Mountain Lion. To allow the install toproceed, go to System Preferences->Personal->Security & Privacy. Launch the Secuity and Privacy applet. Cick on the General tab to hightlight it. Click onthe lock icon to allow changes. Under the heading "Allow applications downloaded from:" click on the Anywhere radio button. Now double click on the vpn.pkg install package. The installation should proceed as normal. When it is finished, you can change the Security & Privacy setting back to the previous setting.