Remote Access Guide /
SSL VPN/IPSec VPN /
InfoSec Architecture & Operations /
7/8/2014 /
This document describes setting up remote access through the SSL VPN systems in the Quincy and Plano data centers. /
Contents
Background
Accessing SSL VPN in Quincy and Plano Data Centers
Step 1 - Accessing the new SSL VPN Portal and AnyConnect
SSL VPN Portal URLs
Supported Browsers:
Supported Anti-Virus
Other Settings/Considerations
Step 2 – Self-provisioning a Client Side Certificate
Verify the Certificate
***Trouble Shooting Internet Explorer Cert Provisioning Process***
***Trouble Shooting JAVA/CHROME Cert Provisioning Process ***
Step 3 - Accessing SSL VPN Portal
Step 4 – Installing AnyConnect Client
Viewing Details of the Connection
Launching AnyConnect via the Start Menu
Disconnecting AnyConnect
Background
CoreLogic provides remote access to its networks via Virtual Private Network (VPN) systems. The VPN system assures security of the data flowing offsite through the Internet by the use of Secure Socket Layer encryption.
Accessing SSL VPN in Quincy and Plano Data Centers
Step 1 - Accessing the new SSL VPN Portal and AnyConnect
There are two new Dell DataCenters, each with a SSL VPN system. A user can select either and expect a similar experience. However selecting the one closer geographically may reduce latency. Modern Enterprise class Anti-Virus is required for all AnyConnect connections.
SSL VPN Portal URLs
- Pacific and Mountain Time Zone Users : – Quincy
- Central and Eastern Time Zone Users: Plano
Supported Browsers:
- Internet Explorer 8, 9, 10
- Please use the 32 bit version of the browser if you are on a 64 bit machine
- Chrome 35+
Supported Anti-Virus
- Symantec
- MacAffee
- TrendMicro
- AVG
- Microsoft Security Essentials
Other Settings/Considerations
- Disconnect from all current VPN sessions.
- *.corelogic.com websites should be added to “Trusted Websites” list in your browser security settings
- Admin rights are required to run the secure desktop check and install AnyConnect client. Please submit an OPAS ticket to Service Desk with the description “VPN Installation Assistance Required” if you need temporary Admin rights to your machine.
- There is a known issue with IE that prevents it from displaying the portal login page. If you get a “Page Cannot Be Displayed” message when going to either website, please use Chrome.
- If you are using Chrome, please ensure your Java is version 6.17 or later.
Step 2 – Self-provisioning a Client Side Certificate
Open a supported browser and go to the URL determined above.
Depending on the browser, you will get a warning to either run an ActiveX control (IE) or Java Applet (Chrome). The following screenshots are what Chrome users will see. IE users will be very similar.
IE Users– When prompted click “Run Active X Control”
Chrome Users - When Prompted Click “Always run on this site”
Chrome – When prompted, click Allow
Chrome – When prompted, click the checkbox and then Run
If you do not have a valid certificate, the following screen will show up with the UserName field blank. If the user name field is pre-populated with your ISC account, this means you already have a valid certificate. You can skip to Step 3 – Accessing SSL VPN Portal
Since the username is not populated, the system will go through the out of band self-provisioning process upon successful authentication.
Select your domain from the drop down list box, enter your domain account credentials (Username & Password). Then click Login.
Click Continue
Your ISC account name will be included in the instructions text. Click the Continue button.
Depending on the data stored on your AD Account, you may see more than one option for One Time Passcode (OTP) delivery. This screen allows you to instruct the system to send the OTP to either Email, Voice, or SMS Text.
TIP If no viable option is available please submit an OPAS – Remote Access Digital Certificate ticket. In it, supply the method for receiving the OneTime Passcode
Select the desired channel and click Submit.
The OTP is sent out from the system. You will receive the message depending on the selection made in the previous step. If you do not receive the OTP, click the link “Please click here to use and alternate registration method.”
When the OTP is received, enter it into the Registration Code: field and click Submit.
The system will then ask for your domain credentials.
Enter your ISC password and click Submit
The system will install a certificate into your browser’s certificate cache. Depending on your browser’s security settings you may get a bar at the top of the screen with a security warning regarding installing Active X controls. Right click the bar and “Allow” the browser to install the Active X control. After doing so a countdown timer will be displayed. Please wait until the certificate is completely installed.
When the certificate is installed, the screen above will be displayed. Do not click Restart Login, rather close down the browser and re-open the SSL VPN Portal URL
- Pacific and Mountain Time Zone Users : – Quincy
- Central and Eastern Time Zone Users: – Plano
Verify the Certificate
To verify a certificate is installed correctly, open Internet Explorer and select ToolsInternet OptionsContent. Click the Certificates button. Your certificate should be in the list of “Personal Certificates” It will be Issued Toyour ISC account user name and Issued by MFCIssuer3Sierra.banner.
***Trouble ShootingInternet Explorer Cert Provisioning Process***
Issue 1
If you receive the following message when using Internet Explorer and accessing the portal websites:
- – Quincy
- – Plano
Use Chrome to self-provision your certificate.
Issue 2
This system supports Internet Explorer versions 8, 9, and 10. To identify the version you are running, open IE and click About Internet Explorer under the Help toolbar option.
***Trouble Shooting JAVA/CHROME Cert Provisioning Process***
Issue 1
- If you are installing via Chrome/Java and receive the following message:
- You may (depending on the Java version) have the option to add the SSL portals ( and “Trusted Sites”.
- To open the Java Control Panel Go to StartControl Panel Java then click the Security Tab
Step 3 - Accessing SSL VPN Portal
You should now be able to access the SSL VPN Portal.
- Pacific and Mountain Time Zone Users : – Quincy
- Central and Eastern Time Zone Users: – Plano
Upon entering either website, you may be prompted to select your certificate.
If so, find the one issued to your domain account by MFCIssuer3Sierra.banner.multifactortrust3.comand click OK.
The portal login page is displayed. Notice that your domain user ID is pre-populated. This is a sign that your certificate is recognized by the system.
Click Continue to access the SSL VPN Portal
The SSL VPN Portal page will be displayed with a number of options:
- Home / Web Applications– Presents bookmarks to a few common sites both internal and external to the CoreLogic Network
- AnyConnect – Provides a link to connect to the network through the “AnyConnect”client. If your machine does not have the AnyConnect client, it will automatically download and install it.
- Application Access – Advanced users can access internal resources through the Application Access list of “Smart Tunneled” applications. Please note RDP access is limited to systems on the Enterprise side of the network only (ie user desktops). To RDP to Production areas of the network, you must use AnyConnect to connect.
- MetaFrame Access – Provides an address box to allow a user to submit a url to a Citrix environment and access a Citrix portal. Note, the Credco Citrix portal and CL Citrix web are available via the Links on the Home/Web Applications as well.
Step 4 – Installing AnyConnect Client
Installation of the AnyConnect client is done through the SSL VPN portal. Please refer to Step 3 above for details on accessing the portal.
AnyConnect on the navigation bar on the left and then click the Start AnyConnect link in the middle of the screen. If the machine connecting does not have an AnyConnect client, one will be downloaded and installed.
IE Users – Click the Install button when prompted
Chrome Users – Click the Run Button when prompted
The installation status screens will update you on the progress of the install. Once completed, the AnyConnect client will initialize a new AnyConnect connection to the network.
The AnyConnect Session is established. Notice the green checkmark on the padlock in the screen above.
You can logout of SSL VPN portal at this point by clicking the “Logout” or RedX button on the top right of the portal screen. Doing so will not disconnect the AnyConnect session.
Viewing Details of the Connection
Establishing an AnyConnect connection will re-ip your machine on your network. You can see the new IP address along with other diagnostic information through the Advanced settings screen.
Access the Advanced Settings screen by:
- right click the AnyConnect icon in the system tray,
- Select Open AnyConnect Option
- Click the gear icon in the Cisco AnyConnect Secure Mobility Client window
- Click the Statistics tab on the AnyConnect Secure Mobility Client details window.
Launching AnyConnect via the Start Menu
Once the Cisco AnyConnect client is installed on the machine, subsequent connections to the VPN system can be initiated through the Start Menu. The location of the application in the Start Menu may vary.
Start Cisco AnyConnect Secure Mobility Client
Select the connection profile to connect to. You should have a similar experience on either. Select the profile closest to you geographically:
West Coast and Mountain – vpn.wtc.corelogic.com
Central and East Coast– vpn.ptc.corelogic.com
Enter your ISC account password and click the “OK” button.
Disconnecting AnyConnect
Right click the task bar icon for the Cisco AnyConnect Secure Mobility client
Click the Disconnect button to terminate the AnyConnect VPN Session.
CoreLogic – Proprietary and Confidential 1