Overview

Departmental VPN service is operated alongside the campus VPN service and provides connected clients an IP address on a UCSB departmental network.  It is intended for use by departments hosting services behind a departmental firewall or ACL that restricts the usage of those services to users on the same network.  Departmental VPN requires MFA, and departments can independently manage who is permitted use of their VPN.

What You Need

information icon

Request Information

Read installation and usage instructions. Contact ets-info@ucsb.edu for questions, troubleshooting, and support.
 

Departmental VPN Request Form

Network Architecture
Provide 2 x IP addresses on the Dept. subnet for VPN appliance/node addressing (contiguous preferred)
VPN client IP address allocation

Dept. should consider using a maskable range for easy ACLs, and to ensure adequate quantity to cover expected department’s concurrent VPN users.
 

IP address allocation
Campus VPN servers will allocate IP addresses to clients. Addresses not need to be contiguous.
Dept. DHCP server will allocate IP addresses to clients
DNS preferences (optional)

If desired, department-specific DNS settings can be pushed to VPN clients. 

Group Tagger Managers

We will request a new Group Tagger group created for you from Identity. Your dept. needs to specify who will administer group membership - membership in the group is used for Role Mapping, which presents the Dept. network role choice to user after authentication on the VPN. 

Optional preferences

(idle, max, reminder) if something other than default is desired. Defaults are: idle: 60 min, max session 720 min, reminder 5 min.