Site-to-site VPN Request

A site-to-site VPN (Virtual Private Network) connection allows for data to be sent between two sites over the public Internet in a secure, encrypted format. Once a VPN "tunnel" has been configured between two sites, data sent between the two sites is sent "through the tunnel" instead of being sent in clear text over the Internet.  A VPN device at the source site encrypts the data and sends it to the VPN device at the destination site that decrypts the data. Even if the data is intercepted over the Internet, it cannot be read because it has been encrypted and can only be decrypted by the VPN device on the receiving side of that specific tunnel. The encryption/decryption of data is done automatically and is completely transparent to the users and the applications at the two sites.

 

The "Vendor_S2S_VPN_Blank.xlsx" which is attached to the bottom right of this service request needs to be filled out by the vendor before submission of a ticket.  Failing to do so could result in a delayed implementation.

Encryption Methods

OU utilizes Palo Alto Networks firewalls for secure VPN communication to third-party sites via the Internet.  All connections use the IPsec communications protocol suite, including the Internet Key Exchange (IKE) protocol.

Requirements

  1. To establish a VPN connection with OU, your VPN device must support IPSec. OU will make a best effort attempt to build to any VPN device that supports the IPSec standard, however we cannot guarantee compatibility.
  2. Your ISP must not be blocking VPN traffic, which consists of the following protocols:
    • UDP (Protocol 17) Port 500
    • ESP (Protocol 50)
  3. Only “public addresses” assigned to your organization by ARIN or your ISP, or RFC1918 “private addresses” (see requirement 4) will be routed across the VPN connection.
  4. In some cases, NAT (Network Address Translation) will be required if your addressing scheme uses RFC1918 compliant "private addresses" or is based on arbitrary addresses that are not registered to your organization.

Installation Process

Once this form is completed and returned to OU Information Security, an OU Information Security Engineer will use the information in this form to configure the OU side of the VPN and then contact the Technical Contact(s) listed in this form and provide the information necessary for them to configure your side of the VPN. The OU Information Security Engineer will then schedule a time to work with the Technical Contact(s) to test the VPN to ensure that it is passing data correctly.  The installation process typically takes 1-2 weeks.

Cost

  • There is a one-time charge at the professional services rate of $75/hr for VPN configuration. 
  • There is also an annual charge of $500 to cover maintenance and licensing costs.

Availability

All requests require a Business sponsor that will be the approving authority for the creation of the VPN and will be the primary point of contact regarding any issues with the VPN.

Service Alerts

Check Alerts Subscribe

Can't find what you're looking for?

Contact Us