*
Bookmark and Share

SSL Remote Access (NIST-staff only)

I cannot access SSL Remote Access or I'm having trouble logging in. What can I do?

There are two SSL Remote Access servers, one in Gaithersburg and one in Boulder. Either one provides access to both sites. User accounts are the same at both sites. If you are having trouble with one site, try the other. The two sites are: 

What are the browser requirements to use SSL Remote Access?

SSL Remote Access requires that you use an Internet browser capable of TLS 1.0 encryption. Here are the browsers and versions you can use: (Please note any special settings that must be enabled.)  

► If using Microsoft Internet Explorer (IE), you must have version 8.0 or later. To check the version, click Help | About. Please verify the following settings by clicking Tools | Internet Options:  

Note: Some of these settings may be pre-set and cannot be changed. Users can skip these settings and proceed with changing those settings that can be changed.

  • Add inside.nist.gov, inside.boulder.nist.gov, serv.nist.gov in the Trusted sites. (Security tab)
  • Accept inside.nist.gov, inside.boulder.nist.gov, serv.nist.gov in the Pop-up Blocker list (Privacy tab)
  • Enable TLS 1.0 (Security section under Advanced tab)
  • Enable Java Scripting (Scripting section from Custom Level under Security tab)
  • Enable Cookies (Cookies section from Custom Level under Security tab)
  • After changing settings, refresh or restart the browser

► If using Mozilla Firefox, you must have version 4.0 or newer. To check the version, click Help | About. Although security settings may already be defaulted to the proper values, you should verify by doing the following in this order [Windows - (Tools | Options); Linux - (Edit | Preferences); Mac – (Firefox | Preferences)]:  

  • Allow inside.nist.gov, inside.boulder.nist.gov, serv.nist.gov to the block pop-up list (Exceptions under Content tab)
  • Allow inside.nist.gov, inside.boulder.nist.gov, serv.nist.gov to install add-ons list (Exceptions under Security tab)
  • Enable JavaScript (Content tab) Accept Cookies (Privacy tab) Use TLS 1.0 (Advanced | Encryption)
  • After making changes, restart the browser

► If using Safari use version 5 or newer, no configuration changes are required to security settings.

I'm still having trouble accessing SSL Remote Access. What else can I try?

If you are still experiencing problems, the best approach is to remove the SSL RA plug-ins/components. The necessary plug-ins/components will be reinstalled automatically the next time you connect to the site. Follow the instructions for your Operating System: [Windows] [Mac OS X] [Linux]

Windows:

►Remove SSL RA plug-ins/components on Windows XP

Control Panel | Add or Remove Programs

Remove all programs that start with 'BIG-IP Edge'

►If using Windows 7

Control Panel | Programs and Features

Remove all programs that start with 'BIG-IP Edge'

Mac OS X:

The beauty of Mac OS X is the utilization of common components/plug-ins. The procedure listed below will un-install the SSL Network Access for all supported browsers under OS X.

► Open Finder | Go | Applications | Terminal |Utilities | Terminal

► Remove the following file and directory as shown below:

Note: sudo privilege is required for removal.

Removing SSL VPN components

If all existing SSL VPN components are not removed, upgrading to a newer version will fail. To remove the SSL VPN components, perform one of the following procedures:

Removing SSL VPN components with Mac OS version 10.6.x 1.

  1. Open the Terminal application. 
  2. Start a superuser session by typing the following command: 

su 

  1. When prompted, enter the superuser password. 
  2. Change directories to the /Library/Internet Plug-Ins/ directory by typing the following command:   

cd /Library/Internet\ Plug-Ins/   

  1. Remove the main SSL VPN components by typing the following commands.                

rm -r F5\ SSL\ VPN\ Plugin.plugin 

rm -r f5_sslvpn.bundle

rm -rf F5\ Inspection\ Host\ Plugin.plugin  

  1. Change directories to your home directory's /Internet Plug-Ins subdirectory by typing the following command: 

cd ~/Library/Internet\ Plug-ins  

  1. Remove any SSL VPN components by typing the following command: 

rm -r F5*

rm -r f5*  

  1. Change directories to the /private/tmp/ directory by typing the following command:  

cd /private/tmp/  

  1. Identify the SSL VPN client installer package by typing the following command:  

ls f5* 

This command should display one directory with a name that begins with f5 and is followed by 13 digits. This is the name of the installer package.  

  1. Remove the SSL VPN client installer package by typing the following command, replacing the question marks with the numerical portion of the file name:

rm -r f5?????????????  

  1. Change directories to the /private/var/db/receipts/ directory by typing the following command:   

cd /private/var/db/receipts/  

  1. Remove the SSL VPN client bill of materials by typing the following command: 

 rm -rf F5*  

  1. Close your superuser session by typing the following command: 

exit

Removing SSL VPN components with Mac OS version 10.5.x or earlier

  1. Open the Terminal application. 
  2. Start a superuser session by typing the following command: 

su   

  1. When prompted, enter the superuser password.
  2. Change directories to the /Library/Internet Plug-Ins/ directory by typing the following command:

cd /Library/Internet\ Plug-Ins/  

  1. Remove the main SSL VPN components by typing the following commands.

rm -r F5\ SSL\ VPN\ Plugin.plugin   

rm -r f5_sslvpn.bundle

rm -rf F5\ Inspection\ Host\ Plugin.plugin  

  1. Change directories to your home directory's /Internet Plug-Ins subdirectory by typing the following command:

cd ~/Library/Internet\ Plug-ins  

  1. Remove any SSL VPN components by typing the following command:  

rm -r F5*  

  1. Change directories to the /private/tmp/ directory by typing the following command:  

cd /private/tmp/  

  1. Identify the SSL VPN client installer package by typing the following command:

ls f5*  

This command should display one directory with a name that begins with f5 and is followed by 13 digits. This is the name of the installer package.  

  1. Remove the SSL VPN client installer package by typing the following command, replacing the question marks with the numerical portion of the file name:

rm -r f5????????????? 

  1. Change directories to the /Library/Receipts/ directory by typing the following command:

cd /Library/Receipts/  

  1. Remove the SSL VPN client build by typing the following commands:

rm -rf SSLVpn.pkg

rm -rf mac_sslvpn.pkg   

  1. Remove the SSL VPN client build by typing the following command:

rm -rf F5*  

  1. Close your superuser session by typing the following command: 

exit

Linux:

The procedure listed below will un-install the SSL Network Access for Firefox and Mozilla browsers under Linux.

► Open a terminal window using an account with root privileges, or using the su command.

cd /usr/local/lib/

rm –r F5Networks

How can I determine my IP address?

To assist in troubleshooting, it is helpful to know what IP address a user is coming from. Click My IP to determine your IP address.

When my antivirus software is running and the virus definitions are up-to-date, why is my computer still failing the antivirus pre-logon checks?

If you get the message:

Login denied - antivirus software was detected on your machine but it is not running. Please start up your antivirus software and try logging in again. 

     or

Login denied - your machine must have antivirus software installed and running with an antivirus database no more than 14 days old.

It is likely that you are running more than one antivirus program on your computer. Please check to insure that there is only one antivirus program installed on your computer. Verify which antivirus programs are installed on your computer, then remove the programs you do not want: click on Control Panel | Add/Remove Programs.  Once you resolve the multiple antivirus programs issue, your access to inside.nist.gov/inside.boulder.nist.gov should be restored.

If you are running only one AntiVirus (AV) program and still having an issue, most likely your AV program is not supported. Please contact iTAC.  

I'm having issues installing the Network Access plug-in automatically in Linux. Is there a way to manually perform the install?

Yes, here are the steps you need to follow: 

  • Click on the 'Network Access' title (in bold above NIST (Boulder) Network Access) 
  • Click <Show info> link if necessary, otherwise a detailed instruction page is presented. 
  • Follow the steps listed under 'To install the Network Access plug-in manually'. The 'Plugin' and 'Other components' are clickable links that will download the plug-in.

I'm having the error message - 'Couldn't open proxy server' when installing the Network Access plug-in. What can I do?

If you are still experiencing problems, removing the SSL RA plug-ins/components will resolve the issue. To remove the SSL RA components, please refer to the instructions above. 

The NIST Information Technology Assistance Center (iTAC) is available for technical support Monday through Friday, 7:30am-5:30pm, Eastern UTC-5 and Mountain UTC-7 time. NIST staff seeking remote access assistance may contact iTAC in Gaithersburg, Maryland, at 301-975-5375 or Boulder, Colorado, at 303-497-5375.