NIST logo
*
Bookmark and Share

SSL Remote Access (NIST-staff only)

My computer is not NIST-owned. May I use the SSL Remote Access Service?

The SSL Remote Access service is configured to support NIST-owned computers. Access from personally-owned or other non-NIST computers, configured to meet NIST remote access requirements, is permitted and may work. Support for users with non-NIST computers is limited. Contact the NIST IT Assistance Center or your NIST Sponsor for the configuration procedure to follow.

I tried to connect to inside.nist.gov, and got the error message: "If you are experiencing connectivity issues, please click here for possible solutions, or call iTAC." What does this mean?

Some possible reasons for this message are:

  • You may be running an unsupported operating system;
  • You may not have administrative rights, which are needed so that inside.nist.gov can install plugins; or
  • Needed plugins cannot be installed for some other reason.

I cannot access SSL Remote Access or I'm having trouble logging in. What can I do?

The only URL to remember is:

What are the browser requirements to use SSL Remote Access?

SSL Remote Access requires that you use an Internet browser capable of TLS 1.0 encryption. Here are the browsers and versions you can use: (Please note any special settings that must be enabled.)

If using Microsoft Internet Explorer (IE), you must have version 9.0 or later. To check the version, on the Menu Bar click Help | About Internet Explorer. Please verify the following settings by clicking Tools | Internet Options:

Note: Some of these settings may be pre-set and cannot be changed. Users can skip these settings and proceed with changing those settings that can be changed.

  • Add inside.nist.gov, inside-g.nist.gov, inside-b.nist.gov in the Trusted sites. (Security tab)
  • Accept inside.nist.gov, inside-g.nist.gov, inside-b.nist.gov in the Pop-up Blocker list of exceptions (Privacy tab)
  • Enable TLS 1.0 (Security section under Advanced tab)
  • Enable Java Scripting (Scripting section from Custom Level under Security tab)
  • Enable Cookies (Cookies section from Advanced under Security tab)
  • After changing settings, refresh or restart the browser

If using Mozilla Firefox, you must have version 25.0 or newer. To check the version, on th Menu Bar click Help | About Firefox. Although security settings may already be defaulted to the proper values, you should verify by doing the following in this order [Windows - (Tools | Options); Linux - (Edit | Preferences); Mac – (Firefox | Preferences)]:  

  • Allow inside.nist.gov, inside-g.nist.gov, inside-b.nist.gov to the block pop-up list (Exceptions under Content tab)
  • Allow inside.nist.gov, inside-g.nist.gov, inside-b.nist.gov to install add-ons list (Exceptions under Security tab)
  • Enable JavaScript (Content tab) Accept Cookies (Privacy tab) Use TLS 1.0 (Advanced | Encryption)
  • After making changes, restart the browser

If using Safari, use version 5 or newer, no configuration changes are required to security settings.

I'm still having trouble accessing SSL Remote Access. What else can I try?

If you are still experiencing problems, the best approach is to remove the SSL RA plug-ins/components. The necessary plug-ins/components will be reinstalled automatically the next time you connect to the site. Follow the instructions for your Operating System: [Windows] [Mac OS X] [Linux]

Windows:

If using Windows 7

Control Panel | Programs and Features

Remove all programs that start with 'BIG-IP Edge'

Mac OS X:

The Mac OS X utilizes common components/plug-ins. The procedure listed below will un-install the SSL Network Access for all supported browsers under OS X.

>Open Finder | Go | Applications | Terminal |Utilities | Terminal

>Remove the following file and directory as shown below:

Note: sudo privilege is required for removal.

Removing SSL VPN components

If all existing SSL VPN components are not removed, upgrading to a newer version will fail. To remove the SSL VPN components, perform one of the following procedures:

Removing SSL VPN components with Mac OS version 10.6.x.1

Open Finder | Go | Applications | Terminal | Utilities | Terminal

>Remove the following file and directory as shown in the Terminal session below:

remote access screenshot

Linux:

Firefox and Chrome share the common core VPN components. Removal instructions follow:

>Open terminal window.

>Remove the following directory as shown in the Terminal session below:

remote access screenshot

Removal of Browser Plugins

Firefox:

>Open Firefox, select Tools -> Add-ons

>Highlight 'f5 sam inspection host plugin' and click 'Remove'

>Highlight 'Default 7091.2013.725.1 (or current version) By F5 Networks' and click 'Remove'

remote access screenshot

>Close Firefox

How can I determine my IP address?

To assist in troubleshooting, it is helpful to know what IP address a user is coming from. Click My IP to determine your IP address.

When my antivirus software is running and the virus definitions are up-to-date, why is my computer still failing the antivirus pre-logon checks?

If you get the message:

Login denied - antivirus software was detected on your machine but it is not running. Please start up your antivirus software and try logging in again. 

or

Login denied - your machine must have antivirus software installed and running with an antivirus database no more than 14 days old.

It is likely that you are running more than one antivirus program on your computer. Please check to insure that there is only one antivirus program installed on your computer. Verify which antivirus programs are installed on your computer, then remove the programs you do not want: click on Control Panel | Add/Remove Programs.  Once you resolve the multiple antivirus programs issue, your access to inside.nist.gov/inside.boulder.nist.gov should be restored.

If you are running only one AntiVirus (AV) program and still having an issue, most likely your AV program is not supported. Please contact iTAC.  

I'm having issues installing the Network Access plug-in automatically in Linux. Is there a way to manually perform the install?

Yes, here are the steps you need to follow: 

  • Click on the 'Network Access' title (in bold above NIST (Boulder) Network Access) 
  • Click <Show info> link if necessary, otherwise a detailed instruction page is presented. 
  • Follow the steps listed under 'To install the Network Access plug-in manually'. The 'Plugin' and 'Other components' are clickable links that will download the plug-in.

I'm having the error message - 'Couldn't open proxy server' when installing the Network Access plug-in. What can I do?

If you are still experiencing problems, removing the SSL RA plug-ins/components will resolve the issue. To remove the SSL RA components, please refer to the instructions above. 

The NIST Information Technology Assistance Center (iTAC) is available for technical support.