Authorized Users who are reviewed by the Information Technology Services department may utilize Virtual Private Networks. A VPN is a “user-managed” Service, in which the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation of the Service as well as any required Software, and paying all fees. Further details may be found in the Remote Access Policy documentation.

1. It is the responsibility of the Authorized VPN User to ensure that Unauthorized Users are not allowed access to the University Information Technology Network.
2. Authorized Users must be in compliance with the Password Policy.
3. When actively connected to the University Information Technology Network, the VPN Software forces all traffic to and from the user’s information technology resource over the VPN tunnel. All other traffic is dropped.
4. Dual (or split) tunneling is not permitted. Only one Network connection is allowed.
5. VPN gateways must be set up and managed by Information Technology Services personnel.
6. All information technology resources connected to the University Information Technology Network by Authorized Users via VPN or any other technology must use the most recent corporate-standard Anti-Virus Software.
7. Authorized VPN Users are automatically disconnected from the University Information Technology Network after thirty minutes of inactivity. The Authorized VPN User must then log on again to reconnect to the University Information Technology Network. Pings or other artificial Network processes must not be used to keep the connection open. Special consideration for campus centers will be granted.
8. The VPN concentrator is limited to an absolute connection time of 24 hours.
9. Authorized Users of information technology resources that are not owned by the University must configure their resources to comply with the University's VPN and Network Policy documentation.
10. Only VPN clients utilized by Authorized Users and approved by appropriate Information Security personnel can be used.
11. By using VPN technology with personal equipment, Authorized Users must understand that their machines are a de-facto extension of the University Information Technology Network, and as such are subject to the same rules and regulations that apply to equipment owned by the University (i.e. their machines must be configured to comply with University Information Technology Policies and Procedures documentation).