I’m trying to get up to speed on the LSP but getting stuck at Step 1.
My platform: Windows 10 (2 laptops).
I successfully connect to the NCSA VPN as follows:
enter sslvpn.ncsa.illinois.edu into Cisco AnyConnect
when connected, enter password and “push”
authenticate with DUO on iPhone
point browser to https://lsst-lsp-stable.ncsa.illinois.edu/
After ~ 30 second the browser times out with message “The server at lsst-lsp-stable.ncsa.illinois.edu is taking too long to respond.”
Tried this multiple times on each laptop, use Firefox or MS Edge browsers, same result.
At least on the Mac there are several groups that you can select within Cisco AnyConnect. “ncsa-vpn-default” is the correct one to select.
If that doesn’t solve the problem, then the next question would be whether you can lookup the IP address for lsst-lsp-stable.ncsa.illinois.edu or if it is a routing problem thereafter.
Cisco AnyConnect is not pre-populated with VPN names.
I’m not an experienced user of AnyConnect.
Based on another user’s suggestion I point AnyConnect at “sslvpn.ncsa.illinois.edu” as stated above, and go through the password/push authentication process. After that completes AnyConnect says “VPN: connected to sslvpn.ncsa.illinois.edu” and the dialog box shows “NCSA SSLVPN”.
If I enter “ncsa-vpn-default” AnyConnect fails with error message “The VPN connection failed due to unsuccessful domain name resolution”.
Note that I (on Windows 10) am using “Cisco AnyConnect Secure Mobility Client” Version 4.8.03052 which I installed based on my organization’s recommendation. I.e. I did not download from the URL given in the RSP wiki. Is there another Cisco VPN product, and could this be the issue? The user interface has only a single “Connect” dialog box.
In a Windows Command Prompt, after getting the “VPN connected” message, can you execute ping lsst-lsp-stable.ncsa.illinois.edu or ping 141.142.182.135?
@ktl that fixed it, thanks. Not sure why Cisco defaulted me to another group, wonder if other users will experience this. Browser timeout after successful VPN connection is quite confusing.
The documentation for connecting to the VPN mentions this. It is unfortunate that the default is (I believe) the first in alphabetical order (at least until the user has chosen something different). It’s also unfortunate that that document doesn’t explicitly mention that the profile is selected in the “Group” field.
Unfortunately, there’s no way for us to give any better error message when the wrong profile/group is selected, as no connections can be made to any of our machines at that point.
We just had a long back-and-forth in the Stack Club today, and following that, on the Stack Club Slack channel, where two newcomers to LSP/RSP (me being one of them) had exactly this problem. On Slack, old-timers noted that many, many people have this problem. It’s probably worth considering if there’s some way to revise the instructions to highlight this more.
thanks @TomLoredo I’ll have a look at that Slack channel, sounds useful. I participated in a stack club live event at the 2019 project & science collaboration, where the facilitators got me through the firewalls.