Services

The Departmental VPN option allows units to establish and manage VPNs for exclusive use by their own staff—restricting access to individuals identified by and working within the unit. 

Departments can have one or more private networks, and individuals can be in as many as the department allows.

Set Up a Departmental VPN

1. First, choose the Active Directory group you'll use for the departmental VPN.
   • If you have an Active Directory group ready to use, continue with step 2.
   • If you need to create a new Active Directory group, see the instructions below.
2. Once you have the Active Directory group name for your departmental VPN, request an IP pool by sending an email to security-services-mailbox@cornell.edu. Include the name of your Active Directory group in the message.
   You'll receive an email when the pool has been created (within 3 business days).
   
3. Next, add or remove NetIds for your group.
   
4. Once your departmental VPN is ready, you can share the set up and connection procedures with your users.
   

Create New Active Directory Group for Departmental VPN (If Necessary)

To set up a Departmental VPN, if you have permissions to create groups in Active Directory, you can create a VPN group yourself. 

Otherwise, send a request for a VPN group to your CornellAD OU Administrator.  The request should state that a VPN group is being requested, and include the purpose and department name.

Note:  If you do not have a CornellAD OU Administrator, you may submit the request (including the information listed above) via email to idmgmt@cornell.edu. Be sure to note that you do not have a CornellAD OU Administrator.