!!!  Translated by Google Translate  !!!


The VPN service is intended for access to the CTU network for employees and PhD students. It allows them to use applications accessible from the CTU network from home.

Download and install Cisco VPN client from download.cvut.cz server. To login use usermap.cvut.cz username and password.

To set up a client:

To create a new connection:

  • Connection entry: cvut
  • Host: vpn.cvut.cz
  • Name: vpn
  • Password: vpn

Figure 1: New connection

If you want to use the VPN tunnel only to access applications in the CTU network (ie to prevent other Internet / local traffic from using VPN), we recommend that you set the Group Authentication items Name and Password to “vpncvut”.

If you do not have a public IP address, for example, if you are connecting via GPRS or are using a home router, check the “Transport” tab and select “Enable Transparent Tunneling”.

Figure 2: NAT Traversal

If you fail to establish a connection to the VPN server, ie the login window does not pop up when you try to connect, see. Fig. 3, try the “Enable Transparent Tunneling” setting to select “IPSec over TCP, TCP Port: 10000”.

VPN login:

To login use usermap.cvut.cz login .

Figure 3: Login window

After successful login, the Cisco client icon will appear on the toolbar

Figure 4: Connected to VPN

You can simply disconnect by clicking on the icon.

Figure 5: Disconnected from VPN

Modify the routers metric for not tunneling all traffic to VPN

After logging in to VPN, all traffic is routed via VPN. For example, there may be a problem with getting computers / services on your local private network. If any of the users need to modify the traffic that is / is not routed to the VPN, it is necessary to use the script to modify the metric during routing. Below is a guide from Martina Pecky:

The routing metric is changed as follows: 
route change MASK METRIC 200 IF 22 
Where the number after IF is the interface number assigned to the Cisco VPN adapter. This number can be determined by following the procedure (once only, the number does not change):

First we find the name of the connection that the Cisco client made. In the command output 
netsh int ipv4 show config 
we can find a connection with the gateway (this can be called Local Area Connection 2, for example).The interface number for this connection can be found from the following command in the Idx column. 
netsh int ipv4 show interfaces

The script that changes through the route change command must be run with administrator privileges.

Additional VPN tutorials

Instructions for Windows 8 and 10 
Linux manual 
Manual for Rectorate of CTU


!!!  Translated by Google Translate  !!!