Synopsis
This KB article describes IP addressing for users connecting to Yale University using a remote VPN client (e.g., Cisco AnyConnect). It acts as a reference for end-users implementing IPv4 filters with regards to remote VPN client connections.
Current VPN Pool Configuration
When connecting with VPN users will be dynamically assigned one of two address pools:
- VPN User Pool A 172.22.128.0/18
- VPN User Pool B 172.25.128.0/18
This pool assignment is in effect for the standard access.yale.edu connection profiles (i.e., the user is not using a suffix on the FQDN).
Note: The following caveats apply.
- Filtering on source IP addresses is not a robust way of implementing security. YU recommends that YU applications are not secured/filtered based on these addresses. In almost all cases other authentication mechanisms should be considered. Please consult the Yale Information Security Department for guidance in this area.
- Yale University Network Engineering maintains these mappings. Network Engineering retains the option to changes these mappings as the system evolves in scale and purpose.
- The above address pools are only used when accessing private Yale University resources. If the user accesses Internet resources or YNHHS resources your address may change.
Operational Notes
The new pools are now in place as of 2024-Dec-19. Please remove any configuration that references the pool designations found in the Legacy section of the KB article.
Legacy Information
The legacy addressing scheme is as follows:
- VPN User Pool 3a 172.22.112.0/20*
- VPN User Pool 3b 172.22.128.0/20*
- VPN User Pool 4a 172.22.144.0/20
- VPN User Pool 4b 172.22.160.0/20
- VPN User Pool 5 172.25.128.0/20
- VPN User Pool 5e 172.25.144.0/20
- VPN User Pool 6 172.25.160.0/20
- VPN User Pool 6e 172.25.176.0/20
Please remove any configuration that references these pool designations.
* Pool 3a and 3b are old pools that are not currently in use but may exist in some configurations.