Skip Maine state header navigation
IPRS Technical Manual
1. What is IPRS?
IPRS (Internet Protocol Routing Service) is a dial-up network offering provided by Verizon. Verizon owns and manages Cisco routers with high-density modem cards installed, and uses L2TP (Layer 2 Tunneling Protocol) to transfer the incoming serial connection to the State’s high-speed ATM backbone connection, then to a State-owned Cisco router.
2. New in V.102302
a. autocf and logon1 functions
The autocf and logon1 functions are now documented.
b. ADA compliant
The initial telephone number selection screen has changed to accommodate
ADA functionality.
c. Exception processing
Exception processing now correctly displays screens described below.
d. Temporary files
The temporary .log files are now stored in the IPRS directory, so that
users do not need administrative rights to execute IPRS in XP.
3. How to connect manually with any operating system
a. Traditional dialup
NOTE: the manual method should only be used for troubleshooting Windows
machines, or for access with non-Windows operating systems. Use IPRS.EXE
for normal connections. Initiate a dial-up (PPP) session to the correct
IPRS number. If dialing from within the State of Maine AND the dialing
number is serviced by Verizon, call “1-500-699-1800”. If outside
the State of Maine or serviced by an independent telephone company,
then call “1-800-734-7564. (Configure: TCP/IP protocol only; do
NOT log on to server or domain; do NOT use area code/dialing properties;
and do NOT use terminal window before/after dialing. The UserID and
Password MUST be “ccshiva”.)
b. Telnet session for authentication
Once the dial-up session is established, telnet to 10.254.254.254. In
the Windows operating systems, click “Start”, then “Run”,
then type: “telnet 10.254.254.254”. When connected, IPRS will
prompt for “Username:”. This is the UserID supplied with the
SecurID card, followed by the enter key. Next IPRS will prompt for “Password”.
This is the SecurID Passcode (PIN and displayed number). If the sequence
is correct, the telnet session will be disconnected. In Windows, telnet
then displays a box saying “Connection to host lost”. This
actually means that the authentication was successful. “PASSCODE
Accepted” will be visible on the Telnet screen.
If the UserID/Passcode sequence is incorrect, the process will repeat. If three in a row are incorrect, the Telnet session will disconnect. The system will remain connected to the Cisco router, but will not be able to do anything except connect using telnet to the above address. The dial-up session must be terminated manually.
4. How to use the automated setup and dialup scripts
a. What operating systems are supported
Network Services provides an automated setup script and a dialup script.
These scripts will work on W95(all versions), W98 (all versions), NT4,
Millenium, W2K, and XP.
b. Downloading the software
IPRS is available at http://inet.state.me.us/software/index.html. The
executable is named iprsmmdd.exe, where mm is the month, and dd is the
day the zip file was compiled. Either download the file, or run it from
the inet server. It will unzip to the default directory of “c:\program
files\iprs”. While it is not necessary to use the default directory,
it is easier for support staff if this directory is used.
c. Running setup.exe
Close all applications, then run “setup.exe” from the c:\program
files\iprs directory. It will create a dial-up entry (just like the
manual process previously discussed), then a shortcut on the desktop.
Users will see dial-up networking screens flash by as the setup executes,
and will be prompted to select a modem if more than one modem is configured.
With Windows 2000/XP systems, users should reboot before using the shortcut.
"Setup.exe" can be rerun at any time (and should be re-run, should it terminate abnormally). It should not cause any problems with any system, and will co-exist with any other dial-up services. If Windows XP fails on the setup, manually create the “iprs” dialup connector, then rerun.
d. Executing IPRS.EXE
Once setup is finished, or a dialup connector named “iprs”
(must be lower case) has been configured manually, double-click the
“IPRS” shortcut. The following screen will be displayed:
If "Other" is chosen, then the user will see the following screen:
Change the number as appropriate. This feature is provided to allow dial-up from hotels, businesses, etc. W95 users will see a traditional dialup screen connecting them to IPRS; other Windows users will see:
Once connected, a few background screens will flash, then the user will see:
Enter the SecurID userid, then:
(If obtaining a new pin, go to 4b) Enter the passcode; normally, the following will display for a few seconds:
4a. Normal connection
If the correct SecurID userid and passcode are used, then the following screen will display for 5 seconds (or until the user presses a key):
The user is now connected to the network, and can use any network application.
If the SecurID userid and passcode are incorrect, then the userid/passcode sequence will repeat. If the SecurID card is out of sync, the following screen will be displayed:
4b. Obtaining a new pin (New Pin Mode)
If obtaining a new pin, enter the displayed number on the SecureID
card; the following screen will be displayed:
Answer “y”; the following screen will be displayed (with a unique PIN):
Memorize the new PIN, then answer “y”; the following screen will be displayed:
Enter the new passcode (new PIN and displayed number). The connection will proceed as described in 4a.
4. How to login to network domains/file servers
NT_Logon.exe (included in IPRS distributions dated 04/20/01 or later) will allow access to NT or W2K domains/servers. For W95/W98 client machines, it runs "NTWKLOG.EXE" which authenticates the user to the domain/server resource, then runs W2KMAP.bat. The batch file must be customized for an agency's specific needs: the file contains a sample "net use ... " statement to map drives. Alternatively, the batch file could call pre-existing agency-specific routines. For NT/W2K client machines, the program automatically modifies a registry entry to make RAS connections persistent, then issues a standard user logoff/logon. This will log the user into the domain/file server with all resources normally attached.
Novell users can use the existing Novell Logon from the Novell menu selections.
The IPRS.CFG line “logon1=no” can be changed to “logon1=yes” to automate this function.
5. Technical support
a. IPRS.CFG file
IPRS.CFG contains variable data which is passed to the IPRS
program. Among the variables are the phone numbers used (the order can
be changed, and the displays within IPRS will change accordingly), the
authentication server address, and the logo used on the IPRS screens.
Some variables can be customized for special purposes as described in
this document.
b. IPRS.LOG file
IPRS.LOG is a copy of all transactions occuring with Telnet,
and is used by the IPRS program to make decisions about how to proceed.
At the end of the process, all transactions are written to this file.
If a user is having problems with the authentication process, this file
provides detail as to what has occurred.
c. S.LOG and Z.LOG files
S.LOG and Z.LOG are temporary log files used to create IPRS.LOG.
This files are deleted automatically, and normally are not available
to the user.
d. autocf=yes
The “autocf=yes” function reconfigures the IPRS session
to known working conditions. If special settings are required, change
this option to read “autocf=no”.
c. Known problems