Cisco Anyconnect Compatible Vpn
AnyConnect compatibility in Windows 10 20H2 We are preparing to upgrade our client environment to Windows 10 build 20H2 and are attempting to confirm if any compatibility issues exist. We are currently running AnyConnect v4.9.04053. VPNs (including AnyConnect) + Standalone Roaming Client + Windows 10: DNS Binding Order VPN compatibility mode: Currently, there is a limited set of users on Windows 10 which encounter a specific issue where the local LAN will bind above the VPN NIC for DNS.
- Openconnect is a VPN client, that utilizes TLS and DTLS for secure session establishment, and is compatible with the CISCO AnyConnect SSL VPN protocol.
- VPN with Compatibility with Cisco AnyConnect? I have a Cisco Annyconnect VPn setup (autheticate with RSA SecurID on my phone), and purchased PIA access on the recommendation of a friend. I can occasionally get PIA to work, but it usually requires a reboot, and it's not consistent.
How the VPN works
The VPN is extremely simple, based almost entirely on the standardHTTPS and DTLSprotocols. You connect to the secure web server, authenticate usingcertificates and/or arbitrary web forms, and you are rewarded with astandard HTTP cookie named webvpn.
Some Cisco servers require you to execute a 'Cisco Secure Desktop'trojan binary (intended for security scanning of the client system)before authentication can complete; see the CSDpage for information on how to comply with this requirement, orspoof it, with OpenConnect.
After authentication, you use the webvpn cookiein an HTTP CONNECT request, and canthen pass traffic over that connection. IP addresses and routinginformation are passed back and forth in the headers of thatCONNECT request.
Since TCPover TCP is very suboptimal, the VPN also attempts to use UDPdatagrams, and will only actually pass traffic over the HTTPSconnection if that fails. The UDP connectivity is done using DatagramTLS, which is supported by OpenSSL.
DTLS compatibility
Note: DTLS is optional and not required for basic connectivity, as explained above.
Unfortunately, Cisco used an old version of OpenSSL for their server,which predates the official RFC and has a few differences in theimplementation of DTLS.
OpenSSL
Compatibility support for their 'speshul' version of the protocol isin the 0.9.8m and later releases of OpenSSL (and 1.0.0-beta2 and later).
NOTE: OpenSSL 1.0.0k, 1.0.1d and 1.0.1e have introduced bugs whichbreak this compatibility. See the thread on the mailing list, which has patches for each.
If you are using an older version of OpenSSL which predates thecompatibility, you will need to apply this patch from OpenSSL CVS:
- http://cvs.openssl.org/chngview?cn=18037 (OpenSSL RT#1751)
- http://cvs.openssl.org/chngview?cn=17500 (OpenSSL RT#1703)
- http://cvs.openssl.org/chngview?cn=17505 (OpenSSL RT#1752)
GnuTLS
Support for Cisco's version of DTLS was included in GnuTLS from 3.0.21 onwards (commited in fd5ca1af).
When you are off campus, some of Illinois State University’s electronic services are unavailable to you unless you establish a VPN connection.
Cisco AnyConnect is an application that the University makes available to students, faculty, and staff for free which may be used to establish a VPN connection with the University from off campus.
NOTE: If you need to request and install the application on your computer, please skip to the section further below entitled Download and Install Cisco AnyConnect. If you already have the application installed and would like to know how to connect to it, please read the section immediately below entitled Connect to the Cisco AnyConnect VPN Client Once Downloaded. The instructions below are listed for both Windows and Mac machines, respectively.
Connect to the Cisco AnyConnect VPN Client Once Downloaded
Windows:
- Open the Cisco AnyConnect VPN client.
- Windows 8: On the Start screen, click Cisco AnyConnect Secure Mobility Client.
- Windows 10: Start > All Apps > Cisco > Cisco AnyConnect Secure Mobility Client.
- Alternatively, you can click Start and begin typing Cisco AnyConnect Secure Mobility Client and the application will show up. Click on the icon to start the application.
- Verify that the path in the field underneath “Ready to connect.” is VPN01.ILSTU.EDU.
- If the path name does not automatically appear, click the arrow to the right of the field and select VPN01.ILSTU.EDU from the drop down menu, or enter the path name manually.
- Click Connect.
Figure 1:
- When prompted, select the appropriate Group (Figure 1):
- To access most ISU resources, you will select –ISU-.
- Important: To access ISU Oracle or SQL database resources directly (via software such as Microsoft Access, Oracle SQL Developer, Microsoft SQL Management Studio, etc.), select DB-User_Access.
Note: When you attempt to connect, you may receive a prompt that tells you that Cisco AnyConnect is updating. Do not attempt to cancel this update, as this update will allow your VPN software to work.
Figure 2:
- Enter your ULID and password in the appropriate fields, then click OK.
- After a moment, an informational banner window will appear that typically says “Welcome to Illinois State University,” but could display a different, informational message.
- Click Accept.
You are now connected with the Cisco AnyConnect VPN client. A Cisco AnyConnecticon with a yellow, locked padlock will be visible in your system tray (in the lower-right corner of your desktop, next to the clock). This indicates that you are connected. If the icon appears without a padlock, this indicates you are no longer connected through VPN.
Mac OS X:
- Open the Cisco AnyConnect VPN client. Click Finder > Applications> Cisco > Cisco AnyConnect Secure Mobility Client.
Figure 3:
- Alternatively, you can search for the application in your “Dashboard” by simply clicking the rocket icon on your bottom toolbar. After that, start typing Cisco AnyConnect Secure Mobility Client and you will see the application. Click on the application to start the set-up process, or to access it once you’ve configured the settings properly.
Figure 4:
- Verify that the path in the field underneath “Ready to connect.” reads VPN01.ILSTU.EDU. If the field is empty, you will need to manually enter the file path exactly how it is shown in this article.
Figure 5:
- Click Connect.
- When prompted, select the appropriate Group (Figure 6):
- For most ISU resources, you will select –ISU-.
- Important: To access ISU Oracle or SQL database resources directly (via software such as Microsoft Access, Oracle SQL Developer, Microsoft SQL Management Studio, etc.), select DB-User_Access.
Figure 6:
- Enter your ULID and password when prompted to do so and click Connect.
- After a moment, an informational banner window will appear that typically says “Welcome to Illinois State University,” but could display a different, informational message.
- Click Accept.
You are now connected with the Cisco AnyConnect VPN client. A Cisco AnyConnect icon with a yellow, locked padlock is now in your system tray (in the lower-right corner of your desktop). This indicates that you are connected. If the icon appears without a padlock, this indicates you are no longer connected through VPN.
Disconnect from the VPN
Windows:
To disconnect from the VPN on a Window’s machine:
- Locate the Cisco AnyConnect VPN client icon and click on it. It is usually on your toolbar, but if it is not, here are some additional ways to find the application:
- Windows 8: On the Start screen, click Cisco AnyConnect Secure Mobility Client.
- Windows 10: Start > All Apps > Cisco > Cisco AnyConnect.
- Alternatively, you can click [Start] and begin typing Cisco AnyConnect Secure Mobility Client and the application will show up. Click on the icon to start the application so you can disconnect from the VPN.
- In the Cisco AnyConnect Secure Mobility Client pane, click Disconnect.
Figure 7:
- Close Cisco AnyConnect Secure Mobility Client.
You are now disconnected from VPN.
Mac OSX:
To disconnect from a VPN connection on Cisco AnyConnect on Mac running Mac OS X or later:
- Click on the Cisco AnyConnect icon in your Dock.
- Click Disconnect.
- Close Cisco AnyConnect Secure Mobility Client.
Figure 8:
You are now disconnected from VPN.
Download and Install Cisco AnyConnect for Windows or Mac OS X
Students, faculty, and staff may download the Cisco AnyConnect VPN Client for Windows or Mac OS X from the University IT Help portal by following the directions below:
Windows:
- Navigate to the IT Help portal (at ITHelp.IllinoisState.edu),
- Click Downloads in the middle of the screen.
- Under Cisco AnyConnect, select the version you would like to download. You will need to select the version that is compatible with your machine. You can choose either Windows or Mac.
- Click on Windows or Mac and log in with your ULID and password if prompted to do so. You will be directed to a form to request the download file be sent to you. You will need to fill out the required fields in the submission form. Once submitted, your request will be handled in the order it was received. Once approved, you will receive an email. You will then click Download Files and you may be navigated to a Central Login page where you will need to enter your ULID and password. Once you log in, click the file next to Attached Files.
NOTE: If you have never access Liquid Files (SendTo) before, you may see a log in page to log into Liquid Files itself. Instead, you will want to click the SSO Sign In button to be navigated to a Central Login page. You will enter your ULID and password. Upon logging in, you will need to accept some terms and conditions. Once you have done that, you will never be prompted again for an SSO sign in.
- Upon successfully downloading the installer, you will need to open the installer and follow the prompts.
Figure 9:
- Agree to the Terms and Conditions and proceed with the installation by clicking Accept. You may need to enter your computer’s profile credentials in order to accept the installation.
Figure 10:
- Once the software has finished downloading, click Finish to close out of the installation process. You can now access the VPN software.
Mac OS X:
- Navigate to the IT Help portal (at ITHelp.IllinoisState.edu),
- Click Downloads in the middle of the screen.
- Under Cisco AnyConnect, select the version you would like to download. You will need to select the version that is compatible with your machine. You can choose either Windows or Mac.
- Click on Windows or Mac and log in with your ULID and password if prompted to do so. You will be directed to a form to request the download file be sent to you. You will need to fill out the required fields in the submission form. Once submitted, your request will be handled in the order it was received. Once approved, you will receive an email. You will then click Download Files and you may be navigated to a Central Login page where you will need to enter your ULID and password. Once you log in, click the file next to Attached Files.
NOTE: If you have never access Liquid Files (SendTo) before, you may see a log in page to log into Liquid Files itself. Instead, you will want to click the SSO Sign In button to be navigated to a Central Login page. You will enter your ULID and password. Upon logging in, you will need to accept some terms and conditions. Once you have done that, you will never be prompted again for an SSO sign in.
- Upon successfully downloading the installer, you will need to open the installer and follow the prompts. When you get to the Installation Type screen, ensure that only the VPN checkbox is selected, then click Continue to proceed with the installation
Figure 11:
- Click Continue to finish the installation. Once finished, open the Cisco AnyConnect Secure Mobility Client. You can find it in the Cisco folder in your applications, or can be manually searched in your Launchpad, as instructed above.
Figure 12:
- Type VPN01.ILSTU.EDU in the empty text field, then press Connect.
Figure 13:
- Enter your ULID in the Username field and your current password in the Password field. Click OK.
Figure 14:
- You will see a welcome window. Click Accept to be connected to the VPN.
Figure 15:
Cisco Anyconnect Compatible Vpn Download
- Now that you are connected, you will be able to access university-restricted applications such as iPeople.
- When you are ready to disconnect from the VPN, go back to the application and click Disconnect and close out of the application.
Cisco Anyconnect Compatible Vpn
Figure 16:
How to Get Help
For technical assistance, you may contact the Technology Support Center at 309-438-4357 or by email at SupportCenter@IllinoisState.edu.
Back to Overview:
Related Articles: