Open Cisco Anyconnect

Posted on  by



For additional information, refer to the AnyConnect configuration guide.

Client Download

Unlike the ASA, the MX does not support web deploy or web launch, a feature that allows end users to access a web page on the AnyConnect server to download the AnyConnect client. With the MX, there are download links to the client software on the AnyConnect settings page on the dashboard, however, the download links are only available to the Meraki dashboard admin and not the end user. We do not recommend sharing the down link with users as the link expires after every five minutes of loading the AnyConnect settings page.

Cisco AnyConnect - Empower your employees to work from anywhere, on company laptops or personal mobile devices, at any time. AnyConnect simplifies secure endpoint access and provides the security necessary to help keep your organization safe and protected. Download the VPN installer from MIT's download page, Cisco AnyConnect VPN Client for Windows. An openconnect VPN server (ocserv), which implements an improved version of the Cisco AnyConnect protocol, has also been written. OpenConnect is released under the GNU Lesser Public License, version 2.1.

We recommend downloading the AnyConnect client directly from Cisco.com as there may be an updated version in the Cisco repository. Refer to the doc for the AnyConnect clientrelease notes. We also recommend using either Meraki Systems Manager, an equivalent MDM solution, or Active Directory to seamlessly push the AnyConnect software client to the end user's device.

AnyConnect requires a VPN client to be installed on a client device. The AnyConnect client for Windows, MacOS, and Linux are available on the Client Connection section of the AnyConnect configuration page on the dashboard and can be downloaded by a Meraki dashboard administrator. Please note, the download links on the Meraki dashboard expire after five minutes. The AnyConnect client for mobile devices can be downloaded via the respective mobile stores. You can also download other versions (must be version 4.8 or higher) of the AnyConnect client from Cisco.com if you have an existing AnyConnect license. AnyConnect web deploy is not supported on the MX at this time.

  • Installing the AnyConnect client
  • You only need the VPN box checked. Once the client has been installed on the device, open the AnyConnect application and specify the hostname or IP address of the MX (AnyConnect server) you need to connect to.

AnyConnect Profiles

An AnyConnect profile is a crucial piece for ensuring easy configuration of the AnyConnect client software, once installed. The MX does not support the use of custom hostnames for certificates (e.g. vpn.xyz.com). The MX only supports use of the Meraki DDNS hostname for auto-enrollment and use on the MX. With the Meraki DDNS hostname (e.g. mx450-xyuhsygsvge.dynamic-m.com) not as simply as a custom hostname, the need for AnyConnect profiles cannot be overemphasized. Profiles can be used to create hostname aliases, thereby masking the Meraki DDNS with a friendly name for the end user.

Cisco AnyConnect client features are enabled in AnyConnect profiles. These profiles can contain configuration settings like server list, backup server list, authentication time out, etc., for client VPN functionality, in addition to other optional client modules like Network Access Manager, ISE posture, customer experience feedback, and web security. It is important to note that at this time, the Meraki MX does not support other optional client modules that require AnyConnect head-end support. For more details, see AnyConnect profiles.

When a profile is created, it needs to get pushed to the end user's device. There are three ways to do this.

1. Through the AnyConnect server (MX): If profiles are configured on the dashboard, the MX will push the configured profile to the user's device after successful authentication.
2. Through an MDM solution: Systems Manager, an equivalent MDM solution, or Active Directory can be used push files to specific destinations on the end user's device. Profiles can also be pushed to the following paths:

Windows
%ProgramData%CiscoCisco AnyConnect Secure Mobility ClientProfile

Mac OS X
/opt/cisco/anyconnect/profile

Linux
/opt/cisco/anyconnect/profile

3. Manually: Profiles can also be preloaded manually to the same paths as listed above.

How to Create a Profile

Profiles can be created using the AnyConnect profile editor. The profile editor can be downloaded from the AnyConnect Settings page on dashboard or on cisco.com. Refer to this link for more details on AnyConnect profiles.

Using the profile editor: The profile editor can be downloaded from the AnyConnect Settings page on dashboard or on Cisco.com. The profile editor only runs on Windows operating systems. The screenshot below shows a configured server ton the Server List Entry option.

When configuration is complete, save the profile. It is recommended to use a unique file name to avoid profile overrides by other AnyConnect servers, then you can upload the file to the profile update section on the AnyConnect settings page.

Please note that only VPN profiles are supported on the MX at this time. This means you cannot push NVM, NAM, or Umbrella profiles via the MX.

  • Select enable profiles, upload your xml file, and save your configuration
  • After a user successfully authenticates, the configured profile gets pushed to the user's device automatically
  • The result of the .xml can be seen below, after successful authentication to the AnyConnect server; this gives users the ease of selecting VPN servers on the AnyConnect client
    The Meraki DDNS hostname is not easy to remember, therefore end users are not expected to use it directly. Profiles should be used to make connecting to the AnyConnect server easy for end users.

When you are off campus, some of Illinois State University’s electronic services are unavailable to you unless you establish a VPN connection.

Cisco AnyConnect is an application that the University makes available to students, faculty, and staff for free which may be used to establish a VPN connection with the University from off campus.

NOTE: If you need to request and install the application on your computer, please skip to the section further below entitled Download and Install Cisco AnyConnect. If you already have the application installed and would like to know how to connect to it, please read the section immediately below entitled Connect to the Cisco AnyConnect VPN Client Once Downloaded. The instructions below are listed for both Windows and Mac machines, respectively.

Connect to the Cisco AnyConnect VPN Client Once Downloaded

Windows:

  1. Open the Cisco AnyConnect VPN client.
  • Windows 8: On the Start screen, click Cisco AnyConnect Secure Mobility Client.
  • Windows 10: Start > All Apps > Cisco > Cisco AnyConnect Secure Mobility Client.
  • Alternatively, you can click Start and begin typing Cisco AnyConnect Secure Mobility Client and the application will show up. Click on the icon to start the application.
  1. Verify that the path in the field underneath “Ready to connect.” is VPN01.ILSTU.EDU.
  • If the path name does not automatically appear, click the arrow to the right of the field and select VPN01.ILSTU.EDU from the drop down menu, or enter the path name manually.
  1. Click Connect.

Figure 1:

  1. When prompted, select the appropriate Group (Figure 1):
  • To access most ISU resources, you will select –ISU-.
  • Important: To access ISU Oracle or SQL database resources directly (via software such as Microsoft Access, Oracle SQL Developer, Microsoft SQL Management Studio, etc.), select DB-User_Access.

Note: When you attempt to connect, you may receive a prompt that tells you that Cisco AnyConnect is updating. Do not attempt to cancel this update, as this update will allow your VPN software to work.

Figure 2:

  1. Enter your ULID and password in the appropriate fields, then click OK.
  2. After a moment, an informational banner window will appear that typically says “Welcome to Illinois State University,” but could display a different, informational message.
  3. Click Accept.

You are now connected with the Cisco AnyConnect VPN client. A Cisco AnyConnecticon with a yellow, locked padlock will be visible in your system tray (in the lower-right corner of your desktop, next to the clock). This indicates that you are connected. If the icon appears without a padlock, this indicates you are no longer connected through VPN.

Mac OS X:

  1. Open the Cisco AnyConnect VPN client. Click Finder > Applications> Cisco > Cisco AnyConnect Secure Mobility Client.

Figure 3:

  • Alternatively, you can search for the application in your “Dashboard” by simply clicking the rocket icon on your bottom toolbar. After that, start typing Cisco AnyConnect Secure Mobility Client and you will see the application. Click on the application to start the set-up process, or to access it once you’ve configured the settings properly.

Figure 4:

  1. Verify that the path in the field underneath “Ready to connect.” reads VPN01.ILSTU.EDU. If the field is empty, you will need to manually enter the file path exactly how it is shown in this article.

Figure 5:

  1. Click Connect.
  2. When prompted, select the appropriate Group (Figure 6):
  • For most ISU resources, you will select –ISU-.
  • Important: To access ISU Oracle or SQL database resources directly (via software such as Microsoft Access, Oracle SQL Developer, Microsoft SQL Management Studio, etc.), select DB-User_Access.

Figure 6:

  1. Enter your ULID and password when prompted to do so and click Connect.
  2. After a moment, an informational banner window will appear that typically says “Welcome to Illinois State University,” but could display a different, informational message.
  3. Click Accept.

You are now connected with the Cisco AnyConnect VPN client. A Cisco AnyConnect icon with a yellow, locked padlock is now in your system tray (in the lower-right corner of your desktop). This indicates that you are connected. If the icon appears without a padlock, this indicates you are no longer connected through VPN.

Disconnect from the VPN

Windows:

To disconnect from the VPN on a Window’s machine:

  1. Locate the Cisco AnyConnect VPN client icon and click on it. It is usually on your toolbar, but if it is not, here are some additional ways to find the application:
  • Windows 8: On the Start screen, click Cisco AnyConnect Secure Mobility Client.
  • Windows 10: Start > All Apps > Cisco > Cisco AnyConnect.
    • Alternatively, you can click [Start] and begin typing Cisco AnyConnect Secure Mobility Client and the application will show up. Click on the icon to start the application so you can disconnect from the VPN.
  1. In the Cisco AnyConnect Secure Mobility Client pane, click Disconnect.

Figure 7:

  1. Close Cisco AnyConnect Secure Mobility Client.

You are now disconnected from VPN.

Mac OSX:

To disconnect from a VPN connection on Cisco AnyConnect on Mac running Mac OS X or later:

  1. Click on the Cisco AnyConnect icon in your Dock.
  2. Click Disconnect.
  3. Close Cisco AnyConnect Secure Mobility Client.

Figure 8:

You are now disconnected from VPN.

Download and Install Cisco AnyConnect for Windows or Mac OS X

Students, faculty, and staff may download the Cisco AnyConnect VPN Client for Windows or Mac OS X from the University IT Help portal by following the directions below:

Windows:

  1. Navigate to the IT Help portal (at ITHelp.IllinoisState.edu),
  2. Click Downloads in the middle of the screen.
  3. Under Cisco AnyConnect, select the version you would like to download. You will need to select the version that is compatible with your machine. You can choose either Windows or Mac.
  4. Click on Windows or Mac and log in with your ULID and password if prompted to do so. You will be directed to a form to request the download file be sent to you. You will need to fill out the required fields in the submission form. Once submitted, your request will be handled in the order it was received. Once approved, you will receive an email. You will then click Download Files and you may be navigated to a Central Login page where you will need to enter your ULID and password. Once you log in, click the file next to Attached Files.

NOTE: If you have never access Liquid Files (SendTo) before, you may see a log in page to log into Liquid Files itself. Instead, you will want to click the SSO Sign In button to be navigated to a Central Login page. You will enter your ULID and password. Upon logging in, you will need to accept some terms and conditions. Once you have done that, you will never be prompted again for an SSO sign in.

  • Upon successfully downloading the installer, you will need to open the installer and follow the prompts.

Figure 9:

  • Agree to the Terms and Conditions and proceed with the installation by clicking Accept. You may need to enter your computer’s profile credentials in order to accept the installation.

Figure 10:

  • Once the software has finished downloading, click Finish to close out of the installation process. You can now access the VPN software.

Mac OS X:

  1. Navigate to the IT Help portal (at ITHelp.IllinoisState.edu),
  2. Click Downloads in the middle of the screen.
  3. Under Cisco AnyConnect, select the version you would like to download. You will need to select the version that is compatible with your machine. You can choose either Windows or Mac.
  4. Click on Windows or Mac and log in with your ULID and password if prompted to do so. You will be directed to a form to request the download file be sent to you. You will need to fill out the required fields in the submission form. Once submitted, your request will be handled in the order it was received. Once approved, you will receive an email. You will then click Download Files and you may be navigated to a Central Login page where you will need to enter your ULID and password. Once you log in, click the file next to Attached Files.

NOTE: If you have never access Liquid Files (SendTo) before, you may see a log in page to log into Liquid Files itself. Instead, you will want to click the SSO Sign In button to be navigated to a Central Login page. You will enter your ULID and password. Upon logging in, you will need to accept some terms and conditions. Once you have done that, you will never be prompted again for an SSO sign in.

  • Upon successfully downloading the installer, you will need to open the installer and follow the prompts. When you get to the Installation Type screen, ensure that only the VPN checkbox is selected, then click Continue to proceed with the installation

Figure 11:

  • Click Continue to finish the installation. Once finished, open the Cisco AnyConnect Secure Mobility Client. You can find it in the Cisco folder in your applications, or can be manually searched in your Launchpad, as instructed above.

Figure 12:

  • Type VPN01.ILSTU.EDU in the empty text field, then press Connect.

Figure 13:

  • Enter your ULID in the Username field and your current password in the Password field. Click OK.

Figure 14:

Cisco Anyconnect Openvpn

  • You will see a welcome window. Click Accept to be connected to the VPN.

Figure 15:

  • Now that you are connected, you will be able to access university-restricted applications such as iPeople.
  • When you are ready to disconnect from the VPN, go back to the application and click Disconnect and close out of the application.

Cisco Vpn Download

Figure 16:

How to Get Help

For technical assistance, you may contact the Technology Support Center at 309-438-4357 or by email at SupportCenter@IllinoisState.edu.

Back to Overview:

Open Cisco Anyconnect

Open Cisco Anyconnect Linux

Related Articles: