SSL VPN with the Cisco AnyConnect client

The Cisco AnyConnect SSL VPN client now also supports 64-bit Windows operating systems. Recommended for Windows 7, Vista, Mac OS X Snow Leopard and users who have problems with the IPsec client under Windows XP or Mac OS X Tiger.

From version 3, the Cisco AnyConnect VPN client is called the AnyConnect Secure Mobility client. In the following text, AnyConnect client refers to both versions. Under Windows, the user interface has been redesigned. With the AnyConnect SSL VPN client, users of Windows and Mac OS X, Linux as well as Windows Mobile, can establish a VPN connection.

The Cisco AnyConnect client and the Cisco IPsec client use different protocols. Users that connect to other establishments with the IPsec client should first find out whether the AnyConnect client is also supported there.

Operating systems:

  • Windows 10: AnyConnect 3.1MR10 and newer will run with Windows 10. Before upgrading from Win7/8/8.1 to Win10 install the latest client or deinstall the client, upgrade Windows and reinstall th client
  • Windows 8.1, 8, 7, Vista, XP also in 64bit, Windows Mobile (supported devices in the release notes below). The Windows integrated VPN-client does not work with our VPN-server.
  • Mac OS X 10.11 (El Capitan) Mac OS X 10.10 (Yosemite) and Mac OS X 10.9 (Mavericks) work with the latest AnyConnect Client.
  • Mac OS X Mountain Lion, Lion, Snow Leopard, Leopard and Tiger, Snow Leopard and older do no longer work with the latest AnyConnect client, but they do have an integrated Cisco VPN client! (Info) Either you upgrade your outdated operating system or you can reinstall version 4.3 via the download portal und select the group  "AnyConnect+NoUpdate" at login.
  • Linux, with 64Bit versions, libraries have to be installed later (see release notes below)
  • Android on Android Store :


  • Check and, if necessary, install the necessary certificates
  • Use the browser to go to page
  • Enter username and password
  • The operating system is then recognized automatically and the client download starts. Administrator rights are required for initial installation
  • After installation, the connection is established immediately. In the tray (Windows) or menu bar (Mac OS X, Linux), the client can be brought to the front.
  • If automatic installation does not work, the client can be downloaded via the link in the browser and installed manually. In the “Connect to:” field, you have to enter With Windows, you have to deactivate Internet Connection Sharing (ICS).
  • The client can then be started via the program menu. Local LAN access can be activated via the Preferences menu.


Please check that you have installed the certificates required for the SSL connection. When you call up the page you must not get an error message in the browser. If an error message does appear, you can install the necessary certificates Deutsche Telekom Root CA 2, DFN-Verein PCA Global - G01 and LRZ-CA - G01 as described under As the certificates are located on an external web server, they are stored here as copies:


Name (CN of the CA certificate)

(O and OU of the CA certificate)

Valid until


Deutsche Telekom Root CA 2

Deutsche Telekom AG
T-TeleSec Trust Center

July  2019

crt DFN-Verein PCA Global - G01 DFN-Verein
June 2019
crt LRZ-CA - G01 Leibniz Computer Center
Jan 2019

How to install the certificates:

Windows 7, Vista and XP:

Download the certificates. After acknowledging the safety warning, double-click on the certificates to open. Click on the “Certification path” tab to see the certification status, which tells you whether the certificate is recognized as valid. If it is not, you can import it in the “General” tab. To do so, click on “Install certificate” and follow the instructions of the Certificate Import Wizard.


The certificates must be stored in the Firefox certificate store. The easiest way to do this is to use Firefox to click on the relevant links on this page (local copies) or on the page and confirm the import.

Mac OS X:

The certificates have to be downloaded and imported by double-clicking on the keychain.

Beta and newest versions:

Experienced users can download the newest and Beta versions of the AnyConnect client via our Download Portal in the AnyConnect client – newest Beta... section.


The Open Source application OpenConnect can also be used for Linux and Mac OS X. From Ubuntu Karmic (9.10), for example, this is also integrated in the Network Manager.

Information from Cisco: