SSL VPN with the Cisco AnyConnect client

The Cisco AnyConnect SSL VPN client now also supports 64-bit Windows operating systems. Recommended for Windows 7, Vista, Mac OS X Snow Leopard and users who have problems with the IPsec client under Windows XP or Mac OS X Tiger.

From version 3, the Cisco AnyConnect VPN client is called the AnyConnect Secure Mobility client. In the following text, AnyConnect client refers to both versions. Under Windows, the user interface has been redesigned. With the AnyConnect SSL VPN client, users with 64-bit versions of Windows and Mac OS X (Snow Leopard, Lion), as well as Windows Mobile, can establish a VPN connection.

The Cisco AnyConnect client and the Cisco IPsec client use different protocols. Users that connect to other establishments with the IPsec client should first find out whether the AnyConnect client is also supported there.

Operating systems:

  • Windows 8.1, 8, 7, Vista, XP also in 64bit, Windows Mobile (supported devices in the release notes below)
  • Mac OS X Mavericks, Mountain Lion, Lion, Snow Leopard, Leopard and Tiger, Snow Leopard and higher have an integrated Cisco VPN client! (Info)
  • Linux, with 64Bit versions, libraries have to be installed later (see release notes below)
  • Android on Android Store :https://play.google.com/store/search?q=anyconnect&c=apps

Installation:

  • Check and, if necessary, install the necessary certificates
  • Use the browser to go to page https://asa-cluster.lrz.de
  • Enter username and password
  • The operating system is then recognized automatically and the client download starts. Administrator rights are required for initial installation
  • After installation, the connection is established immediately. In the tray (Windows) or menu bar (Mac OS X, Linux), the client can be brought to the front.
  • If automatic installation does not work, the client can be downloaded via the link in the browser and installed manually. In the “Connect to:” field, you have to enter asa-cluster.lrz.de. With Windows, you have to deactivate Internet Connection Sharing (ICS).
  • The client can then be started via the program menu. Local LAN access can be activated via the Preferences menu.

Important:

Please check that you have installed the certificates required for the SSL connection. When you call up the page https://asa-cluster.lrz.de you must not get an error message in the browser. If an error message does appear, you can install the necessary certificates Deutsche Telekom Root CA 2, DFN-Verein PCA Global - G01 and LRZ-CA - G01 as described under http://www.lrz.de/services/pki/certs/index.html. As the certificates are located on an external web server, they are stored here as copies:

 

Name (CN of the CA certificate)

Company
(O and OU of the CA certificate)

Valid until

crt

Deutsche Telekom Root CA 2

Deutsche Telekom AG
T-TeleSec Trust Center

July  2019

crt DFN-Verein PCA Global - G01 DFN-Verein
DFN-PKI
June 2019
crt LRZ-CA - G01 Leibniz Computer Center
LRZ-CA
Jan 2019

How to install the certificates:

Windows 7, Vista and XP:

Download the certificates. After acknowledging the safety warning, double-click on the certificates to open. Click on the “Certification path” tab to see the certification status, which tells you whether the certificate is recognized as valid. If it is not, you can import it in the “General” tab. To do so, click on “Install certificate” and follow the instructions of the Certificate Import Wizard.

Linux:

The certificates must be stored in the Firefox certificate store. The easiest way to do this is to use Firefox to click on the relevant links on this page (local copies) or on the page  http://www.lrz.de/services/pki/certs/index.html and confirm the import.

Mac OS X:

The certificates have to be downloaded and imported by double-clicking on the keychain.

Beta and newest versions:

Experienced users can download the newest and Beta versions of the AnyConnect client via our Download Portal in the AnyConnect client – newest Beta... section.

Alternatives:

The Open Source application OpenConnect can also be used for Linux and Mac OS X. From Ubuntu Karmic (9.10), for example, this is also integrated in the Network Manager.

Information from Cisco: