Setting Up Cisco Anyconnect

  



  1. Cisco Anyconnect For Mac
  2. Setup Anyconnect
  3. Anyconnect Config

Great now let’s go back into ASDM so we can configure Anyconnect. Head over to the configuration, Remote Access VPN tab. Then enable the following: Check “Allow Access” on outside “Bypass interface access” Also, select the “enable cisco anyconnect VPN” and upload the.pkg image we downloaded. Virtual private networks, and really VPN services of many types, are similar in function but different in setup. At the end of this post I also briefly explain the general functionality of a new remote access vpn technology, the AnyConnect SSL client VPN. The Cisco AnyConnect VPN is supported on the new ASA 8.x software and later version and provides remote access to users with just a secure.

Device management allows you to easily edit and add new devices.

Contents

Accessing Device Management

If your administrator enabled self-service device management, the Duo Prompt displays a 'My Settings & Devices' link on the left.

If you enabled the option to automatically send you an authentication request via push or phone call, you'll need to cancel the push or phone call in progress before you can click the 'My Settings & Devices' link.

To manage your devices, choose an authentication method and complete two-factor authentication (you may need to scroll down to see all authentication options). You can't get in to the device management portal if you do not have access to any enrolled devices; you'll need to contact your Duo administrator for help.

After authenticating you'll see the device management portal. This is where you can enroll a new device by clicking Add another device and following the device enrollment steps, or reactivate, edit, or delete your existing devices.

To exit My Settings & Devices, click the Done button below your listed devices or click your organization's logo on the left (or the Duo logo if shown).

Default Authentication Options

If you authenticate with more than one device, you can specify which you would like to be the default. Click the Default Device: drop-down menu and pick your default device for authentication. Click Save if you're done making changes.

If this is the device you'll use most often with Duo then you may want to enable automatic push requests by changing the When I log in: option and changing the setting from 'Ask me to choose an authentication method' to 'Automatically send this device a Duo Push' or 'Automatically call this device' and click Save. With one of the automatic options enabled Duo automatically sends an authentication request via push notification to the Duo Mobile app on your smartphone or a phone call to your device (depending on your selection).

Manage Existing Devices

Click the Device Options button next to any of your enrolled devices to view the actions available for that type of device. You can Reactivate Duo Mobile for an enrolled smartphone, Change Device Name for any type of phone, or delete any authentication device.

Reactivate Duo Mobile

Click the Reactivate Duo Mobile button if you need to get Duo Push working on your phone, for example, if you replaced your phone with a new model but kept the same phone number. After answering some questions about your device, you'll receive a new QR code to scan with your phone, which will complete the Duo Mobile activation process.

Cisco Anyconnect For Mac

Change Device Name

Clicking Change Device Name will open up an interface to change the display name of your phone (hardware tokens can't be renamed). Type in the new name and click Save.

After successfully modifying your phone's name, not only will you see this from now on when managing devices, but it will also be how your phone is identified in the authentication dropdown.

Remove Device

Click the trash can button to delete a phone or token device.

Setup Anyconnect

Note: You may not remove your last device. If you wish to remove it, first add another, then delete the original. If you are unable to delete a device, contact your administrator to have it removed.

You are given the chance to confirm or cancel deleting the authentication device.

The device is deleted. It can no longer be used to approve Duo authentication requests.

Add a New Device

To add a new authentication device, click the Add a new device link on the left side of the Duo Prompt. You'll be taken to the new device enrollment prompt.

See the instructions for adding a new device.

Overview

Stanford's VPN allows you to connect to Stanford's network as if you were on campus, making access to restricted services possible. To connect to the VPN from your Windows computer you need to install the Cisco AnyConnect VPN client.

Two types of VPN are available:

  • Default Stanford (split-tunnel). When using Stanford's VPN from home, we generally recommend using the Default Stanford split-tunnel VPN. This routes and encrypts all traffic going to Stanford sites and systems through the Stanford network as if you were on campus. All non-Stanford traffic proceeds to its destination directly.
  • Full Traffic (non-split-tunnel). This encrypts all internet traffic from your computer but may inadvertently block you from using resources on your local network, such as a networked printer at home. If you are traveling or using wi-fi in an untrusted location like a coffee shop or hotel, you may wish to encrypt all of your internet traffic through the Full Traffic non-split-tunnel VPN to provide an additional layer of security.

You can select the type of VPN you want to use each time you connect to the Stanford Public VPN.

Install the VPN client

  1. Download the Cisco AnyConnect VPN for Windows installer.
  2. Double-click the InstallAnyConnect.exe file.
  3. When a message saying the Cisco AnyConnect client has been installed, click OK.

Connect to the Stanford VPN

Cisco anyconnect free download

Anyconnect Config

  1. Launch the Cisco AnyConnect Secure Mobility Client client.
    If you don't see Cisco AnyConnect Secure Mobility Client in the list of programs, navigate to Cisco > Cisco AnyConnect Secure Mobility Client.
  2. When prompted for a VPN, enter su-vpn.stanford.edu and then click Connect.
  3. Enter the following information and then click OK:
    • Group: select Default Stanford split- tunnel (non-Stanford traffic flows normally on an unencrypted internet connection) or Full Traffic non-split-tunnel (all internet traffic flows through the VPN connection)
    • Username: your SUNet ID
    • Password: your SUNet ID password

  4. Next, the prompt for two-step authentication displays. Enter a passcode or enter the number that corresponds to another option(in this example, enter 1 to authenticate using Duo Push to an iPad). Then click Continue.
    • You may have to scroll down the list to see all of your options.
    • If your only registered authentication method is printed list, hardware token, or Google Authenticator, the menu does not display. Enter a passcode in the Answer field and click Continue.
  5. Click Accept to connect to the Stanford Public VPN service.
  6. Once the VPN connection is established, a message displays in the lower-right corner of your screen, informing you that you are now connected to the VPN.

Disconnect from the Stanford VPN

  1. In the notification area, click the Cisco AnyConnect icon if it is displayed. Otherwise, go to your list of programs and click Cisco AnyConnect Secure Mobility Client.
  2. At the prompt, click Disconnect.