1 ver4.3 page: 1 INSTALLATION GUIDE ANYCONNECT ON WINDOWS WORKSTATIONS This document is the user guide for implementing and configuring the Cisco Anyconnect software client under Windows platform.
2 ver4.3 page: 2 CONTENTS INSTALLATION GUIDE ANYCONNECT ON WINDOWS WORKSTATIONS... 1 CONTENTS INTRODUCTION SOFTWARE DOWNLOAD MOBILE CONNECTIVITY SOFTWARE INSTALLATION IN GENERAL FOR ANY TYPE OF 3G/4G MODEM IN PARTICULAR FOR THE MDT TYPE PANASONIC CF PRE INSTALLATION CHECKS INSTALLATION OF THE CISCO ANYCONNECT SOFTWARE CLIENT CISCO ANYCONNECT PARAMETERS THERE ARE TWO TYPES OF VPN, AND THE CHOICE IS MADE ON THE REQUEST FORM (SEE SUBSCRIPTION REQUEST FORM) RSA-SIG AUTHENTICATION METHOD USING A CERTIFICATE Profile setup Download the certificate Certificate installation Installation of the certificate on machine level Setup the VPN connection EAP-MD5 AUTHENTICATION METHOD USING USERNAME AND PASSWORD Profile setup Setup the VPN connection... 35
3 ver4.3 page: 3 1 INTRODUCTION The Astrid MVNO project will allow all Blue Light services (Police, Fire,...) to access their application using a mobile terminal. Applications are stored in an Astrid Datacenter This document is a user guide for an Astrid MVNO user using a Windows PC device. The prerequisites before implementing and configuring the software are: The setup file for installing Anyconnect The profile xml file to setup the connection with Astrid VPN device If needed the certificate for RSA authentication This procedure was performed and validated in collaborative teams ASTRID and Airbus Defense & Space.
4 ver4.3 page: 4 2 SOFTWARE DOWNLOAD All the files needed for the installation can be downloaded from the site ftp.astrid.be via the internet. Remark: You must use a FTP software like Filezilla to download the files! Don t use your Web browser to do this. The Filezilla client can be downloaded from the internet at: https://filezilla-project.org/ The login and password to access the ftp server can be found in the letter sent to you by ASTRID. You can put all files on a USB-stick to do the installation on MDT or other devices.
5 ver4.3 page: 5 3 MOBILE CONNECTIVITY SOFTWARE INSTALLATION 3.1 In general for any type of 3G/4G modem In order to be able to connect to the mobile network a 3G/4G modem needs to be installed together with its appropriate software. Refer to the installation guide of your connectivity device for proper installation. Setting that need to be adjusted during the installation of the software are: In the profile management tab: - APN: blm.astrid.be - Authentication: CHAP needs to be enabled, and username astrid and password astrid are needed. - If the application requires this information, roaming should be enabled. - Network registration mode should be left on automatic. - In some Vodafone Mobile Broadband clients an Ipv4 number is mandatory, you can just fill in any number, e.g. 22 Check if you are able to connect to the mobile network by pinging and check if you get a response. Congratulations! You are now connected to the ASTRID BLM network. If you have a Clear SIM card, you should be now able to connect to your application(s) or Internet, depending the access right requested for that SIM Card. If you have a VPN SIM card, please proceed to paragraph 4 Installation of the AnyConnect software client.
6 ver4.3 page: In particular for the MDT type PANASONIC CF-19 1) Check if your CF-19 is equipped with a 3G modem. - On the bottom of the device you can find the MODEL NO. With this MODEL NO. Your local reseller should be able to tell you whether your device is equipped with a 3G modem. - If there is a label on the bottom of the device showing an IMEI code, there s is a large chance your device is equipped with a 3G modem. 2) Enable the wireless device by putting the switch located on the left side of the device in the ON position. 3) Put your SIM card into the slot at the back of the device. 4) If the Wireless Wan Manager is not already installed on your computer, download the file: WirelessWANManagerUtil_V _52V_W764_ss11636.exe and install it. (You can download this file from the ftp.astrid.be site, see chapter 2 ) 5) Start the Wireless WAN Manager. 6) The Wireless WAN Manager will detect your SIM card and ask to enter the PIN code.
7 ver4.3 page: 7 7) Once you entered the PIN code you will have to configure the Wireless WAN Manager by going to the Settings pane 8) In the Settings pane, check the Launch Wireless Manager at Windows startup button and click on the Advanced button. 9) If a windows pups up with the message: Foreign network detected, just click on Yes and continue with the setup.
8 ver4.3 page: 8 10) In the advanced setting, go to the Profiles pane, select Manual selection and click on the New button to make a new profile. 11) Give the new profile the name BLM, and assign it the APN name blm.astrid.be. Dummy username and password can be used e.g. test/test as these are not checked by the system. 12) In the Protocols pane select CHAP as authentication protocol and SAVE the profile.
9 ver4.3 page: 9 13) Again in the Advanced settings, select Manual selection, choose the BLM profile, and click on Apply and Close. 14) Now you should be able to connect the ASTRID BLM network. In the connection pane Click on Connect to set up the PDP connection.
10 ver4.3 page: 10 15) The Wireless WAN Manager might ask you again if you want to connect to a foreign network. You can just click on Yes. This is normal due to the fact that ASTRID BLM is a roaming network. 16) If all settings are right, the Wireless WAN Manager should go into Connecting state, and get connected.
11 ver4.3 page: 11 Congratulations! You are now connected to the ASTRID BLM network. If you have a Clear SIM card, you should be now able to connect to your application(s) or Internet, depending the access right requested for that SIM Card. If you have a VPN SIM card, please proceed to paragraph 4 Installation of the AnyConnect software client.
12 ver4.3 page: 12 17) In order to turn off the wireless connection you can use the Wireless ON/OFF switch on the left side of the device.
13 ver4.3 page: 13 4 PRE INSTALLATION CHECKS Before installing the Cisco Anyconnect client, and especially if you re installing on a machine with a FEDPOL image, you should check the following: 1) Your machine is running Windows XP it should have SP3 installed. If not, you can download the file: WindowsXP-KB SP3-x86-ENU.exe and run it. (You can download this file from the ftp.astrid.be site, see chapter 2) 2) Check if the following services are started: -DHCP Client -Wireless Zero Configuration If not, Go to Start -> Setting -> Control Panel. Double click on Administrative Tools and double click on Services. In the Services windows locate the service and double click it. Click on the start button to start the service and change the Startup Type to Automatic. 3) Check if your machine has a Verisign Class 3 Public Primary Certification Authority - G5 certificate. If not, you can download the file PCA-3G5.pem. (You can download this file from the ftp.astrid.be site, see chapter 2) To load the certificate, go to Run and type mmc and run the program. In Console1, go to File and select Add/Remove Snap-in. Click on the Add button. Select Certificates and click on the Add button. Select Computer account and click on the Next button. Select Local computer and click on the Finish button. Close the Add standalone snap-ins: window. Click on the OK button in the Add/Remove Snap in window. In the Console1 window you should have the tree with certificates. Under the Trusted Root Certificates Authorities, right click on Certificates and select All Tasks -> Import. This opens the Certificate import Wizard. Click on Next, browse to the file PCA-3G5.pem (Select All files (*.*) to see the.pem file) and open it. Click on Next. In the Certificate store window where the proposed store is Trusted Root Certificate Authorities just click on Next. Click on Finish. Close the Console1. (Console setting don t need to be saved )
14 ver4.3 page: 14 5 INSTALLATION OF THE CISCO ANYCONNECT SOFTWARE CLIENT The AnyConnect client is available in an install package. The installation package has to be downloaded first. First, you need to download the setup file on your station. The file name is: Anyconnect-win pre-deploy-k9.msi ( you can download this file from the ftp.astrid.be site, see chapter 2) Launch the setup by double clicking on this file. The following display appears, then press Next Accept the term of the license and press Next as described below:
15 ver4.3 page: 15 Then press Install:
16 ver4.3 page: 16 Wait until the setup finish and press Finish The software in now installed.
17 ver4.3 page: 17 6 CISCO ANYCONNECT PARAMETERS There are two types of VPN, and the choice is made on the request form (see subscription request form). The preferred type is based on the installation of a certificate on the workstation (Mobile Data Terminal) which does not require the user to enter credentials when connecting. execute 6.1 hereunder, and skip 6.2 The second type is based on the usage of credential (username + password) which requires the user to enter those credential each time he makes a connection skip 6.1 hereunder, and execute RSA-SIG authentication method using a certificate Profile setup The profile setup can be done by simply copying the profile xml file called: astridcert-sdc.xml into the appropriate directory. (You can download this file from the ftp.astrid.be site, see chapter 2) For Windows XP this directory is: C:\Documents and Settings\All users\application data\cisco\cisco AnyConnect Secure Mobility Client\Profile If this directory is not visible go to My Computer, and select Folder Options under the Tools tab.
18 ver4.3 page: 18 Under the View tab in the Advanced settings the Show hidden files and folders option should be selected. Reboot your PC after copying the file. For Windows 7 this directory is: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile If this directory is not visible click on START and select Computer. Select Organize and click on Folders and search options to open the Folder Option window.
19 ver4.3 page: 19 Select the View tab and click on the show hidden files, folders, and drives option Reboot your PC after copying the file in the correct directory.
20 ver4.3 page: Download the certificate. - Connect your Windows workstation to the mobile network, but do NOT connect with Cisco Anyconnect). - Go to the certificate server: and click on Create Keystore (check if your proxy setting are disabled to access this site! ) - REMARK: This site is only accessible when connected to BLM, it s not accessible from the internet! - - In the authentication screen, enter you username and password. - ( the username starts with cer.) Username and password are completed by ASTRID on the subscription form and sent to you by letter.
21 ver4.3 page: 21
22 ver4.3 page: 22 - Click on the OK button to download the certificate on your PC. DO NOT install it in your browser! Certificate installation Once you have downloaded the certificate file (.p12) or copied the certificate file on your Windows workstation and double click on it. The following screen appears. Click on Next
23 ver4.3 page: 23 Validate the path to the certificate file by press Next
24 ver4.3 page: 24 Enter the certificate password provided by Astrid and press Next Then select the storing place for the certificate by clicking on the Browse button: Store it in the personal directory by selecting Personal and press OK :
25 ver4.3 page: 25 Validate with Next And terminate the installation by pressing Finish
26 ver4.3 page: 26 The certificate import is now done : With this method only your user will be able to use the certificate for the VPN connection. If you want the all users on the workstation to be able to use the VPN connection with certificate, you will have to install the certificate on machine level (see next chapter) Installation of the certificate on machine level. - go to Run and type mmc and run the program.
27 ver4.3 page: 27 - In Console1 go to File and select Add/Remove Snap-in. - Select Certificates and click on the Add button.
28 ver4.3 page: 28 Select Computer account and click on the Next button. - Select Local computer and click on the Finish button.
29 ver4.3 page: 29 - Close the Add standalone snap-ins: window by clicking on Finish. - In the Console1 window you should have the tree with certificates. - Select the Personal Certificates, go to All tasks and select Import - Follow the wizard and import the.p12 certificate ( The one that was downloaded in chapter 6.2.3) Close the Console1 window. ( you don t need to save the Console1 settings).
30 ver4.3 page: Setup the VPN connection On your windows screen click on Start and select and launch the Cisco Anyconnect Secure Mobility Client The following Windows appears, click on Connect
31 ver4.3 page: 31 If the destination router sdc-roucdcvpn01.blm.astrid does not appear in the Cisco Anyconnect Secure Mobility Client windows you should re-check the profile setup in 4. In the preference of Cisco Anyconnect you need to uncheck the option Block connections to untrusted servers
32 ver4.3 page: 32 You are now connected to the Astrid Datacenter:
33 6.2 EAP-MD5 authentication method using Username and Password Profile setup ver4.3 page: 33 The profile setup can be done by simply copying the profile xml file called: astrideap-sdc.xml into the appropriate directory. (You can download this file from the ftp.astrid.be site, see chapter 2) For Windows XP this directory is: C:\Documents and Settings\All users\application data\cisco\cisco AnyConnect Secure Mobility Client\Profile If this directory is not visible go to My Computer, and select Folder Options under the Tools tab. Under the View tab in the Advanced settings the Show hidden files and folders option should be selected. Reboot your PC after copying the file.
34 ver4.3 page: 34 For Windows 7 this directory is: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile If this directory is not visible click on START and select Computer. Select Organize and click on Folders and search options to open the Folder Option window. Select the View tab and click on the show hidden files, folders, and drives option
35 ver4.3 page: 35 Reboot your PC after copying the file in the correct directory Setup the VPN connection On your windows screen click on Start and select and launch the Cisco Anyconnect Secure Mobility Client The following Windows appears, click on Connect
36 ver4.3 page: 36 If the destination router sdc-roucdcvpn01.blm.astrid does not appear in the Cisco Anyconnect Secure Mobility Client windows you should re-check the profile setup in 4. In the preference of Cisco Anyconnect you need to uncheck the option Block connections to untrusted servers
37 ver4.3 page: 37 Enter your credentials (username and password) Username and password are sent to you by mail. You are now connected to the Astrid Datacenter:
Allworx OfficeSafe Operations Guide Release 6.0 No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopy,
Installation / Backup \ Restore of a Coffalyser.Net server database using SQL management studio This document contains instructions how you can obtain a free copy of Microsoft SQL 2008 R2 and perform the
Acronis Backup & Recovery 11 Quick Start Guide Applies to the following editions: Advanced Server Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server for Windows Workstation
Vodafone R101 Table of Contents Welcome...3 1. Getting Started Initial Connection and Security Settings... 4 1.1 Overview... 5 System Requirements... 5 Device overview... 5 Sharing Dock and USB Stick LEDs...
Implementing ActivIdentity Smart Cards for Use with HP Compaq t5720 Thin Clients and HP Blade PCs Introduction............................................................ 2 Prerequisites............................................................
Configuration Guide Lepide Exchange Recovery Manager Lepide Software Private Limited, All Rights Reserved This User Guide and documentation is copyright of Lepide Software Private Limited, with all rights
GE Measurement & Control Remote Comms System Installation and User Reference Guide Contents BENEFITS OF REMOTE COMMS SYSTEM... 1 HOW THE REMOTE COMMS SYSTEM WORKS... 3 COMPONENTS OF REMOTE COMMS SYSTEM...
Cox Business Premium Online Backup USER'S GUIDE Cox Business VERSION 1.0 Table of Contents ABOUT THIS GUIDE... 4 DOWNLOADING COX BUSINESS PREMIUM ONLINE BACKUP... 5 INSTALLING COX BUSINESS PREMIUM ONLINE
MGC WebCommander Web Server Manager Installation and Configuration Guide Version 9.0 Copyright 2007 Polycom, Inc. All Rights Reserved Catalog No. DOC2138C Version 9.0 Proprietary and Confidential The information
Diamond II v2.3 Service Pack 4 Installation Manual P/N 460987001B ISS 26APR11 Copyright Disclaimer Trademarks and patents Intended use Software license agreement FCC compliance Certification and compliance
Installation and Upgrade Guide Copyright Statement Copyright Acronis International GmbH, 2002-2014. All rights reserved. Acronis and Acronis Secure Zone are registered trademarks of Acronis International
Outlook E-Mail Step 1: Open and Configure Outlook 1. Click the Microsoft Button in the lower left task bar 2. Select All Programs 3. Select Microsoft Office 4. Select Microsoft Outlook 5. Follow the Start
Non-ThinManager Components Microsoft Terminal Servers play an important role in the ThinManager system. It is recommended that you become familiar with the documentation provided by Microsoft about their
Migrating From Bobcat Mail To Google Apps (Using Microsoft Outlook and Google Apps Sync) This document is intended for those users moving from WVWC s Bobcat Mail system to the new Google Apps mail system
LogMeIn Backup User Guide Contents About LogMeIn Backup...4 Getting Started with LogMeIn Backup...5 How does LogMeIn Backup Work, at-a-glance?...5 About Security in LogMeIn Backup...5 LogMeIn Backup System
Zanibal Plug-in For Microsoft Outlook Installation & User Guide Version 1.1 Zanibal LLC Phone: +1-408-887-0480, +234-1-813-1744 Email: firstname.lastname@example.org www.zanibal.com Copyright 2012, Zanibal LLC. All
FAQ How does the new Big Bend Backup (powered by Keepit) work? Once you establish which of the folders on your hard drive you ll be backing up, you ll log into myaccount.bigbend.net and from your control
COX BUSINESS ONLINE BACKUP Quick start Guide www.cox.com Services and features not available in all areas and package options vary by market. Rates and speeds vary by market. Number of users and network
Dell Archive Manager 5.1.1 2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license
User's Manual Intego Remote Management Console User's Manual Page 1 Intego Remote Management Console for Macintosh 2007 Intego, Inc. All Rights Reserved Intego, Inc. www.intego.com This manual was written
A Transend Corporation White Paper Migration Guide: Single User Mailbox Novell GroupWise Microsoft Exchange/Outlook (PST) Transend Migrator 10.x Transend Migrator Forensic Edition 10.x Copyright February
Liebert Nform Infrastructure Monitoring Software User Manual - Version 4 TABLE OF CONTENTS 1.0 ABOUT LIEBERT NFORM................................................1 1.1 How Do You Contact Emerson Network
Quick Start Guide Copyright Wasp Barcode Technologies 2014 No part of this publication may be reproduced or transmitted in any form or by any means without the written permission of Wasp Barcode Technologies.
PREFACE Every effort has been made to ensure that the information in this document is complete, accurate, and up-to-date. The manufacturer assumes no responsibility for the results of errors beyond its
Media Control Server MCS-EX Integration Guide for RTI Control Systems Version 2.0-1 - Table of Contents Overview... 3 Setting up MCS for RTI Control.... 5 Requirements.... 5 Preparation.... 5 Programming