Connecting to DISD SSL-VPN With the Cisco AnyConnect VPN client Remote Access VPN users are encouraged to migrate from the old classical IPSec software client to the new SSL enabled VPN client, now called AnyConnect (AC). The new SSL VPN client is much easier to use and configure, and works with any browser. The AnyConnect client alleviates the need for users to manage and install different connection profiles, or the need for administrators to install/configure the client manually during prestaging/imaging of a machine, as well as resolving compatibility issues with newer Operating Systems (e.g. Windows Vista 64-bit) and other SSL enabled devices. There are two scenarios in which users will connect to the VPN via the SSL client: 1. Users with no client installed: Users connecting to the VPN for the 1 st time (no AnyConnect client installed yet) 2. Users with Client installed: Users connecting to the VPN with the AnyConnect client (downloaded previously via the 1 st method) Any users connecting for the first time will need to follow scenario 1 to download the client. Thereafter, the user will be able to use scenario 2 (it s not required to download the client every time the user requires VPN access). Summary Steps: Scenario 1 Users with no AC client installed: 1. User launches web browser and navigates to https://disdvpn.dallasisd.net 2. User authenticates and downloads AC client 3. AC client is launched automatically and connects to DISD VPN network 4. Hereafter user should use Scenario 2 to connect to VPN (no need to re-download and re-install client) Scenario 2 User with the AC client already installed: 1. User launches AC client manually when VPN connection is required (just like the old IPSec software client) 2. User initiates connection to the VPN gateway 3. User authenticates and is connected to DISD VPN network
Detailed Steps: Scenario 1 Users with no AC client installed: The user will need to browse to https://disdvpn.dallasisd.net to download the client for the first time. 1. Open a web browser 2. Navigate to https://disdvpn.dallasisd.net 3. Click Continue to accept the warning (certificate unverified)
4. You are presented with the SSL VPN web portal page. 5. Click the drop-down arrow next to the Group field to change the Connection Profile (Group).
6. Select the SSLVPN Group.
7. Enter your username and password, and click Login
8. On successful authentication, you are presented with a security message, click continue to proceed.
9. The system will try to determine the best method to install the client. If using Internet Explorer, the ActiveX method will attempt to install the client. If using another browser (Firefox, Chrome, etc) then the Java method will commence. In either case, you must allow the action to take place. The IE browser will require you to click the top warning bar (1), and when the menu pops up click Run Add-on (2).
10. Click Yes to accept the unverified certificate.
11. Click Run to begin the AC client installation process.
12. Wait for the AC client installer to launch.
13. Click Yes to accept the unverified certificate for the installer.
14. Wait for the AC client to download to the local machine.
15. Wait for the installation to complete successfully.
16. The client will connect automatically and minimize itself to the system tray, verify the AC clients doubleglobe icon has a yellow padlock. This signifies the connection has completed and is secure.
17. The client is now connected and the web browser is no longer needed. You may safely close the browser and right-click the AC client icon in the system tray to interact with it (open, disconnect, etc). 18. For example, click Open Anyconnect from the system tray icon menu to view the status of the client, verify state is Connected.
19. To end the VPN session, with the client window still open, simply click the Connection tab, and click Disconnect. Alternatively, right-click the system tray icon and click Disconnect. Note: Now that the client has been downloaded and installed via the web browser method, it is no longer necessary to login via the web portal page, the remote machine has the client installed locally and is able to initiate a VPN connection directly from the local AC VPN client, just as before with the old legacy client.
Scenario 2 Users with AC client installed: Now that the user s machine has the client already installed, the connection process is much more simplified and closely resembles the typical actions used to connect via the legacy IPSec VPN client. 1. Launch the AnyConnect client via the Start Menu shortcut installed during the installation in Scenario 1. (Click Start > Cisco AnyConnect VPN Client)
2. The AC client window opens. Verify that the Connect to entry has disdvpn.dallasisd.net selected, and click Select. 3. Click Accept for the unverified certificate.
4. Verify the Group selection is SSLVPN (select it via the drop-down arrow if not). 5. Enter your EAD Domain (email) Username and Password 6. Click Connect 7. On successful authentication, you are presented with a security message, click Accept to proceed.
8. Click Yes to accept the untrusted certificate. 9. After the client connects, it will minimize itself to the system tray; verify the AC clients double-globe icon has a yellow padlock. This signifies the connection has completed and is secure. The client is now connected, right-click the system tray icon to open, or disconnect the client, as in Step 17 of Scenario 1.