INSTALLATION GUIDE ANYCONNECT ON WINDOWS WORKSTATIONSS ver4.2 page: 1 This document is the user guide for implementing andd configuring the Cisco Anyconnect software client under Windows platform.
ver4.2 page: 2 CONTENTS INSTALLATION GUIDE ANYCONNECT ON WINDOWS WORKSTATIONS...... 1 CONTENTS..................... 2 1 2 3 4 5 6 INTRODUCTION..................... 3 SOFTWARE DOWNLOAD... 4 MOBILE CONNECTIVITY SOFTWARE INSTALLATION... 5 MOBILE CONNECTIVITY INSTALLATION ON PANASONICC CF-19... 6 PRE INSTALLATION CHECKS... 13 INSTALLATION OF THE CISCO ANYCONNECT SOFTWARS RE CLIENT... 14 7 CISCO ANYCONNECT PARAMETERS... 17 7.1 RSA-SIG AUTHENTICATION METHOD USING A CERTIFICATE... 17 7.1.1 Profile setup... 17 7.1.2 Download the certificate.... 20 7.1.3 Certificatee installation... 22 7.1.4 Installation of the certificate on machine level.... 26 7.1.5 Setup the VPN connection... 30 7.2 EAP-MD5 AUTHENTICATION METHOD USING USERNAMEE AND PASSWORD... 32 7.2.1 7.2.2 Profile setup... 32 Setup the VPN connection... 34
ver4.2 page: 3 1 INTRODUCTION The Astrid MVNO project will alloww all Blue Light services (Police, Fire,...) to access their application using a mobile terminal. Applications are a stored in an Astrid Datacenter This document is a user guide for an Astrid MVNO user using a Windows PC device. The prerequisites before implementing and configuring the software are: The setup file for installing Anyconnect The profile xml file f to setupp the connection with Astrid VPNN device If needed the certificate for RSA authentication This procedure was performed andd validatedd in collaborative teams ASTRID and Airbus Defense & Space.
ver4.2 page: 4 2 SOFTWARE DOWNL LOAD All the files needed for the installation can be downloaded from the site ftp.astrid.be via the internet. Remark: You must use a FTP software like Filezilla to download the files! f Don t use your Web browser too do this. The Filezilla client can be downloaded from the internet at: : https://filezilla-project.org/ The login and password to access the ftp server can be found in the letter sent to you by ASTRID. You can put all files on a USB-stick to do the installation on MDT or other devices
ver4.2 page: 5 3 MOBILE CONNECTIVITY SOFTWA ARE INSTALLATION In order to be able to connect to the mobile network a 3G/4G modem needs to be installed together with its appropriate software. Refer to the installationn guide of your connectivity device for proper installation. Setting that need to be adjusted during the installation of the software are: In the profile management tab: - APN: blm.astrid.be - Authentication: CHAP needs to be enabled, and username astrid and password astrid are needed. - If the application requires this information, roaming should be enabled. - Network registration mode should be left onn automatic. Check if you are able to connect to the mobile network by pingingg 43.16.16. 37 and check if you get a response.
ver4.2 page: 6 4 MOBILE CONNECTIVITY INSTALLATIONN ON PANASONIC CF-19 1) Check if your CF-19 is equipped with a 3G modem. - On the bottom of the device you can find the MODEL NO. With this MODEL NO. Your local reseller should be able to tell you whetherr your device is equipped with a 3G modem. - If there is a label on the bottom of the device showingg an IMEI code, there s is a large chance your device is equipped with a 3G modem. 2) Enable the wireless device by putting the switchh located onn the left side of the device in the ON position. 3) Put your SIM card into the slot at the back of the device. 4) If the Wireless Wan Manager is not already installed on your computer, download the file: WirelessWANManagerUtil_V7.1.0.2_52V_W764 ss11636.exe and install it. (You can download this filee from the ftp.astrid.b e site, see chapter 2 ) 5) Start the Wireless WAN Manager. 6) The Wireless WAN Manager will detect your SIM card andd ask to enter the PIN code.
ver4.2 page: 7 7) Once you entered the PIN code you will have to configure the Wireless WAN Manager by going to the Settings pane 8) In the Settings pane, check the Launch Wireless Manager at Windows startup buttonn and click on the Advanced button. 9) If a windows pups up with the message: Foreign network detected, just click on Yes and continue with the setup.
ver4.2 page: 8 10) In the advancedd setting, goo to the Profiles pane, select Manual selection and click on thee New button to make a new profile. 11) Give the new profile the name BLM, and assign itt the APN name blm.astrid.be. Dummy username and password can be used e.g. test/test as these are nott checked by the system. 12) In the Protocols pane select CHAP as authentication protocol and SAVE the profile.
ver4.2 page: 9 13) Again in the Advanced settings, select Manual selection, choose the t BLM profile, and click on Applyy and Close. 14) Now you should be able to connect the ASTRID BLMM network. connection pane Click on Connect to set up thee PDP connection. In the
ver4.2 page: 10 15) The Wireless WAN Manager might ask you again if you want to connect to a foreign network. You can just click on Yes. This is normal due to the fact that ASTRID BLM is a roaming network. 16) If all settings are right, the Wireless WANN Managerr should Connecting state, and get connected. go into
ver4.2 page: 11 Congratulations! You are now connected to the ASTRIDD BLM network. If you have a Clear SIM card, you should be now able to connect too your application(s) or Internet, depending the access right requested for thatt SIM Card. If you have a VPN SIM card, please proceed to paragraph 4 Installation of the AnyConnect software client. 17) In order to turn off the wireless connection you can use thee Wireless ON/OFF switch on the left side of the device.
ver4.2 page: 12
ver4.2 page: 13 5 PRE INSTALLATION CHECKS Before installing the Cisco Anyconnect client, and especially if you re installing on a machine with a FEDPOL image, you should check the following: 1) Your machine is running Windows XP it should have h SP3 installed. If not, you can download the file: WindowsXP-KB936929-SP3-x86-ENU.exe and run it. (You can download this filee from the ftp.astrid.b e site, see chapter 2) 2) Check if the following services are started: -DHCP Client -Wireless Zero Configuratio on If not, Go to Start -> Setting -> Control Panel. Double click on Administrative Tools and double click on Services. In the Services windows locate the service and double click it. Click on the start button to start the service and change the Startup Type to Automatic. 3) Check if your machine has a Verisign Class 3 Public Primary Certification Authority - G5 certificate. If not, you can download the file PCA-3G5.pem. (You can download this file from the ftp.astrid.be site, see chapter 2) To load the certificate, go to Run and type mmc and run the program. In Console1, go to File andd select Add/Remove Snap-in. S Click on the Addd button. Select Certificates and click on the Add button. Select Computer account and click on the Next button. b Select Local computer and click on the Finish button. Close the Add standalone snap-ins: window. Click on the OK button in the Add/Remove Snap in window. In the Console1 window you should have the tree with certificates. Under the Trusted Root Certificates Authorities, right click on Certificates and select All Tasks -> Import. This opens the Certificate import Wizard. Click on Next, browse to the file PCA-3G5.pem where the proposed storee is Trusted Root (Select( All files (*.*) to t see the.pem file) and open it. Click on Next. In the Certificate store window Certificate Authorities justt click on Next. Click on Finish. Close the Console1. (Console setting don t need to be saved )
ver4.2 page: 14 6 INSTALLATION OF THE CISCO ANYCONNECT SOFTWARE CLIENT The AnyConnect client is availablee in an install package. The installation package has to be downloaded first. f First, you need to downloadd the setupp file on your station. The file name is: Anyconnect-win-3.1.04063-pre-deploy-k9.msi you can download this file from the ftp.astrid.be site, see chapter ( 2) Launch the setup by double clicking on this file. The following display appears, then press Next Accept the term of the license andd press Next as described below:
ver4.2 page: 15 Then press Install:
ver4.2 page: 16 Wait until the setup finish and press Finish The software in now installed.
ver4.2 page: 17 7 CISCO ANYCONNECT PARAMETERS 7.1 RSA-SIG authentication method using a certificate 7..1.1 Profile setup The profile setup can be done by simply copying the profile xml file called: astrid- cert-sdc.xml into the appropriatee directory. (You can download this file from the ftp.astrid.be site, see s chapter 2) For Windows XP this directoryy is: C:\Documents and Settings\All users\application data\ \Cisco\Cisco AnyConnect Secure Mobility Client\Profile If this directory is not visible go too My Computer, and select Folder Options under the Tools tab.
ver4.2 page: 18 Under the View tab in the Advanced settings the Show hidden files and folders option should be selected. Reboot your PC after copying the file. For Windows 7 this directory is: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile If this directory is not visible click on STARTT and selectt Computer. Select Organize and click on Folderss and search options to open the Folder Option window.
ver4.2 page: 19 Select the View tab and click onn the showw hidden files, f folders, and drives option Reboot your PC after copying the file in the correct directory.
ver4.2 page: 20 7..1.2 Download the certificate. - Connect your Windowss workstation to the mobile network, but do NOT connect with Cisco Anyconnect). - Go to the certificate server: http://43.16. 16.37:8080/ejbca/ and click on Create Keystore (check is your proxy setting s are disabled to access this site! ) - REMARK: This site is only accessible whenn connected to BLM, accessible from the internet! it s not - In the authentication screen, enter you username and Username and password are completed by ASTRID A on form and sent to you by letter. password. the subscription
ver4.2 page: 21
ver4.2 page: 22 - Click on the OK buttonn to download the certificate on install it in your browser! your PC. DO NOT 7..1.3 Certificate installation Once you have downloaded the certificate file (.p12) orr copied thee certificatee file on your Windows workstation and double click on it. The following screen appears. Click on Next
ver4.2 page: 23 Validate the path to the certificatee file by press Next
ver4.2 page: 24 Enter the certificate password provided by Astrid and press Next Then select the storing place for the certificate by clicking on the Browse button: Store it in the personal directory by selecting Personal and press OK :
ver4.2 page: 25 Validate with Next And terminate the installation by pressing Finish
ver4.2 page: 26 The certificate import is now donee : With this method only your user will be able to use the certificate for the VPN connection. If you wantt the all users on the workstationn to be ablee to use the VPN connection with certificate, you will have to install the certificate c on machine level (see next chapter) 7..1.4 Installation of the certificate on machine level. - go to Run and type mmc and run the program.
ver4.2 page: 27 - In Console1 go to File and select Add/Remove Snap-in. - Select Certificates and click on the Add button.
ver4.2 page: 28 Select Computer account and click on the Next button. b - Select Locall computer and click on the Finish button.
ver4.2 page: 29 - Close the Add standalone snap-ins: window by clicking on Finish. - In the Console1 window you should have the tree withh certificates. - Select the Personal Certificates, go to All tasks and select Import - Follow the wizard and import the.p12 certificate ( Thee one that was downloadedd in chapterr 6.2.3) Close the Console1 window. ( youu don t need to save the Console1 settings).
ver4.2 page: 30 7..1.5 Setup the VPN connection On your windows screen click on Start and select andd launch thee Cisco Anyconnect Secure Mobility Client The following Windows appears, click on Connect
ver4.2 page: 31 If the destination router sdc-roucdcvpn01.blm.astrid does d not appear in the Cisco Anyconnect Secure Mobility Clientt windows you should re-check the profile setup in 4. You are now connected to the Astrid Datacenter:
ver4.2 page: 32 7.2 EAP-MD5 authentication method using Username and Password 7..2.1 Profile setup The profile setup can be done by simply copying the profile xml file called: astrid- eap-sdc.xml into the appropriate e directory. (You can download this file from the ftp.astrid.be site, see s chapter 2) For Windows XP this directoryy is: C:\Documents and Settings\All users\application data\ \Cisco\Cisco AnyConnect Secure Mobility Client\Profile If this directory is not visible go too My Computer, and select Folder Options under the Tools tab. Under the View tab in the Advanced settings the Show hidden files and folders option should be selected. Reboot your PC after copying the file. For Windows 7 this directory is: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
ver4.2 page: 33 If this directory is not visible click on STARTT and selectt Computer. Select Organize and click on Folderss and search options to open the Folder Option window. Select the View tab and click onn the showw hidden files, f folders, and drives option Reboot your PC after copying the file in the correct directory.
ver4.2 page: 34 7..2.2 Setup the VPN connection On your windows screen click on Start and select andd launch thee Cisco Anyconnect Secure Mobility Client The following Windows appears, click on Connect
ver4.2 page: 35 If the destination router sdc-roucdcvpn01.blm.astrid does d not appear in the Cisco Anyconnect Secure Mobility Clientt windows you should re-check the profile setup in 4. Enter your credentials (username( and password) Username and password are sent to you by mail. You are now connected to the Astrid Datacenter: