Installing and Connecting to Cisco Secure Client App on Android or iOS Devices


Introduction

 

Secure Sockets Layer (SSL) virtual private network (VPN) provides secure remote access from one machine to restricted/private resources across a public network. Virginia Tech's SSL VPN service, referred to as "Remote Access VPN”, is a service that allows a user to access Virginia Tech resources remotely across the globe. This service does not provide any end-to-end encryption to other services that are being accessed over VPN but does encrypt the traffic between your machine and the VPN device. )

 

Contents

 

Prerequisites

  • All current Virginia Tech faculty, staff, and students are eligible to access Remote Access VPN.
  • You must have an active Virginia Tech PID and DUO 2-factor configured. For more information on using DUO, please visit Using 2-Factor Authentication.
  • You may use either Virginia Tech provided computers or personally owned computers to connect to Remote Access VPN, as long as they meet the minimum system and password requirements. 
  • You must have access to an administrator account on the computer. If you have a computer owned by Virginia Tech and do not have that access, contact your Network Liaison or contact 4Help.
  • To access Virginia Tech Remote Access VPN service you must enable both IPv4 and IPv6 stacks on your network adapter. IPv6 requirement is not dependent on your ISP's ability to provide you with an IPv6 address, this is because the VPN allocates you an IPv6 address and does need the IPv6 stack to be enabled on your network adapter. If you do not know how to enable IPv6 for your device, please contact your Network Liaison or contact 4Help

Top of page

Supported Platforms

For security reasons, we ask users to upgrade their machines to the latest version and update them periodically to receive any patches for vulnerabilities. Network Infrastructure and Services (NI&S) is unable to support operating systems that are no longer supported by the operating system manufacturer. 

To find out if your system is supported visit: Cisco Secure Client - Supported Operating Systems.

Top of page

Connection Options

We recommend VT Traffic as the connection profile that most of our users should use. We also offer an All Traffic connection option as well. For more information, see the Which Connection Profile Do I Use? section of Remote Access VPN Frequently Asked Questions.

Top of page

 

Instructions

Installing Cisco Secure Client in Android or iOS

  1. On your chosen platform download the Cisco Secure Client:
  2. Choose the Cisco Secure Client - AnyConnect app and tap Install.

     

  3. Accept the license agreement if one is presented.
  4. A Notifications prompt will appear. You may choose either Don't Allow or Allow.
  5. Follow the instructions below for Connecting to VPN in Android or iOS
  6. If you are experiencing any problems please review the Remote Access VPN Frequently Asked Questions.


Connecting to the VPN in Android or iOS

Initial Bootstrap Connection

  1. The first initial connection to the Cisco Secure AnyConnect VPN requires you to manually enter the connection details.  After you establish the initial connection the client will automatically update itself with any software updates as well as your standard connection profiles you will then use in the future.
  2. Launch the Cisco Secure Client by clicking on its icon.
  3. Choose to add a new VPN connection by tapping Connection.

     

  4. In the Connection Selector click the + icon in the lower right-hand corner to add a new connection profile.

     

  5. Enter the following information:
    1. Description: VT Traffic 
    2. Server Address: https://vpn.vt.edu/VT-Traffic 
  6. Tap Done.
  7. Tap Connection Selector at the top of the screen to go back to the Cisco Secure Client main screen. 
  8. You should now see VT Traffic listed under Connections. 
  9. Tap the toggle button next to AnyConnect VPN to connect to the VPN. 
  10. A browser window will open.  Enter your VT credentials. 
    1. In the Username text box, type your VT PID 
    2. In the password text box, type your PID password
    3. Tap Login.

       

  11. Complete 2-factor authentication. For issues with DUO, please visit this 4help article 

      

  12. The screen will default to your preferred 2-factor method.  If you prefer to use another method click on the Other options link.  The following list contains the options available for 2-factor authentication  

    • To use push notification:
      1. Select Duo Push from the Other options list.
        (This will send a push notification to the first push-capable device that is enrolled in your Duo account. To send the push notification to a different device, select the last item from the Other options list, Manage devices.)
      2. When the push notification appears, accept the Duo push notification.
        1. If the push notification does not appear, see Duo Mobile App Errors, Problems, and Connection Issues / Duo Push Not Received.
    • To use a Yubikey:
      1. The Yubikey must be previously registered with Duo as AES. U2F tokens will not work. For instructions on enrolling devices to DUO, see this 4help article.
      2. Select Security key from the Other options list.
      3. When prompted to "Touch your security key" tap your YubiKey. The passcode will be automatically generated and submitted by the YubiKey for you.
    • To use a 6-digit numeric passcode from the Duo mobile app:
      1. Start the Duo mobile app.
      2. In the Duo mobile app, tap Show to the right of the hidden Passcode.
      3. On your computer select Duo Mobile passcode from the Other options list.
      4. In the Passcode text box, type the 6-digit numeric passcode from the Duo mobile app.
      5. Click Verify.
    • To use a 6-digit numeric passcode from a D-100 token or a software token:
      1. Use the D-100 token or the smartphone application to generate a 6-digit numeric code.
      2. On your computer select Duo Mobile passcode from the Other options list.
      3. In the Passcode text box, type the 6-digit D-100 numeric passcode.
      4. Click Verify.
    • To use a Bypass code from 4Help:
      1. Contact 4Help and obtain a bypass code.
      2. Enter the bypass code in the text box.
      3. Click Verify.

  13. If this is the first time connecting on your machine you will receive the following prompt:

     

    If the computer is public or shared between multiple users select "No, other people use this device" so that your VPN login information is not saved.  If you are the only user of the computer select "Yes, this is my device".

  14. Once the VPN connection is established, the browser will display the following message. You are now connected to the VPN and can close that browser tab.   The Cisco Secure Client will also now show a green checkmark next to the lock image.

  15. After the initial connection is successfully established your client will update itself.  You can continue to use the VPN while it is updating.  Later, when you disconnect and reconnect to the VPN you will notice new connection profiles have been added, VT Traffic and All Traffic.
  16. If you do not know which of these connection profiles to use, we recommend using VT Traffic. For more information, see Which Connection Profile do I use?
  17. If you are experiencing any problems please review the Remote Access VPN Frequently Asked Questions before contacting 4Help by clicking Get Help at the top of this page.

Top of page


Disconnecting from the VPN in Android or iOS

  1. Switch to the Cisco Secure Client app.
  2. Tap the toggle button to the the right of AnyConnect VPN and wait for it to disconnect. 

Top of page