Using an OIT Managed VPN at UCI

This page is provided for information and assistance with OIT Managed VPN installations at UCI. In addition to general information about OIT Managed VPN installations, this page provides information about how valid users may obtain credentials to authentication to an OIT Managed VPN, as well as request and receive authorization to use an OIT Managed VPN.

General Information

• OIT Managed VPNs are SSL VPNs requiring both authentication and authorization, meaning a user connecting via an SSL VPN client must fulfill certain requirements before being allowed to use a VPN. (Note that some legacy OIT Managed VPNs use IPSec instead of SSL for connectivity.)
• A VPN IP address pool is the list of addresses the can be assigned upon connection based on the "Group" selected when an OIT Managed VPN. These can be important for determining what resources can be accessed once a user connects to a VPN.
• Only traffic destined for certain networks is sent through a VPN connection (called tunneled). This is specific to each VPN.

User Requirements

To use an OIT Managed VPN, a user must do the following:

• Obtain a Duo Security software (or hardware) token for two factor authentication  (See Duo Authentication for OIT Managed VPN at UCI for information about obtaining a token.)
• Authorization to use the an OIT Managed VPN  (See Authorization for OIT Managed VPN at UCI for information about requesting access.)

System Requirements

To use an OIT Managed VPN, a system must meet the following requirements:

• For Windows hosts:
  
  • Windows 8.1 (aka Windows 8 SP1), Windows 8, Windows 7 (SP 0 or SP1), or Windows Vista
  • A firewall (Windows built-in) installed and enabled
• For Mac OS hosts:
  
  • Mac OS X 10.6 - 10.9 (Intel only, no PPC support)
  • A firewall (Mac OS built-in) installed and enabled
• For Linux hosts:
  
  • A firewall (iptables) installed and enabled

Installation

1. Uninstall any previous Cisco AnyConnect Secure Mobility Client installations you may have already installed and reboot
2. Download the latest version of the AnyConnect VPN client for your specific OS from the location provided by your UCI IT contact
3. As an Administrator level user, run the following installation binaries:
   1. Windows 8, 7 or Vista
      
      1. Run anyconnect-win-*.msi and reboot.
   2. Mac OS X (Intel)
      
      1. Open anyconnect-macosx-i386-*.dmg and run AnyConnect.mpkg (on the Installation Type screen at a minimum keep VPN checked).
   3. Linux
      
      1. For 32-bit systems unzip and untar anyconnect-predeploy-linux-*.gz, run vpn/vpn_install.sh
      2. For 64-bit systems unzip and untar anyconnect-predeploy-linux-64-*.gz, run vpn/vpn_install.sh

Usage Information

Connecting and Disconnecting

1. Start the "Cisco AnyConnect Secure Mobility Client" application directly which should now be installed on your computer
2. To connect to the VPN, enter the name of the OIT Managed VPN provided by your IT contact in the box to the left of the "Connect" button, then click the "Connect" button
3. (If needed) Select the proper "Group" from the drop down menu (if it exists) 
4. Enter your UCInetID at the "UCInetID:" or "Username:" prompt
5. Enter your UCInetID password at the "UCInetID password:" or "Password:" prompt
6. Enter your Duo passcode at the "Duo passcode:" or "Second Password:" prompt (On a software token, press the green key next to the "University of California - Irvine" text to display a token code. On a hardware token, press the white button to display a token code.)
7. The message "Login failed." indicates an incorrect password, or that you selected a Group in step 3 above that you are not authorized to use.
8. Once connected successfully, you will see an icon in your task/status bar, which you can double-click and see information about your current VPN session
9. To disconnect, simply right-click on the task/status bar icon and choose "Disconnect" or click the "Disconnect" button on the "Connection" tab of the VPN client window

Troubleshooting

Occasionally it is necessary to check the client side AnyConnect log files to determine why a computer is unable to successfully connect to an OIT Managed VPN. This can be done using the AnyConnect Diagnostics and Reporting Tool (DART). It can produce a .zip file with all the relevant AnyConnect log files that can then be emailed. For Windows, DART is a separate application which can be downloaded. Contact your UCI IT contact for assistance. DART for Mac and Linux are part of the original installers which can be added using a custom install.