The Cisco VPN (Virtual Private Network) at UVa
Installation Instructions
Table of Contents
- Which client should you download?
- Cisco VPN client (IPsec) Installation Instructions
- Cisco AnyConnect client (SSL) Installation Instructions
- Known Issues by Operating System
Which VPN Client Should You Download?
- Please see "Selecting the Appropriate Cisco VPN Client" webpage.
Cisco VPN Client (IPsec) Installation Instructions
Follow these installation instructions for the Cisco VPN client.
- Download the Installer (Cisco IPSec VPN client) from from the ITS VPN download site .
- When prompted, save the Installer to your Desktop.
- Note: We recommend you remove any previous installations of the Cisco VPN client:
- In Windows, go through Add or Remove Programs in the Control Panel.
- On a Macintosh computer, download and run the Cisco VPN Uninstaller from Software Central.
- Note: We recommend you remove any previous installations of the Cisco VPN client:
- Expand to Install: Double-click the Installer, and follow the prompts as the VPN Installer does the work.
- You will need to have a current, valid digital certificate installed in the standard location for your operating system. This can be most easily accomplished by running the Network Setup Tool. (Note: This will not work on a Mac PC. To obtain a valid digital certificate for a Mac PC, go to the manual certificate installation instructions, and follow the steps under Optional: Safari (for VPN).)
Cisco AnyConnect Client (SSL) Installation Instructions
- If your Windows computer does not have Java installed, download the latest from Sun Microsystems.
- Mac OS X 10.7 (Lion) users will need to install Java. See Known Issues by Operating System.
- You will need to have a current, valid digital certificate installed in the standard location for your operating system. This can be most easily accomplished by running the Network Setup Tool.
- Click the appropriate link below for
the VPN service profile you want to use:
UVa Anywhere (can only install/use from off-Grounds):
UVa-More-Secure-Network:
JointVPN (please insert your ITS Token and wait for a few seconds before clicking the Joint VPN Link):
Oracle/Mercury and Oracle Special Services, use the JointVPN. Note: to use the SSL VPN with these profiles, you must have an iKey.
Important Notes about Web Browsers & the Installation Process
For Windows and Mac OS users, Safari, IE, and Firefox are known to work. For Windows users, if you use IE, detailed step-by-step instructions are displayed. Other browsers may require additional steps to install certificates.
Windows users should be aware of the following:
- With any browser, depending on the security settings, you may see a prompt to allow use of a digital certificate, or directing you to choose a digital certificate.
- With any browser, you may see the Windows UAC (User Access Control) pop-up requiring that you approve the installer run.
- With any browser, you may see an additional window to approve the running of the Java application separate from the UAC window.
- With Internet Explorer there may be a one-line message displayed at the top of your browser's content window asking you to approve use of an Active-X control; click anywhere in that line except the X at the end, and approve it. For Windows 7 users, this will not work properly and will fall through to the Java-based installer instead.
- With Internet Explorer, detailed step-by-step instructions are displayed.
Mac OS users should be aware of the following:
- Users of any browser will need to provide their Mac OS password to allow the installer to run.
- Safari will see a screen telling them a certificate is required. The window below the message may be blank. Click the OK button to continue.
- If the browser displays a screen with the error "UVa Anywhere Access requires a Personal Digital Certificate for authentication." either no valid digital certificate is available, or Mac OS X 10.6 users have not set the identity preference correctly (the Network Setup Tool sets this for you).
Known Issues by Operating System
Windows
- 64-bit Windows: Users must use the Cisco AnyConnect client.
- Windows Vista note for System Administrators: The Hospital profile will not work on Vista. Cisco details many caveats for Version 5 on Vista.
- Windows XP: You will need to download and run either the Windows SP3 Firewall Script or the Network Setup Tool.
Macs
- There are no supported drivers for Mac OS to use an identity token.
- Mac OS X 10.7 Lion does not include Java by default, and Java must be installed to use the recommended (SSL) VPN.
- Run the "Java Preferences.app" in the Applications/Utilities folder. If Java is not already installed you will be prompted to allow installation via Software Update.
- If Java is installed verify that the check box "Enable applet plug-in and Web Start Applications" is checked, and the boxes below the "On" column in the list of available versions are checked.
- Reorder the Java versions to place the 32-bit version first. The list can be reorded by clicking on the 32-bit version and dragging it above the 64-bit version.
- If you had to install Java, exit Safari, and start it to perform the installation. Recent updates have made Firefox installation unreliable.
- Mac OS X 10.6: No known problems, but upgraders from earlier operating systems will need to uninstall the Cisco VPN client and reinstall it. Mac OS X 10.6 users using the Cisco AnyConnect SSL client need to get certificates with the Network Setup Tool, or modify certificates as instructed on the VPN setup page.
A Note About Firewalls Running on Your Computer
The Cisco IPsec VPN client contains a firewall. This is a very simple firewall that allows outbound network traffic and does not allow inbound network traffic. It is turned on and off from the Options pull-down menu on the main panel of the application. By default it is turned off.
IMPORTANT: Regardless of whether you use the Cisco VPN Client firewall, the VPN application itself interacts badly with many personal software firewalls, including the Windows built-in firewall. For that reason you must turn off any personal firewall software that the Cisco VPN Client does not explicitly interact properly with.
