Cisco VPN Status Displayed on Tech Blog

(Many of the links in this article redirect to a specific reviewed product. Your purchase of these products through affiliate links helps to generate commission for Techsplurge.com, at no extra cost. Learn more)

Introduction

In today's digital age, Virtual Private Networks (VPNs) have become an essential tool for both personal and professional use. Cisco's AnyConnect VPN client is one of the most widely used VPN solutions, offering robust security and seamless connectivity. However, managing and troubleshooting VPN connections can sometimes be complex, especially for those who are not tech-savvy. This article provides a comprehensive guide on setting up and managing Cisco AnyConnect VPN, including troubleshooting common issues and understanding various status displays.

Setting Up Cisco AnyConnect VPN

Installation on macOS

Download and Install

1. Navigate to the VPN portal specific to your institution (e.g., vpn.iit.edu for Illinois Tech).
2. Log in using your username and password. Ensure that the Group dropdown is not changed.
3. After logging in, you will be directed to a download page. Click on the Download for… button.
4. The file will mount a disk image. Open this disk image and launch the file named "anyconnect-macosx-XXXXX".
5. On the welcome screen, click Continue.
6. When presented with the software license agreement, click Continue and then Agree on the slide-down menu.
7. Select only VPN and de-select all other options.
8. During the upgrade process, you may encounter a System Extension Blocked pop-up message. Click on Open Security Preferences.
9. In the Security & Privacy window, click on Allow to permit the extension.
10. The VPN client will begin to install itself. Once installed, click the Close button.

Setup and Connect

1. Cisco AnyConnect can be found in the Cisco folder located in the Applications folder (/Applications/Cisco/).
2. Navigate to /Applications/Cisco/ and open "Cisco AnyConnect Secure Mobility Client."
3. If the dropdown next to the Connect button is blank, enter the VPN server address specific to your campus (e.g., vpn.iit.edu for Rice and Mies Campuses, access.kentlaw.edu for Conviser Law Center, and ifsh-vpn.iit.edu for Moffett (IFSH) Campus).
4. Enter the following information and click OK:
   • For Mies and Rice Campuses:
     • Group: IIT-VPN-USERS
     • Username: your full university email
     • Password: your Access Illinois Tech password
   • For Conviser Law Center:
     • Group: CK VPN
     • Username: your full university email
     • Password: your Access Illinois Tech password
   • For Moffett (IFSH) Campus:
     • Group: MOFFETT-VPN
     • Username: your full university email
     • Password: your Access Illinois Tech password

Multi-Factor Authentication Using Okta Verify

1. If you have chosen Okta Verify as your MFA option, you will receive a push notification on your mobile device after entering your password and clicking OK.
2. Hit "Yes, it's me" to authenticate.
3. Upon successful connection, Cisco AnyConnect will minimize itself, and you will see the AnyConnect logo with a small lock in your menu bar just to the left of the time.

Installation on iOS Devices

Download and Install

1. Navigate to the VPN portal specific to your institution (e.g., vpn.iit.edu for Illinois Tech).
2. Download the Cisco Secure Client (formerly AnyConnect) app from the App Store.
3. Open the app and log in using your username and password.
4. Ensure that the group authentication is set correctly based on your institution's requirements.

Setup and Connect

1. Enter the VPN server address specific to your campus (e.g., vpn.iit.edu for Rice and Mies Campuses, access.kentlaw.edu for Conviser Law Center, and ifsh-vpn.iit.edu for Moffett (IFSH) Campus).
2. Enter the following information and click Connect:
   • For Mies and Rice Campuses:
     • Group: IIT-VPN-USERS
     • Username: your full university email
     • Password: your Access Illinois Tech password
   • For Conviser Law Center:
     • Group: CK VPN
     • Username: your full university email
     • Password: your Access Illinois Tech password
   • For Moffett (IFSH) Campus:
     • Group: MOFFETT-VPN
     • Username: your full university email
     • Password: your Access Illinois Tech password

Multi-Factor Authentication Using Okta Verify

1. If you have chosen Okta Verify as your MFA option, you will receive a push notification on your mobile device after entering your password and clicking Connect.
2. Hit "Yes, it's me" to authenticate.
3. Upon successful connection, the app will display a connected status icon.

Understanding VPN Status Displays

When using Cisco AnyConnect VPN, you may encounter various status displays that indicate the connection status. Here are some common status displays and their meanings:

1. Connected: The VPN connection is established successfully. You will see the AnyConnect logo with a small lock in your menu bar.
2. Disconnected: The VPN connection is terminated. You will see the AnyConnect logo without the lock in your menu bar.
3. Connecting: The VPN client is attempting to establish a connection. You will see a spinning wheel or progress bar indicating the connection process.
4. Failed to Connect: The VPN client failed to establish a connection. You will see an error message indicating the reason for the failure (e.g., invalid connection entry name, invalid TCP port, etc.).
5. Authentication Failed: The VPN client failed to authenticate with the server. You will see an error message indicating that the username or password is incorrect.
6. Certificate Errors: The VPN client encountered issues with the SSL/TLS certificate. You will see an error message indicating that the certificate is invalid or not trusted.

Troubleshooting Common Issues

1. Invalid Connection Entry Name: If you encounter an error message stating "Invalid Connection Entry name," check that the connection entry name does not contain any invalid characters (e.g., spaces, special characters).
2. Invalid TCP Port: If you encounter an error message stating "Invalid TCP port specified," ensure that the TCP port number is within the valid range (usually 1024 to 65535).
3. No Hostname Exists for This Connection Entry: If you encounter an error message stating "No hostname exists for this connection entry," ensure that a hostname or IP address is specified in the connection entry.
4. Group Passwords Do Not Match: If you encounter an error message stating "Group passwords do not match," ensure that the group authentication password fields contain the same values.
5. Unable to Update Start Before Logon Setting: If you encounter an error message stating "Unable to update Start Before Logon setting," check that the file attributes of vpnclient.ini are not set to read-only and that there are no issues with the file system.
6. GI_VPNStop Failed: Unable to Disconnect: If you encounter an error message stating "GI_VPNStop failed. Unable to disconnect," check that the VPN service/daemon is running and that communication with it has not failed.
7. Service/daemon is Not Running: If you encounter an error message stating "Service/daemon is not running," ensure that the VPN service/daemon is running and that it can establish/terminate VPN connections via the GUI.
8. IPC Socket Allocation Failed: If you encounter an error message stating "IPC socket allocation failed," check that there are no issues with the IPC (Inter-Process Communication) sockets.

Customizing the VPN Portal

Sometimes, you might want to customize the default webVPN portal to show specific information or messages. However, this customization can sometimes appear in the AnyConnect client as well, which might not be desirable. Here’s how you can avoid this:

1. Use Profile Editor: Use the profile editor to correct the syntax of the format. This can help in ensuring that the customization is only applied to the webVPN portal and not to the AnyConnect client.
2. Specify Login Message: If you want to specify a login message instead of the HTML generated by the webVPN, you need to ensure that the profile is correctly configured. The error you see on the AnyConnect client usually means that something is wrong with your profile, not with the webVPN.

By following these guidelines, you can ensure seamless and secure VPN connectivity using Cisco AnyConnect.