If you’re using a Firepower Threat Defense (FTD) device, running FTD version 6.5 or later, for configuring Remote Access Virtual Private Network (RA VPN), you can use the RA VPN wizard in CDO to upload AnyConnect software packages to the FTD. In the RA VPN wizard, you must provide the URL of the remote HTTP or HTTPS server where the AnyConnect packages are preloaded.
The AnyConnect packages are added to the RA VPN configuration. Continue to Create an RA VPN Configuration from step 6 onwards. To complete a VPN connection, your users must install the AnyConnect client software on their workstation. For more information, see How Users Can Install the AnyConnect Client Software. AnyConnect is a software platform for smart cameras that are aware of and react to their surroundings. The AnyConnect platform enables the design, development, and deployment of smart cameras at scale. Open Source Software Licenses used in Cisco AnyConnect Enterprise Application Selector, Release 1.0 (PDF - 797 KB) Open Source Software Licenses used in Cisco AnyConnect Secure Mobility Client, Release 4.0 for Mobile (PDF - 899 KB) Design. Design Guides; AnyConnect VPN. Other AnyConnect modules that do not require additional server support can be used as well. This module must be deployed and configured separately as the MX does not support web launch, client software deployment, or update at this time. See AnyConnect on ASA vs. MX for more details. AnyConnect is a software platform for smart cameras such as bodycams, dashcams, and security cameras. Our platform enables deep learning, computer vision, and sensor fusion, in a secure manner over wireless networks.
Note: You can upload the AnyConnect package using the FDM API procedure as well.
Before you Begin
Make sure that you download the 'AnyConnect Headend Deployment Package' for your desired operating systems. Always download the latest AnyConnect version, to ensure that you have the latest features, bug fixes, and security patches. Regularly update the packages on the device.
Note You can upload one AnyConnect package per Operating System (OS): Windows, Mac, and Linux. You cannot upload multiple versions for a given OS type.
- Download the AnyConnect packages from https://software.cisco.com/download/home/283000185.
- Make sure you accept the EULA and have K9 (encrypted image) privileges.
- Select the 'AnyConnect Headend Deployment Package' package for your operating system. The package name will be similar to 'anyconnect-win-4.7.04056-webdeploy-k9.pkg.' There are separate headend packages for Windows, macOS, and Linux.
- Upload the AnyConnect packages to a remote HTTP or HTTPS server. Ensure that there is a network route from the FTD device to the HTTP or HTTPS server.
Important: If you are uploading the AnyConnect package to an HTTPS server, ensure that the following steps are performed:- Upload the trusted CA certificate of that server on the FTD device from Firepower Device Management (FDM). To upload the certificate, see the 'Uploading Trusted CA Certificates' section in the 'Certificates' chapter of Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version X.Y.
- Install the trusted CA certificate on the HTTPS server.
- The remote server's URL must be a direct link without prompting for authentication. If the URL is pre-authenticated, the file can be downloaded by specifying the RA VPN wizard's URL.
- If the remote server IP address is NATed, you have to provide the NATed public IP address of the remote server location.
Upload new AnyConnect Packages
Use the following procedure to upload to new AnyConnect packages to an FTD Version 6.5.0 device:
- Create an RA VPN Configuration from steps 1-4.
- In the AnyConnect Package Detected, you can upload separate packages for Windows, Mac, and Linux endpoints.
- In the corresponding platform field, specify the server's paths where the AnyConnect packages compatible for Windows, Mac, and Linux are pre-uploaded.
Examples of server paths: 'http://<ip_address>:port_number/<folder_name>/anyconnect-win-4.8.01090-webdeploy-k9.pkg',
'https://<ip_address>:port_number/<folder_name>/anyconnect-linux64-4.7.03052-webdeploy-k9.pkg'. - Click to upload the package. CDO validates if the path is reachable, and the specified filename is a valid package.
When the validation is successful, the names of the AnyConnect packages appear.
As you add more FTD devices to the RA VPN configuration, you can upload the AnyConnect packages to them. - Click OK. The AnyConnect packages are added to the RA VPN configuration.
- Continue to Create an RA VPN Configuration from step 6 onwards.
To complete a VPN connection, your users must install the AnyConnect client software on their workstation. For more information, see How Users Can Install the AnyConnect Client Software.
Replace an Existing AnyConnect Package
If the AnyConnect packages are already present on the devices, you can see them in the RA VPN wizard. You can see all the available AnyConnect packages for an operating system in a drop-down list. You can select an existing package from the list and replace it with a new one but can't add a new package to the list.
Note: If you want to replace an existing package with a new one, ensure that the new AnyConnect package is uploaded already to a server on the network that the FTD can reach.
- In the CDO navigation bar at the left, click VPN > Remote Access VPN.
- Select the RA VPN configuration to be modified, and under Actions, click Edit.
- In AnyConnect Packages Detected, click icon appearing beside the existing AnyConnect package. If there are multiple versions of AnyConnect package for an operating system, select the package you want to replace from the list and click Edit.
The existing package disappears from the corresponding field. - Specify the server's path where the new AnyConnect package is preloaded and click to upload the package.
- Click OK. The new AnyConnect package is added to the RA VPN configuration.
- Continue to Create an RA VPN Configuration from step 6 onwards.
Delete the AnyConnect Package
Cisco Anyconnect Software
- In the CDO navigation bar at the left, click VPN > Remote Access VPN.
- Select the RA VPN configuration to be modified, and under Actions, click Edit.
- In AnyConnect Packages Detected, click icon appearing beside the AnyConnect package that you want to delete. If there are multiple versions of AnyConnect package for an operating system, select the package you want to delete from the list.
The existing package disappears from the corresponding field.
Note: Click Cancel to stop the delete operation and retain the existing package, - Click OK.The device's Configuration Status is in 'Not Synced' state.
Note: If you want to undo the delete action at this stage, go to Device & Services page and click Discard Changes to retain the existing AnyConnect package. - Review and deploy configuration changes to the devices.
Connect to VPN: Step 1
Open the Cisco AnyConnect application on your computer.
- In the Start menu, click All Programs > Cisco > Cisco AnyConnect Secure Mobility Client
- Click the Cisco AnyConnect Secure Mobility Client to launch the application.
Step 2
Type in vpnconnect.rochester.edu then click Connect.
Step 3
Enter your NetID and password. In the Duo Method box, enter one of the following commands to indicate how you would like to authenticate with Duo two-factor authentication:
- push – Receive a push notification in the Duo Mobile app on your smart phone or tablet.
- sms – Receive an authentication passcode via text message on your mobile phone. Once you have received the text message, re-enter your NetID and password on the VPN login screen, then enter the passcode in the Second Password field.
- phone – Receive a phone call—you must press a key to verify you received the call.
- alternate device – Add a number to the end of the command you enter in the Duo Method field (e.g. push2, phone3)
Step 4
Click OK, then authenticate through Duo on your device.
When you are connected, you will see the VPN icon (a gray circle and a gold lock) in your system tray.
Disconnect from VPN
Anyconnect Software Download
Click the Cisco AnyConnect VPN Client icon in your system tray.
Anyconnect software, free download
Click Disconnect.