installation guide anyconnect on windows

INSTALLATION GUIDE ANYCONNECT ON
WINDOWS WORKSTATIONS
This document is the user guide for implementing and configuring
the Cisco Anyconnect software client under Windows platform.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
CONTENTS
INSTALLATION GUIDE ANYCONNECT ON WINDOWS WORKSTATIONS........................ 1
CONTENTS ......................................................................................................................................................... 2
1
INTRODUCTION...................................................................................................................................... 3
2
SOFTWARE DOWNLOAD .................................................................................................................... 4
3
MOBILE CONNECTIVITY SOFTWARE INSTALLATION .................................................... 5
4
MOBILE CONNECTIVITY INSTALLATION ON PANASONIC CF-19 .............................. 6
5
PRE INSTALLATION CHECKS ........................................................................................................ 13
6
INSTALLATION OF THE ANYCONNECT SOFTWARE CLIENT ....................................... 14
7
CISCO ANYCONNECT PARAMETERS .......................................................................................... 17
7.1 EAP-MD5 AUTHENTICATION METHOD USING USERNAME AND PASSWORD .................................... 17
7.1.1
Profile setup ................................................................................................................ 17
7.1.2
Setup the VPN connection ..................................................................................... 19
7.2 RSA-SIG AUTHENTICATION METHOD USING A CERTIFICATE ........................................................... 22
7.2.1
Profile setup ................................................................................................................ 22
7.2.2
Download the certificate. ....................................................................................... 25
7.2.3
Certificate installation ............................................................................................. 27
7.2.4
Installation of the certificate on machine level............................................ 31
8
SETUP THE CONNECTION ............................................................................................................... 35
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
1 INTRODUCTION
The Astrid MVNO project will allow all Blue Light services (Police, Fire, ...) to access
their application using a mobile terminal. Applications are stored in an Astrid
Datacenter
This document is a user guide for an Astrid MVNO user using a Windows PC device.
The prerequisites before implementing and configuring the software are:

The setup file for installing Anyconnect

The profile xml file to setup the connection with Astrid VPN device

If needed the certificate for RSA authentication
This procedure was performed and validated in collaborative teams ASTRID and
Airbus Defense & Space.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
2 SOFTWARE DOWNLOAD
All the files needed for the installation can be downloaded from the site
ftp.astrid.be.
Remark: You must use a FTP software like Filezilla to download the files!
Don’t use your Web browser to do this.
The Filezilla client can be downloaded from the internet at:
https://filezilla-project.org/
The login and password to access the ftp server can be found in the mail sent to
you by ASTRID.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
3 MOBILE CONNECTIVITY SOFTWARE
INSTALLATION
In order to be able to connect to the mobile network a 3G/4G modem needs to be
installed together with its appropriate software.
Refer to the installation guide of your connectivity device for proper installation.
Setting that need to be adjusted during the installation of the software are:
In the profile management tab:
-
APN: blm.astrid.be
-
Authentication: CHAP but no username or password are needed.
-
If the application requires this information, roaming should be enabled.
-
Network registration mode should be left on automatic.
Check if you are able to connect to the mobile network.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
4 MOBILE CONNECTIVITY INSTALLATION ON
PANASONIC CF-19
1) Check if your CF-19 is equipped with a 3G modem.
-
On the bottom of the device you can find the MODEL NO. With this
MODEL NO. Your local reseller should be able to tell you whether your
device is equipped with a 3G modem.
-
If there is a label on the bottom of the device showing an IMEI code,
there’s is a large chance your device is equipped with a 3G modem.
2) Enable the wireless device by putting the switch located on the left side of
the device in the ON position.
3) Put your SIM card into the slot at the back of the device.
4) If the Wireless Wan Manager is not already installed on your computer,
download the file:
WirelessWANManagerUtil_V7.1.0.2_52V_W764_ss11636.exe and install it.
(You can download this file from the ftp.astrid.be site, see chapter 2 )
5) Start the Wireless WAN Manager.
6) The Wireless WAN Manager will detect your SIM card and ask to enter the
PIN code.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
7) Once you entered the PIN code you will have to configure the Wireless WAN
Manager by going to the “Settings” pane
8) In the “Settings” pane, check the “Launch Wireless Manager at
Windows startup” button and click on the Advanced button.
9) If a windows pups up with the message: “Foreign network detected”,
just click on Yes and continue with the setup.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
10) In the advanced setting, go to the Profiles pane, select “Manual
selection” and click on the New… button to make a new profile.
11) Give the new profile the name BLM, and assign it the APN name
blm.astrid.be. Dummy username and password can be used e.g. test/test
as these are not checked by the system.
12) In the Protocols pane select CHAP as authentication protocol and SAVE the
profile.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
13) Again in the Advanced settings, select “Manual selection”, choose the BLM
profile, and click on Apply and Close.
14) Now you should be able to connect the
ASTRID BLM network. In the
connection pane Click on Connect to set up the PDP connection.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
15) The Wireless WAN Manager might ask you again if you want to connect to a
foreign network. You can just click on Yes. This is normal due to the fact
that ASTRID BLM is a roaming network.
16) If all settings are right, the Wireless WAN Manager should go into
“Connecting” state, and get connected.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
Congratulations! You are now connected to the ASTRID BLM network. If you have a
“Clear” SIM card, you should be now able to connect to your application(s) or
Internet, depending the access right requested for that SIM Card. If you have a
VPN SIM card, please proceed to paragraph 4 “Installation of the AnyConnect
software client”.
17) In order to turn off the wireless connection you can use the Wireless ON/OFF
switch on the left side of the device.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
5 PRE INSTALLATION CHECKS
Before installing the Cisco Anyconnect client, and especially if you’re installing on a
machine with a FEDPOL image, you should check the following:
1) Your machine is running Windows XP it should have SP3 installed.
If not, you can download the file:
WindowsXP-KB936929-SP3-x86-ENU.exe and run it.
(You can download this file from the ftp.astrid.be site, see chapter 2)
2) Check if the following services are started:
-DHCP Client
-Wireless Zero Configuration
If not, Go to Start -> Setting -> Control Panel. Double click on Administrative
Tools and double click on Services. In the Services windows locate the service
and double click it. Click on the start button to start the service and change the
Startup Type to Automatic.
3) Check if your machine has a “Verisign Class 3 Public Primary Certification
Authority - G5” certificate.
If not, you can download the file PCA-3G5.pem. (You can download this file
from the ftp.astrid.be site, see chapter 2)
To load the certificate, go to Run and type mmc and run the program.
In Console1 go to File and select Add/Remove Snap-in.
Click on the Add button.
Select “Certificates” and click on the Add button.
Select Computer account and click on the Next button.
Select Local computer and click on the Finish button.
Close the “Add standalone snap-ins:” window.
Click on the OK button in the “Add/Remove Snap in” window.
In the Console1 window you should have the tree with certificates.
Under the “Trusted Root Certificates Authorities”, right click on “Certificates”
and select “All Tasks” -> Import.
This opens the Certificate import Wizard.
Click on Next, browse to the file PCA-3G5.pem (Select All files (*.*) to see
the .pem file) and open it.
Click on Next.
In the “Certificate store” window where the proposed store is “Trusted Root
Certificate Authorities” just click on Next.
Click on Finish.
Close the Console1. (Console setting don’t need to be saved )
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
6
INSTALLATION OF THE ANYCONNECT SOFTWARE
CLIENT
The AnyConnect client is available in an install package. The installation package
has to be downloaded first. First, you need to download the setup file on your
station.
The file name is:
Anyconnect-win-3.1.04063-pre-deploy-k9.msi
( you can download this file from the ftp.astrid.be site, see chapter 2)
Launch the setup by double clicking on this file.
The following display appears, then press “Next”
Accept the term of the license and press “Next” as described below:
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
Then press Install:
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
Wait until the setup finish and press “Finish”
The software in now installed.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
7 CISCO ANYCONNECT PARAMETERS
7.1
EAP-MD5 authentication method using Username and
Password
7.1.1 Profile setup
The profile setup can be done by simply copying the profile xml file called: astrideap-sdc.xml into the appropriate directory.
(You can download this file from the ftp.astrid.be site, see chapter 2)
For Windows XP this directory is:
“C:\Documents and Settings\All users\Application data\Cisco\Cisco AnyConnect
Secure Mobility Client\Profile”
If this directory is not visible go to “My Computer”, and select Folder Options
under the Tools tab.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
Under the View tab in the “Advanced settings” the “Show hidden files and
folders” option should be selected.
Reboot your PC after copying the file.
For Windows 7 this directory is:
“C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile”
If this directory is not visible click on START and select Computer. Select
“Organize” and click on “Folders and search options” to open the Folder Option
window.
Select the “View” tab and click on the “show hidden files, folders, and drives”
option
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
Reboot your PC after copying the file in the correct directory.
7.1.2 Setup the VPN connection
On your windows screen click on “Start” and select and launch the “Cisco
Anyconnect Secure Mobility Client”
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
The following Windows appears, click on “Connect”
If the destination router “sdc-roucdcvpn01.blm.astrid does not appear in the Cisco
Anyconnect Secure Mobility Client windows you should re-check the profile setup in
4.
Enter your credentials (username and password)
Username and password are sent to you by mail.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
You are now connected to the Astrid Datacenter:
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
7.2 RSA-SIG authentication method using a certificate
7.2.1 Profile setup
The profile setup can be done by simply copying the profile xml file called: astridcert-sdc.xml into the appropriate directory.
(You can download this file from the ftp.astrid.be site, see chapter 2)
For Windows XP this directory is:
“C:\Documents and Settings\All users\Application data\Cisco\Cisco AnyConnect
Secure Mobility Client\Profile”
If this directory is not visible go to “My Computer”, and select Folder Options
under the Tools tab.
Under the View tab in the “Advanced settings” the “Show hidden files and
folders” option should be selected.
Reboot your PC after copying the file.
For Windows 7 this directory is:
“C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile”
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
If this directory is not visible click on START and select Computer. Select
“Organize” and click on “Folders and search options” to open the Folder Option
window.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
Select the “View” tab and click on the “show hidden files, folders, and drives”
option
Reboot your PC after copying the file in the correct directory.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
7.2.2 Download the certificate.
-
Connect your Windows workstation to the mobile network.
-
Go to the certificate server: http://43.16.16.37:8080/ejbca/ and click
on Create Keystore (check is your proxy setting are disabled to access
this site! )
-
In the authentication screen, enter you username and password.
Username and password are sent by mail.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
-
Click on the OK button to download the certificate on your PC. DO NOT
install it in your browser!
7.2.3 Certificate installation
Once you have downloaded the certificate file (.p12) or copied the certificate file on
your Windows workstation and double click on it. The following screen appears.
Click on “Next”
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
Validate the path to the certificate file by press “Next”
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
Enter the certificate password provided by Astrid and press “Next”
Then select the storing place for the certificate by clicking on the “Browse” button:
Store it in the personal directory by selecting Personal and press “OK”:
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
Validate with “Next”
And terminate the installation by pressing “Finish”
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
The certificate import is now done :
With this method only your user will be able to use the certificate for the VPN
connection. If you want the all users on the workstation to be able to use the VPN
connection with certificate, you will have to install the certificate on machine level
(see next chapter)
7.2.4 Installation of the certificate on machine level.
-
go to Run and type mmc and run the program.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
-
In Console1 go to File and select Add/Remove Snap-in.
-
Select “Certificates” and click on the Add button.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
Select Computer account and click on the Next button.
-
Select Local computer and click on the Finish button.
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
-
Close the “Add standalone snap-ins:” window by clicking on “Finish”.
-
In the Console1 window you should have the tree with certificates.
-
Select the Personal Certificates, go to All tasks and select Import…
-
Follow the wizard and import the .P12 certificate ( The one that was
downloaded in chapter 6.2.3)
Close the Console1 window. ( you don’t need to save the Console1 settings).
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
8 SETUP THE CONNECTION
On your windows screen click on “Start” and select and launch the “Cisco
Anyconnect Secure Mobility Client”
The following Windows appears, click on “Connect”
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be
You are now connected to the Astrid Datacenter:
ASTRID – sa de droit public – nv van publiek recht – Boulevard du Régent 54 - B-1000 Bruxelles – Regentlaan 54 - B-1000 Brussel
T +32 (0)2 500 67 11 – F +32 (0)2 500 67 10 – [email protected] – www.bluelightmobile.be