Purpose of Knowledge Article:
- This article guides how to switch from a VPN without MFA to a VPN with MFA.
- More about the requirement: VPN Multi-Factor Authentication Required Starting on October 11, 2022.
Resolution:
There are 3 ways you can switch to VPN with MFA
| 1 | Open up your current Cisco VPN |
|
| 2 | Type in "mfavpn.lbl.gov" | |
| 3 | Click Connect | |
| 4 | Type in your Berkeley Lab Identity credential and click Log in |
|
| 5 | Type in your MFA token and click Log in |
|
| 6 |
|
|
| 1 | Go to the website https://mfavpn.lbl.gov | no image |
| 2 | Click Continue |
|
| 3 | Click Instructions and follow the instructions |
|
Select the instruction for your operating system:
| 1 |
Click on the Start Menu and locate Cisco AnyConnect Secure Mobility Client |
|
| 2 | Right-click on Cisco AnyConnect Secure Mobility Client and select Uninstall |
|
| 3 | Programs and Features window will open
|
|
| 4 | Click YES and follow the on-screen instruction to uninstall the software |
|
Click on the link you want to see more:
- Make sure you quite the Cisco VPN software first, if it is still running.
| 1 | Open up the Application folder |
|
| 2 | Locate and open the Cisco folder |
|
| 3 | Double click Uninstall AnyConnect icon and follow the on-screen prompts to uninstall the software |
|
Only use this method if you have already tried method 1 and it failed.
| 1 | Open the Utilities folder |
|
| 2 | Launch the Terminal application |
|
| 3 | Type or copy and paste the following shell script and hit the return key on the keyboard to run it: sudo /opt/cisco/anyconnect/bin/vpn_uninstall.sh |
|
Additional Resouces:
Select the instruction for your operating system:
How to install VPN on Windows
| 1 | Got to software.lbl.gov and download the latest version of Cisco VPN on available for Windows version you are using under the Current Releases section |
|
| 2 | Launch the installer file you just downloaded and follow the on screen instruction to install Cisco VPN Note: Be sure to answer Yes to the software agreement and answer Yes to allow the installer to make change to the computer |
|
| 3 | Start the application by going to Windows logo-> All apps-> Cisco-> Cisco AnyConnect Secure Mobility Client |
|
| 4 | Enter your LDAP username and password to connect |
|
How to install VPN on Mac
| 1 | Got to software.lbl.gov and download the latest version of Cisco VPN on available for macOS version you are using under the Current Releases section |
|
| 2 |
Launch the installer file you just downloaded and double-click on AnyConnect.pkg WARNING: If you get a prompt from the Mac Gatekeeper that looks like this:
If you do, click ok and right click or control button + mouse click on AnyConnect.pkg. Select "Open With" and then "Installer (default)":
Click Open and continue with the instruction:
|
|
| 3 | Follow the on-screen instructions to install Cisco VPN. When prompted for credentials, enter your Mac login name and password and click Install Software Note: Be sure to answer Yes to the software agreement |
|
| 4 | Go to Launchpad or Application Folder and click on the Cisco logo to start the application |
|
| 5 | Enter your LDAP name and password to connect |
|
How to install VPN on BigSur M1 Chip
1 |
Login to https://software.lbl.gov with your Berkeley Lab Identity |
|
2 |
Using the search box on the left column, search for VPN and click on the result Cisco VPN |
|
| 3 | Under the Current Releases section, look for Cisco VPN for macOS and download it |
|
4 |
Double click on the downloaded file and follow the onscreen instruction to install Cisco VPN WARNING: If you get a prompt from the Mac Gatekeeper that looks similar to this:
|
|
5 |
Continue to follow the onscreen instruction. Be sure to Agree to the license agreement. Enter the computer password when prompt, and then click Install software |
|
6 |
You will see the Attention Required popup window, click Open Preferences and select Security & Privacy. Click on the padlock icon on the bottom left corner and enter your computer password and then click Unlock to unlock it. |
|
| 7 | Under the General tab, towards the bottom, you should see System software form application "Cisco AnyConnect Socket Filter" was blocked from loading and an Allow button to the right. Click Allow |
|
| 8 | Select Allow to next popup you see You may see two popups, select Allow to them both |
|
| 9 | Select allow on the notification |
|
10 |
Close the window and then click Move to trash |
|
11 |
You should now see Cisco VPN in your Application folder on your computer. Launch it and enter your LBL LDAP credential connect to the Lab's network |
|
How to install VPN on BigSur Intel Chip
1 |
Login to https://software.lbl.gov with your Berkeley Lab Identity |
|
2 |
Using the search box on the left column, search for VPN and click on the result Cisco VPN |
|
| 3 | Under the Current Releases section, look for Cisco VPN for macOS and download it |
|
4 |
Double click on the downloaded file and follow the onscreen instruction to install Cisco VPN WARNING: If you get a prompt from the Mac Gatekeeper that looks similar to this:
|
|
5 |
Continue to follow the onscreen instruction. Be sure to Agree to the license agreement. Enter the computer password when prompt, and then click Install software |
|
6 |
You will see the Attention Required popup window, click Open Preferences and select Security & Privacy. Click on the padlock icon on the bottom left corner and enter your computer password and then click Unlock to unlock it. |
|
| 7 | Under the General tab, towards the bottom, you should see System software form application "Cisco AnyConnect Socket Filter" was blocked from loading and an Allow button to the right. Click Allow |
|
| 8 | Select Allow to next popup you see You may see two popups, select Allow to them both |
|
| 9 | Select allow on the notification |
|
10 |
Close the window and then click Move to trash |
|
11 |
You should now see Cisco VPN in your Application folder on your computer. Launch it and enter your LBL LDAP credential connect to the Lab's network |
|
How to install VPN on Chromebook
| 1 |
Sign in to your Chromebook, and click the Launcher |
The launcher looks like this in your taskbar: |
| 2 | Click on Web Store (click All Apps if Web Store does not show) |
|
| 3 | Type anyconnect in the search box |
|
| 4 | Cisco AnyConnect will appear under Apps. Click Add To Chrome |
|
| 5 | Review the requested permissions, and Click Add app |
|
| 6 | Visit Cisco VPN on software.lbl.gov Download the Cisco VPN AnyConnect - LBNL Profile Only. Save it in your Downloads folder |
|
| 7 | Go to Launcher-> AnyConnect |
|
| 8 | Click on Settings tab-> Import Profile |
|
| 9 | Select LBNLprofilev24.xml and click Open |
|
| 10 | Click on Connections tab and there should be LBL-VPN-v2.4 under Connections |
|
| 11 | Click on Status Area at bottom right and VPN disconnected should be on the list |
|
| 12 |
|
|
| 13 | Enter your LDAP name and password to connect |
|
How to install VPN on iPhone
| 1 | Get the AnyConnect client software from the Apple Store: |
|
| 2 | Click Install: |
|
| 3 | Click Allow: |
|
| 4 |
|
|
| 5 | Add vpn1.lbl.gov as the server address: |
|
| 6 | Allow AnyConnect to Add VPN Configurations: |
|
| 7 | Click the vpn1.lbl.gov connection: |
|
| 8 | Click the On/Off radio button to the right of AnyConnect VPN: |
|
| 9 | Enter your LDAP(Berkeley Lab ID) username and password: |
|
| 10 | Accept the Banner: |
|
| 11 | Click OK on the verification that security policies were applied: |
|
| 12 | The VPN connection can now also be managed using the Settings app, under VPN |
How to install VPN on Android
| 1 | Download and Install the AnyConnect client software from the Google Play Store (or equivalent). |
|
| 2 | Launch the AnyConnect application by pressing Open. |
|
| 3 | Read and accept the End User Licence Agreement (IMPORTANT:READ CAREFULLY) by scrolling through and pressing OK |
|
| 4 | Press Add New VPN Connection. |
|
| 5 | In the server address field, type vpn1.lbl.gov then press OK |
|
| 6 | Return to main AnyConnect screen and select the newly created profile to connect. |
|
| 7 | Log in using your LDAP username and password then press Connect. |
|
| 8 | Please Respond to Banner by pressing Accept. |
|
| 9 | AnyConnect status will show as On and vpn1.lbl.gov will show under Connections. (Description name might show instead if you used the optional description name). |
|
How to install VPN on Centos
| 1 | Download and open the Linux version of Cisco VPN on software.lbl.gov |
|
| 2 | Click the Extract button An Extract window appears. Select where you want the extracted folder to go and click OK |
|
| 3 | Open Konsole (under Applications→ System) or another terminal emulator. From the terminal emulator, go inside the vpn directory under the anyconnect-4.x.xxxxx directory (where the folder was extracted in Step 9) and execute the installation script as root: # ./vpn_install.sh Accept license agreement After installation is done, type exit twice to close the terminal emulator |
|
| 4 | Go to Applications→ Internet→ Cisco AnyConnect Secure Mobility Client→ Cisco AnyConnect Secure Mobility Client to start the client If the application does not start (the icon bounces for a bit and goes away), bring up a terminal emulator and install these two items: yum install epel-release yum install pangox-compat |
|
| 5 | Launch Cisco AnyConnect Secure Mobility Client again. Enter your LDAP name and password to connect |
|
How to install VPN on Ubuntu
| 1 | Download and open the Linux version of Cisco VPN on software.lbl.gov |
|
| 2 | Click the Extract button An Extract window appears. Select where you want the extracted folder to go and click Extract Open Terminal or another terminal emulator |
|
| 3 | From the terminal emulator, go inside the vpn directory under the anyconnect-4.x.xxxxx directory (where the folder was extracted in Step 9) and execute the installation script as root: # ./vpn_install.sh Accept license agreement After installation is done, type exit twice to close the terminal emulator |
|
| 4 | Launch Cisco AnyConnect Secure Mobility Client If the application does not start, bring up a terminal emulator and you may need to install the following packages: apt-get install libpangox-1.0-0 apt-get install libpangoxft-1.0-0 sudo apt-get install -y libwebkit2gtk-4.0-37 |
|
| 5 | Enter your LDAP name and password to connect |
|
Troubleshooting
| Problem | When using Ubuntu version 18.04 or 19.10, Cisco Anyconnect VPN disconnects, and you are unable to reconnect. |
| Explanation | This issue is caused when DHCP attempts to renew the lease of the IP address attached to the device that you are using. The renew process happens every 10 to 15 minutes for wireless devices and every 11 hours for wired devices. |
| Fix |
Go to Settings and the scroll down to Privacy. Once in the Privacy section, turn off Connectivity Checking. 
|
