Viewable by the world

Purpose of Knowledge Article:

Resolution:

There are 3 ways you can switch to VPN with MFA

1Open up your current Cisco VPN

2Type in "mfavpn.lbl.gov"
3Click Connect
4Type in your Berkeley Lab Identity credential and click Log in

5Type in your MFA token and click Log in

6
  • The next time you will see LBL-MFA-VPN as an option and that is the one you want to use going forward.
  • You may need to click on the drop-down list arrow to see LBL-MFA-VPN.

1Go to the website https://mfavpn.lbl.govno image
2Click Continue

3Click Instructions and follow the instructions

Select the instruction for your operating system:

Uninstall Cisco VPN client
    1

    Click on the Start Menu and locate Cisco AnyConnect Secure Mobility Client

    2 Right-click on Cisco AnyConnect Secure Mobility Client and select Uninstall

    3

    Programs and Features window will open

    1. locate and select Cisco AnyConnect Secure Mobility Client
    2. Click Uninstall

    4 Click YES and follow the on-screen instruction to uninstall the software

    Click on the link you want to see more:

    • Make sure you quite the Cisco VPN software first, if it is still running.
    1

    Open up the Application folder

    2 Locate and open the Cisco folder

    3 Double click Uninstall AnyConnect icon and follow the on-screen prompts to uninstall the software

    Only use this method if you have already tried method 1 and it failed.

    1 Open the Utilities folder

    2 Launch the Terminal application

    3 Type or copy and paste the following shell script and hit the return key on the keyboard to run it:

    sudo /opt/cisco/anyconnect/bin/vpn_uninstall.sh

    Additional Resouces:

    Select the instruction for your operating system:

    Install Cisco VPN client

      How to install VPN on Windows

      1

      Got to software.lbl.gov  and download the latest version of Cisco VPN on available for Windows version you are using under the Current Releases section


      2

      Launch the installer file you just downloaded and follow the on screen instruction to install Cisco VPN

      Note: Be sure to answer Yes to the software agreement and answer Yes to allow the installer to make change to the computer

      3

      Start the application by going to Windows logo-> All apps-> Cisco-> Cisco AnyConnect Secure Mobility Client


      4 Enter your LDAP username and password to connect

      How to install VPN on Mac

      1

      Got to software.lbl.gov  and download the latest version of Cisco VPN on available for macOS version you are using under the Current Releases section

      2

      Launch the installer file you just downloaded and double-click on AnyConnect.pkg

      WARNING: If you get a prompt from the Mac Gatekeeper that looks like this:

      If you do, click ok and right click or control button + mouse click on AnyConnect.pkg. Select "Open With" and then "Installer (default)":

      Click Open and continue with the instruction:

      3

      Follow the on-screen instructions to install Cisco VPN. When prompted for credentials, enter your Mac login name and password and click Install Software

      Note: Be sure to answer Yes to the software agreement

      4 Go to Launchpad or Application Folder and click on the Cisco logo to start the application

      5 Enter your LDAP name and password to connect

      How to install VPN on BigSur M1 Chip


      1

      Login to https://software.lbl.gov with your Berkeley Lab Identity

      2

      Using the search box on the left column, search for VPN and click on the result Cisco VPN

      3 Under the Current Releases section, look for Cisco VPN for macOS and download it

      4

      Double click on the downloaded file and follow the onscreen instruction to install Cisco VPN

      WARNING: If you get a prompt from the Mac Gatekeeper that looks similar to this:


      1. Click OK and right click or control button on keyboard + mouse click on AnyConnect.pkg. Select Open With and then Installer (default):


      2. Click Open on the next popup and continue with the instruction:

      5

      Continue to follow the onscreen instruction. Be sure to Agree to the license agreement. Enter the computer password when prompt, and then click Install software


      6

      You will see the Attention Required popup window, click Open Preferences and select Security & Privacy.

      Click on the padlock icon on the bottom left corner and enter your computer password and then click Unlock to unlock it.


      7

      Under the General tab, towards the bottom, you should see System software form application "Cisco AnyConnect Socket Filter" was blocked from loading and an Allow button to the right. Click Allow


      8

      Select Allow to next popup you see

      You may see two popups, select Allow to them both





      9 Select allow on the notification

      10

      Close the window and then click Move to trash

      11

      You should now see Cisco VPN in your Application folder on your computer. Launch it and enter your LBL LDAP credential connect to the Lab's network

      How to install VPN on BigSur Intel Chip


      1

      Login to https://software.lbl.gov with your Berkeley Lab Identity

      2

      Using the search box on the left column, search for VPN and click on the result Cisco VPN

      3 Under the Current Releases section, look for Cisco VPN for macOS and download it

      4

      Double click on the downloaded file and follow the onscreen instruction to install Cisco VPN

      WARNING: If you get a prompt from the Mac Gatekeeper that looks similar to this:


      1. Click OK and right click or control button on keyboard + mouse click on AnyConnect.pkg. Select Open With and then Installer (default):


      2. Click Open on the next popup and continue with the instruction:

      5

      Continue to follow the onscreen instruction. Be sure to Agree to the license agreement. Enter the computer password when prompt, and then click Install software


      6

      You will see the Attention Required popup window, click Open Preferences and select Security & Privacy.

      Click on the padlock icon on the bottom left corner and enter your computer password and then click Unlock to unlock it.


      7

      Under the General tab, towards the bottom, you should see System software form application "Cisco AnyConnect Socket Filter" was blocked from loading and an Allow button to the right. Click Allow


      8

      Select Allow to next popup you see

      You may see two popups, select Allow to them both





      9 Select allow on the notification

      10

      Close the window and then click Move to trash

      11

      You should now see Cisco VPN in your Application folder on your computer. Launch it and enter your LBL LDAP credential connect to the Lab's network



      How to install VPN on Chromebook

      1

      Sign in to your Chromebook, and click the Launcher


      The launcher looks like this in your taskbar:

      2

      Click on Web Store (click All Apps if Web Store does not show)

      3 Type anyconnect in the search box

      4 Cisco AnyConnect will appear under Apps. Click Add To Chrome

      5 Review the requested permissions, and Click Add app

      6

      Visit Cisco VPN on software.lbl.gov

      Download the Cisco VPN AnyConnect - LBNL Profile Only.

      Save it in your Downloads folder

      7 Go to Launcher-> AnyConnect

      8 Click on Settings tab-> Import Profile

      9 Select LBNLprofilev24.xml and click Open

      10 Click on Connections tab and there should be LBL-VPN-v2.4 under Connections

      11 Click on Status Area at bottom right and VPN disconnected should be on the list

      12
      1. Click on VPN disconnected to open the list of available VPN connections
      2. Select LBL-VPN-v2.4

      13 Enter your LDAP name and password to connect

      How to install VPN on iPhone

      1

      Get the AnyConnect client software from the Apple Store:

      https://apps.apple.com/us/app/cisco-anyconnect/id1135064690

      2 Click Install:

      3 Click Allow:

      4
      1. Click Connections
      2. Click Add VPN Connection...

      5 Add mfavpn.lbl.gov as the server address:

      6 Allow AnyConnect to Add VPN Configurations:

      7 Click the mfavpn.lbl.gov connection:

      8 Click the On/Off radio button to the right of AnyConnect VPN:

      9 Enter your LDAP(Berkeley Lab ID) username and password:

      10 Accept the Banner:

      11 Click OK on the verification that security policies were applied:

      12 The VPN connection can now also be managed using the Settings app, under VPN

      How to install VPN on Android

      1 Download and Install the AnyConnect client software from the Google Play Store (or equivalent).

      2 Launch the AnyConnect application by pressing Open.

      3 Read and accept the End User Licence Agreement (IMPORTANT:READ CAREFULLY) by scrolling through and pressing OK

      4 Press Add New VPN Connection.

      5 In the server address field, type vpn1.lbl.gov then press OK

      6 Return to main AnyConnect screen and select the newly created profile to connect.

      7

      Log in using your LDAP username and password then press Connect.

      8 Please Respond to Banner by pressing Accept.

      9 AnyConnect status will show as On and vpn1.lbl.gov will show under Connections. (Description name might show instead if you used the optional description name).



      How to install VPN on Centos

      1

      Download and open the Linux version of Cisco VPN on software.lbl.gov


      2

      Click the Extract button

      An Extract window appears. Select where you want the extracted folder to go and click OK

      3

      Open Konsole (under Applications→ System) or another terminal emulator.

      From the terminal emulator, go inside the vpn directory under the anyconnect-4.x.xxxxx directory (where the folder was extracted in Step 9) and execute the installation script as root: # ./vpn_install.sh

      Accept license agreement

      After installation is done, type exit twice to close the terminal emulator

      4

      Go to Applications→ Internet→ Cisco AnyConnect Secure Mobility Client→ Cisco AnyConnect Secure Mobility Client to start the client

      If the application does not start (the icon bounces for a bit and goes away), bring up a terminal emulator and install these two items:

      yum install epel-release

      yum install pangox-compat


      5 Launch Cisco AnyConnect Secure Mobility Client again. Enter your LDAP name and password to connect

      How to install VPN on Ubuntu

      1

      Download and open the Linux version of Cisco VPN on software.lbl.gov               

      2

      Click the Extract button

      An Extract window appears. Select where you want the extracted folder to go and click Extract

      Open Terminal or another terminal emulator

       

      3

      From the terminal emulator, go inside the vpn directory under the anyconnect-4.x.xxxxx directory (where the folder was extracted) and execute the installation script as root: # ./vpn_install.sh

      Accept license agreement

      After installation is done, type exit twice to close the terminal emulator

      4

      Launch Cisco AnyConnect Secure Mobility Client

      If the application does not start, bring up a terminal emulator and you may need to install the following packages:

      apt-get install libpangox-1.0-0

      apt-get install libpangoxft-1.0-0

      sudo apt-get install -y libwebkit2gtk-4.0-37


      If the application still does not start, install the following packages:

      sudo add-apt-repository deb http://gb.archive.ubuntu.com/ubuntu jammy main

      sudo apt update

      sudo apt install libwebkit2gtk-4.0-dev



      5 Enter your LDAP name and password to connect

      Troubleshooting

      Problem When using Ubuntu version 18.04 or 19.10, Cisco Anyconnect VPN disconnects, and you are unable to reconnect.
      Explanation This issue is caused when DHCP attempts to renew the lease of the IP address attached to the device that you are using.  The renew process happens every 10 to 15 minutes for wireless devices and every 11 hours for wired devices.
      Fix

      Go to Settings and the scroll down to Privacy.  Once in the Privacy section, turn off Connectivity Checking.