Cisco AnyConnect VPN Client
The VPN client is used for encrypted remote access to Duke resources. It provides secure, private access to Duke over public networks.
0.1. Requirements for Sociology Users
The VPN is NOT required for ...
PCs using wired connections in the Sociology/Psychology Building, the Markets & Management Office and the Social Science Research Institute when mapping to network home directory space.
PCs using Dukeblue encrypted wireless anywhere on campus when mapping to network home directory space. [This is an obvious incentive to discontinue use of unencrypted campus wireless.]
- SSH connections to Sociology Linux compute servers.
- Remote desktop connections to dedicated Windows office desktops.
The VPN IS required for ...
Mapping your Sociology network home directory to any laptop or home desktop using an off campus connection.
- Accessing protected data network resources governed by restricted data use agreements.
0.2. Affect of VPN Client on Other Network Connections
- When the VPN is connected or disconnected your IP changes. This will affect existing TCP connections such as email and SSH.
If you have an email client open before connecting the VPN, that session will be interrupted [this includes WebMail].
- If you have an active SSH session into a Sociology compute server, that session will be disconnected.
- VPN use and network drive mappings should be bracketed around other network activity to avoid broken connections.
- The sequence becomes:
- connect VPN
- map network drive
- load other network applications
- complete your work
- close out network applications
- disconnect VPN [this will also disconnect the network drive mapping]
0.3. Multi-Factor Authentication with the Duke VPN
As of February 6, 2018 Duke instituted multi-factor authentication as a requirement for use of the VPN. Details of MFA access are described in this OIT Knowledgebase article.
0.4. Installing the VPN
It is possible to perform a Java-based installation of the VPN by visiting http://portal.duke.edu. However, this method is notoriously unreliable because of frequent issues with Java. You may wish to try the portal approach first. If it does not work, use the standalone methods described below for Windows and OS X.
Once correctly installed, the VPN auto-updates. An update may require a reboot.
0.5. Windows Installation and Use of the VPN
Go to the OIT Software License site and order the VPN client software. This will take you to download page. Download the AnyConnect Client for Windows.
AnyConnect(20)VPN(20)Client/vpn1.png "vpn1.png")
Browse to the download file, which is a compressed zip folder. Right-click on the file and select the Extract all... option to unzip the folder. You are required to specify a folder destination, which can be in the same directory as the zip file. Click Extract to complete extraction.
AnyConnect(20)VPN(20)Client/vpn3.png "vpn3.png")
Open the extracted folder and double-click the application Setup icon (second from bottom below).
AnyConnect(20)VPN(20)Client/vpn4.png "vpn4.png")
In the resulting Cisco AnyConnect Secure Mobility Client Install Selector window, narrow the install modules to the three checked in the sample screen below, then click Install Selected.
AnyConnect(20)VPN(20)Client/vpn5.png "vpn5.png")
A confirmation window appears. Confirm your selections by clicking OK.
Accept the End User License Agreement (EULA).
Installation proceeds. Each module is installed separately. Installation complete is reported. Click OK to terminate the install.
Open the AnyConnect Client application. The Cisco AnyConnect Secure Mobility Client opens. If pre-configured to access the Duke VPN, click Connect.
AnyConnect(20)VPN(20)Client/vpn6.png "vpn6.png")
If the connection string is blank or Duke VPN does not work when you click Connect, type portal.duke.edu into the connection field and click Connect. This forces an explicit connection to the Duke VPN.
The credentials window also opens with group -Default-. This is the correct group for standard Sociology network connections. For other types of connections to the library or to protected data resources, you may be required to select another group. Enter your NetID and password credentials and click OK.
AnyConnect(20)VPN(20)Client/vpn7.png "vpn7.png")
Accept the legal disclaimer. The VPN will connect. Clicking the Cisco icon will display a screen confirming a connected state. When ready to disconnect the VPN, open this window and click Disconnect.
AnyConnect(20)VPN(20)Client/vpn8.png "vpn8.png")
0.6. Mac OS X Installation and Use of the VPN
Go to the OIT Software License site and order the VPN client software. This will take you to the download page. Download the AnyConnect Client for Mac OS X.
AnyConnect(20)VPN(20)Client/Screen%20Shot%202015-09-17%20at%202.06.48%20PM.png "Screen Shot 2015-09-17 at 2.06.48 PM.png")
Find the anyconnect-macosx dmg disk image file among your downloads and double-click it to open its contents. The version will vary by the current release.
AnyConnect(20)VPN(20)Client/Screen%20Shot%202015-09-17%20at%202.12.53%20PM.png "Screen Shot 2015-09-17 at 2.12.53 PM.png")
Double-click the AnyConnect.pkg package file to launch the install. The installer introduction opens. Click Continue
AnyConnect(20)VPN(20)Client/Screen%20Shot%202015-09-17%20at%202.14.05%20PM.png "Screen Shot 2015-09-17 at 2.14.05 PM.png")
Review the license agreement and click Continue. Click Agree to accept software license terms.
The Installation Type screen appears. Customize as shown below and select Continue.
AnyConnect(20)VPN(20)Client/Screen%20Shot%202015-09-17%20at%202.33.02%20PM.png "Screen Shot 2015-09-17 at 2.33.02 PM.png")
Confirm the install summary and click Install. Provide an admin password to allow the Installer to proceed, then click Install Software.
AnyConnect(20)VPN(20)Client/Screen%20Shot%202015-09-17%20at%202.33.47%20PM.png "Screen Shot 2015-09-17 at 2.33.47 PM.png")
Installation proceeds. A summary screen appears reporting successful installation. Click Close.
AnyConnect(20)VPN(20)Client/Screen%20Shot%202015-09-17%20at%202.44.38%20PM.png "Screen Shot 2015-09-17 at 2.44.38 PM.png")
Under Finder Applications, open the Cisco folder. Double-click the Cisco AnyConnect Secure Mobility Client.app.
The Cisco icon is added to the Dock and the AnyConnect client window appears. If the Duke VPN label appears in the connection field, click Connect.
AnyConnect(20)VPN(20)Client/Screen%20Shot%202015-09-17%20at%202.53.45%20PM.png "Screen Shot 2015-09-17 at 2.53.45 PM.png")
If the connection field is blank or the following response appears, type portal.duke.edu in the connection field and click Connect. The portal specification forces an explicit connection to the Duke VPN.
AnyConnect(20)VPN(20)Client/Screen%20Shot%202015-09-19%20at%207.58.27%20AM.png "Screen Shot 2015-09-19 at 7.58.27 AM.png")
The credentials window opens. Group is set to -Default-. This is the correct group for standard Sociology network connections. For other types of connections to the library or to protected data resources, you may be required to select another group. Enter your NetID and password. Click Ok.
AnyConnect(20)VPN(20)Client/Screen%20Shot%202015-09-17%20at%202.56.16%20PM.png "Screen Shot 2015-09-17 at 2.56.16 PM.png")
Accept the legal disclaimer. The VPN connection is established. Open AnyConnect to display the checkmark connection verification or to Disconnect.
AnyConnect(20)VPN(20)Client/Screen%20Shot%202015-09-17%20at%203.00.09%20PM.png "Screen Shot 2015-09-17 at 3.00.09 PM.png")