Cisco Anyconnect Keychain

Posted : admin | On 01-05-2021



Using Duo With a Hardware Token. Hardware tokens are the most basic way of authenticating. To authenticate using a hardware token, click the Enter a Passcode button. Press the button on your hardware token to generate a new passcode, type it into the space provided, and click Log In (or type the generated passcode in the 'second password' field). Using the 'Device:' drop-down menu to select. Jan 13, 2021 #!/usr/bin/env python # # This script will launch the Cisco AnyConnect Mobility Client from the # command line, and using credentials stored in the the user's Logon Keychain. Sep 16, 2019 To deploy AnyConnect from an ISE headend and use the ISE Posture module, a Cisco ISE Apex License is required on the ISE Administration node. For detailed ISE license information, see the Cisco ISE Licenses chapter of the Cisco Identity Services Engine Admin Guide. ASA Requirements for AnyConnect.

  1. Cisco Anyconnect Enter The Login Keychain Password
  2. Cisco Anyconnect Keychain App
  3. Cisco Anyconnect Updates

Cisco AnyConnect is the recommended VPN client for Mac. The built-in VPN client for Mac is another option but is more likely to suffer from disconnects.

Overview

Stanford's VPN allows you to connect to Stanford's network as if you were on campus, making access to restricted services possible. To connect to the VPN from your Mac you need to install the Cisco AnyConnect VPN client.

Two types of VPN are available:

  • Default Stanford (split-tunnel). When using Stanford's VPN from home, we generally recommend using the Default Stanford split-tunnel VPN. This routes and encrypts all traffic going to Stanford sites and systems through the Stanford network as if you were on campus. All non-Stanford traffic proceeds to its destination directly.
  • Full Traffic (non-split-tunnel). This encrypts all internet traffic from your computer but may inadvertently block you from using resources on your local network, such as a networked printer at home. If you are traveling or using wi-fi in an untrusted location like a coffee shop or hotel, you may wish to encrypt all of your internet traffic through the Full Traffic non-split-tunnel VPN to provide an additional layer of security.

You can select the type of VPN you want to use each time you connect.

Install the VPN client

  1. Download the Cisco AnyConnect installer for Mac.
  2. Double-click the InstallAnyConnect.pkg file to start the Cisco AnyConnect Installer wizard.
  3. When the Welcome window displays, click Continue.
  4. Select your hard drive as the destination where you want to install Cisco AnyConnect and then click Continue.
  5. Click Install to perform a standard installation of the software.
  6. At the prompt, enter your administrator account password for the Mac and click Install Software.
  7. When the software has finished installing, click Close.

Connect to the Stanford VPN

  1. To launch the VPN client, open your Applications folder and navigate to Cisco > Cisco AnyConnect Secure Mobility Client.app.
  2. When prompted for a VPN, enter su-vpn.stanford.edu and then click Connect.
  3. Enter the following information and then click OK:
    • Group: select Default Stanford split- tunnel (non-Stanford traffic flows normally on an unencrypted internet connection) or Full Traffic non-split-tunnel (all internet traffic flows through the VPN connection)
    • Username: your SUNet ID
    • Password: your SUNet ID password

  4. Next, the prompt for two-step authentication displays.
    • Enter a passcode or enter the number that corresponds to another option(in this example, enter 1 to authenticate using Duo Push on an iPad). You may have to scroll down the list to see all of your options. Then click Continue.
    • If your only registered authentication method is printed list, hardware token, or Google Authenticator, the menu does not display. Enter a passcode in the Answer field and click Continue.
  5. Click Accept to connect to the Stanford Public VPN service.
  6. Once the VPN connection is established, the Cisco AnyConnect icon with a small lock appears in the dock.

Disconnect from the Stanford VPN

  1. Click the Cisco AnyConnect icon with a small lock.
  2. At the prompt, click Disconnect.

Non-Stanford Devices that are managed by BigFix/VLRE and are compliant can use Cardinal Key to sign into VPN without multifactor authentication.

Note: If your device is not compliant, you will be unable to use Cardinal Key to connect to the Cisco AnyConnect VPN.

You can connect to the Stanford VPN using a Cardinal Key on your device to authenticate. This eliminates the need to enter your SUNet ID, password, and authentication method for two-step authentication.

Cardinal Key is only authorized for the Cisco AnyConnect VPN client

Cisco Anyconnect Enter The Login Keychain Password

KeychainCisco anyconnect apple keychainCisco

Two types of Cardinal Key VPN connections are available:

  • CardinalKey-VPN (split-tunnel) allows access to network resources behind the Stanford firewall via the VPN connection but non-Stanford traffic flows normally on an unencrypted internet connection.
  • CardinalKey-FullTraffic (non-split-tunnel) encrypts all internet traffic from your computer but may inadvertently block you from using resources on your local network, such as a networked printer at home. However, this also allows access to library journals as if you were on campus.

Cisco Anyconnect Keychain App

Before you begin

Make sure you have the following installed on your device:

Cisco Anyconnect Updates

Connect to the Stanford VPN using a Cardinal Key for Mac

  1. Launch the Cisco AnyConnect Secure Mobility Client.app.
    Open your Applications folder and navigate to Cisco > Cisco AnyConnect Secure Mobility Client.app.
  2. Select su-vpn.stanford.edu and then click Connect.
  3. When prompted for the keychain password, enter your computer administrator password and then click Always Allow. You may see this prompt more than once.
  4. In the Group list, select Cardinal Key-VPN or CardinalKey-FullTraffic and click OK.
  5. For macOS High Sierra (v. 10.13) and later users: You may see a System Extension Blocked message. Click OK to open the Security Preferences or navigate to System Preferences > Security & Privacy. Next to the message saying that system software from Cisco was blocked from loading, click Allow.
  6. A dialog box displays showing that the CardinalKey-VPN will be used for authentication. Click OK.
    Note: This step downloads the Cardinal Key profile for subsequent connections; it doesn't use the Cardinal Key for authentication on this connection.
  7. A notice briefly appears in the menu bar to show that you are connected to the su-vpn.stanford.edu VPN.
  8. Click Disconnect to disconnect from su-vpn.stanford.edu.
  9. From the Cisco AnyConnect client, select CardinalKey-VPN or CadinalKey-FullTraffic.
    Once you have successfully connected to the Stanford VPN using a Cardinal Key, this becomes your default setting for subsequent connections to the VPN.

  10. A notice briefly appears in the menu bar to show that you are connected to the VPN with a Cardinal Key.

Connect to the Stanford VPN without a client certificate

If you decide that you do not want to use a Cardinal Key for authentication, you can connect to the VPN using your SUNet ID and password, followed by two-step authentication. On the VPN website, see Connect to the Stanford VPN for instructions.