• Cisco Anyconnect 4.2 Compatibility Matrix
• Cisco Anyconnect 4.2

Cisco AnyConnect VPN 4.2 is a program by the software company Cisco Systems, Inc. Sometimes, computer users decide to erase this application. This can be hard because doing this by hand requires some skill related to removing Windows programs manually. Download the Cisco AnyConnect VPN for Windows installer. Double-click the InstallAnyConnect.exe file. When a message saying the Cisco AnyConnect client has been installed, click OK. Connect to the Stanford VPN. Launch the Cisco AnyConnect Secure Mobility Client client.

Overview

When using a Cisco ASA with the AnyConnect VPN Client software in some instances it is useful to assign the same static IP address to a client whenever they connect to the VPN. Within Active Directory you can configure per user a static IP address and use this IP address whenever the user connects to the VPN. The RADIUS Server (in this instance Cisco ISE 2.0) can be configured to query the attribute in AD which is the” msRADIUSFramedIPAddress” value and assign to the client whenever they connect.

This post only describes configuring a static IP address on a Cisco AnyConnect Remote Access VPN. Refer to the following posts for more detail instructions on how to configure ASA Remote Access VPN and integrated with Cisco ISE for authentication:
ASA AnyConnect SSL-VPN
ASA AnyConnect IKEv2/IPSec VPN

Software/Hardware Used:

Windows 7 SP1 (Client)
Windows 2008 R2 (Active Directory Domain Controller)
Cisco ISE 2.0 (RADIUS Server)
Cisco ASAv v9.6(1)
Cisco AnyConnect Client 4.2.01022

Cisco ASA Configuration

• Modify the existing IP Address Pool to decrease the number of IP addresses, leaving space at the end of the range (or beginning) to be used for statically assigned IP addresses.

AD Account Modification

• Select a test account within AD
• Modify the properties of the test account; select the “Dial-in” tab

• Tick the “Assign Static IP Address” box
• Click the “Static IP Address” button
• Tick “Assign a static IPv4 address” box and enter and IP address from within the IP address range defined on the Cisco ASA appliances

• Click “OK” to complete the configuration

Cisco ISE Configuration

Add AD Attribute

• Modify the configuration of the existing Active Directory External Identity Source and select Edit

• Click “Attributes” tab
• Click “Add” > “Select Attributes from Directory”
• Enter the name of the test user previously modified to add the Static IP address and select “Retrieve Attributes”

• Ensure you tick the box “msRADIUSFramedIPAddress” and click “Ok”

IMPORTANT – If you do not previously assign as static IP address to the user account you are using to query AD for the list of attributes the “msRADIUSFramedIPAddress” will not be in the list to select.

• Edit the attribute “msRADIUSFramedIPAddress” and change the “Type” value from STRING to IPv4

• Click “Save”

Create Authorization Profile

• Create a new “Authorization Profile” called “Static-VPN-IP-Address” – Policy > Policy Elements > Results > Authorization > Authorization Profiles
• In the Advanced Attributes Settings add a new value for “Radius:Framed-IP-Address” and equals the “msRADIUSFramedIPAddress” value previously added
  

  
  

NOTE – “LAB_AD” will equal the name of YOUR Active Directory

Modify Policy Set

• Modify the existing Policy and the “Static-VPN-IP-Address” Authorization Profile

Test AnyConnect VPN Client

• Log in to the VPN using the test client, once successfully authenticated you can check to see if the client has been assigned the correct IP address

• Within the RADIUS authentication logs double check to confirm the Framed-IP-Address value was used

Repeating the test for a user that does NOT have a static IP address assigned with in AD continues to work and an IP address is assigned from configured IP Address Pool on the ASA.

Topics Map > Networking > Virtual Private Networking (VPN)

This page contains links to download and installation instructions for VPN software for Android tablets, smartphones, and ereaders.

On This Page

University of Illinois students, faculty, and staff can use these directions to set up their Android devices, including some Amazon Kindles, to connect to the Virtual Private Network (VPN).

If you have a guest account, Technology Services recommends IllinoisNet Wireless for on-campus use. The VPN is most useful for off-campus use.

Note: General guidelines below

Because there are so many variations in Android device interfaces, the specific sequence required for your particular device may not be described here. University community members can contribute their specific experiences with their devices at Community-developed VPN configurations.

The images below were taken on Android 4.4.2 KitKat; your interface may vary.

Installing the VPN app

• Kindle owners: Use the Amazon Kindle store.
• All other Android owners (including Chromebooks): Use the Google Play Store.

NOTE: The AnyConnect client is not compatible with all Android devices; the Play Store and Kindle Store will inform you if your particular device isn't compatible.

When installing, you'll be prompted to agree to the permissions that AnyConnect needs, including network and phone access.

Configuring the VPN app

After you've installed the AnyConnect app on your Android or Kindle, there may be a new AnyConnect icon on your home screen, or you may need to look through All Applications to find it.

(Note that on other operating systems, you may be used to looking under 'Cisco AnyConnect' to find the VPN app; on Android it appears as 'AnyConnect'.)

1. Launch the AnyConnect app.
   
2. If prompted with an End User License Agreement (EULA), tap to accept it.
   
   
   
   
3. Tap Add VPN Connection...
   
4. In the Connection Editor, enter the following:
   • Description: Urbana VPN
   • Server address: vpn.illinois.edu
     • (vpn.cites.illinois.edu will still work)
5. Tap Done.
   This will save the configuration for future use.
   
   
   

Logging in

1. Whenever you want to use the VPN software, tap on it it from your home screen.
   (If the Cisco AnyConnect icon isn't visible on your home screen, use All Applications to find it.)
   
2. Under Choose a Connection, select the Urbana VPN entry.
   
3. You'll be prompted to enter the following information.
   • Group: 1_SplitTunnel_Default
     (Note: This is the most common choice. See About VPN Profiles for information about the alternatives, such as Tunnel All for access to library resources.)
   • Username: Your NetID
     (or, if you're a guest, your guest ID)
   • Password: Your Active Directory password
     (or, if you're a guest, your guest password)
   • Tap OK.
4. 
   
   
   
5. 
   
6. If asked whether you trust this app to make a VPN connection, check I trust this application and tap OK.
   
7. 
   
8. When you've connected, the On/Off toggle will show as On and the status will say Connected to Tech Services VPN.
   

At this point, you can return to your Home screen and use your other apps as needed.

Disconnecting

When you're done using the VPN connection, disconnect it.

1. Tap the Cisco AnyConnect app icon.
2. Slide the AnyConnect VPN switch from On to Off.

Troubleshooting and the Statistics and Details screens

The Cisco AnyConnect VPN client gathers information that can help you with troubleshooting speed or connectivity issues. It may be helpful to open the Statistics and/or Details screens while troubleshooting with the Help Desk.

To open the Statistics window:

1. Click the app menu icon.
   
2. Click Statistics.
   
   
   

The Details button at the bottom of the Statistics screen provides additional connection information.

Cisco Anyconnect 4.2 Compatibility Matrix

More help

Cisco Anyconnect 4.2

For more help, contact the Help Desk.