This article has been migrated to the Compliance SharePoint site - it is linked here for your convenience: Connecting+with+VPN+Client.doc
Thank you for your patience during the transition of all FedRAMP tagged articles to SharePoint.
...
Type of Security Control: Administrative
Purpose:
The purpose of this procedure is to define the actions to be taken to install the AnyConnect or GlobalProtect VPN Client, connect it to the firewall and disconnect from the VPN once connected.
Impact: High
Applies to: Internal | External
Description: The AnyConnect VPN client is Cisco’s next generation VPN client, providing managed firewall customers with a secure VPN connection to their environment at Databank
Applicable Compliance Statements:
- NIST SP800-53R4 IA-2
Prerequisites:
- Access to Databank Portal
- Access to AnyConnect VPN Client or GlobalProtect Client
Service Level Agreements: N/A
Process:
Installing AnyConnect VPN Client
Download the appropriate AnyConnect installer. This file will be located at https://<your_firewall_ip>. You will use the same login that is tied to your AnyConnect VPN service (ie. LDAP, Radius, etc).
Once logged in, follow the instructions for web installation.
NOTE: If you are using a Mac, we do not support using the built-in Mac VPN client. We recommend using the AnyConnect Client.
Once downloaded, run the install wizard and accept the default settings.
- End
Installing the Global Protect Client.
Connecting AnyConnect VPN Client to the Firewall
- Open the Cisco AnyConnect VPN Client.
- Enter your firewall’s name or IP Address in the Connect field.
- Click Connect.
- If you are unsure of your firewall name or IP address please contact Databank Support.
- If you receive a security alert about an untrusted connection, you have two options: Connect Anyway or Cancel Connection (or Change Setting… or Keep Me Safe depending on your version of the client).
- This warning is presented to the user as the SSL on the firewall is self-signed.
- If you have Certificate Authority issued SSL and want that applied to the firewall, please submit a ticket via the Databank Portal.
- Clicking Connect Anyway allows the connection if you are an administrator on your workstation.
- To dismiss the warning, continue to step 13.
- To remove this warning, click Cancel Connection or Change Setting.
- Go back to the first screen (see step 15) and click the gear icon in the bottom left of the interface to open the settings for AnyConnect.
- In the settings, click Preferences.
- Uncheck Block connections to untrusted servers.
- Enter the VPN Username and Password.
- Click OK.
- This is not the same password as your portal login and must be configured by Databank staff. Please contact Support if you have not been provided with a login.
- After a few moments, the AnyConnect window will minimize and you should see a padlock icon in your system tray (Windows) or dock (Mac).
- You can now connect to your internal resources using the private IP addresses.
- Contact Databank Support if you do not know the private IP addresses of your servers or you can view the private IP addresses in the Customer Portal.
- End.
Disconnect from the VPN
- Open the AnyConnect Window.
- Click VPN Disconnect.
- End.
| Page properties | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||
Owner |
TBrooks Manager of IT Support Internal IT Network Engineering VP of Network Engineering & Operations | Network EngineeringUndetermined
|