Page History

This article has been migrated to the Compliance SharePoint site - it is linked here for your convenience: Connecting+with+VPN+Client.doc

Thank you for your patience during the transition of all FedRAMP tagged articles to SharePoint.

...

Type of Security Control: Administrative 

Purpose: 

The purpose of this procedure is to define the actions to be taken to install the AnyConnect or GlobalProtect VPN Client, connect it to the firewall and disconnect from the VPN once connected.

Impact:  High 

Applies to: Internal | External 

Description: The AnyConnect VPN client is Cisco’s next generation VPN client, providing managed firewall customers with a secure VPN connection to their environment at Databank

Applicable Compliance Statements: 

• NIST SP800-53R4 IA-2

Prerequisites: 

1. Access to Databank Portal
2. Access to AnyConnect VPN Client or GlobalProtect Client

Service Level Agreements: N/A

Process:

Using Cisco Anyconnect

Installing AnyConnect VPN Client

1. Download the appropriate AnyConnect installer. This file will be located at https://<your_firewall_ip>. You will use the same login that is tied to your AnyConnect VPN service (ie. LDAP, Radius, etc). 

2. Once logged in, follow the instructions for web installation.

3. NOTE: If you are using a Mac, we do not support using the built-in Mac VPN client. We recommend using the AnyConnect Client.

4. Once downloaded, run the install wizard and accept the default settings.

5. End

Connecting AnyConnect VPN Client to the Firewall

1. Open the Cisco AnyConnect VPN Client.
2. Enter your firewall’s name or IP Address in the Connect field.
3. Click Connect.
4. If you are unsure of your firewall name or IP address please contact Databank Support.
5. If you receive a security alert about an untrusted connection, you have two options: Connect Anyway or Cancel Connection (or Change Setting… or Keep Me Safe depending on your version of the client).
6. This warning is presented to the user as the SSL on the firewall is self-signed.
7. If you have Certificate Authority issued SSL and want that applied to the firewall, please submit a ticket via the Databank Portal.
8. Clicking Connect Anyway allows the connection if you are an administrator on your workstation.
9. To dismiss the warning, continue to step 13.
10.  To remove this warning, click Cancel Connection or Change Setting.
11. Go back to the first screen (see step 15) and click the gear icon in the bottom left of the interface to open the settings for AnyConnect.
12. In the settings, click Preferences.
13. Uncheck Block connections to untrusted servers.
14. Enter the VPN Username and Password.
15. Click OK.
16. This is not the same password as your portal login and must be configured by Databank staff. Please contact Support if you have not been provided with a login.
17. After a few moments, the AnyConnect window will minimize and you should see a padlock icon in your system tray (Windows) or dock (Mac).
18.  You can now connect to your internal resources using the private IP addresses.
19. Contact Databank Support if you do not know the private IP addresses of your servers or you can view the private IP addresses in the Customer Portal.
20. End.

Disconnect from the VPN

1. Open the AnyConnect Window.
2. Click VPN Disconnect.
3. End.

Using Global Protect

Installing Global Protect VPN Client

1. Download the appropriate GlobalProtect installer. This file will be located at https://<your_firewall_ip> or https://<your_firewall_fully_qualified_name>. You will use the same login that is tied to your AnyConnect VPN service (ie. LDAP, Radius, etc).
   1. Upon entering your designated Global Protect portal address in a web browser, you may encounter an alert message. This is likely because the firewall is using a self-signed certificate, a common security measure.
   2. Select the Advanced button and proceed to the website
2. Once logged in, follow the instructions for web installation.

3. Select and download the appropriate image for your system. 

4. Once downloaded, run the install wizard and accept the default settings.

Connecting Global Protect VPN Client to the Firewall

1. Following the successful installation of the Global Protect Client VPN service, you should notice a new icon in your system's tray. Kindly click on it and ensure that your portal address is correctly entered.  input your correct portal address and proceed by selecting the 'Connect' button. This will prompt an authentication process for your service
2. If you find the portal address field to be incorrect or empty, kindly enter your firewall’s name or IP Address in the Connect field.
3. Click Connect.
4. If you are unsure of your firewall name or IP address please contact Databank Support.

5. This will prompt an authentication process for your service.

6. If you encounter any issues during this process, please do not hesitate to reach out to our dedicated support team. Operating 24/7, our support desk can be reached at (443) 266-2239, and our team stands ready to assist with any concerns or queries.

Disconnect from the VPN

1. Open the Global Protect Window from the system tray icon.
2. Click Disconnect.
3. End.