29-04-2021

Cisco Anyconnect Full Tunnel



  1. Cisco Anyconnect Full Tunnel Nat
  2. Install Cisco Anyconnect Vpn
  3. Cisco Tunnel Commands

Author Sergei Posted on February 25, 2016 May 20, 2016 Categories Cisco, SSL, VPN Tags anyconnect, cisco, full-tunnel, ssl, vpn Leave a Reply Cancel reply Your email address will not be published. From your device launch the Cisco AnyConnect client. At 'Ready to Connect', enter vpn.niu.edu and click Connect.You must select the group first. This box will appear behind the sign in page.

Anyconnect
Launch VPN Service

NIU's Virtual Private Network (VPN) service allows current faculty, staff, and students to login and then send and receive data securely across public networks. Several enterprise applications at NIU, including PeopleSoft, Cascade, etc., require VPN access from off-campus. All NIU employees and students, however, are encouraged to use NIU's VPN service to access NIU data and applications whenever they are away from the campus network and especially when traveling. (See Information Security Guidelines for Travel).

How to use NIU's VPN Service (most common option)

  1. To download Cisco AnyConnect, you will need to click https://vpn.niu.edu and choose the Group for the access you require. Login with your NIU AccountID@mail.niu.edu and password. You will be required to verify your account before moving forward.
    • Most faculty and staff will already have this client on their NIU-managed desktop/laptop. Others will have the opportunity to download and install the client at this point.
  2. From your device launch the Cisco AnyConnect client. At 'Ready to Connect', enter vpn.niu.edu and click Connect.
  1. **You must select the group first. This box will appear behind the sign in page.
    When prompted for Group, choose the Group for the access you require. For general campus access please choose NIU_Split_Tunnel_VPN or NIU_Full_Tunnel_VPN.
  1. Enter your NIU AccountID@mail.niu.edu then click next then enter your password click Sign in. You will be required to verify your account.
  2. *NOTE: This will pop-up each time you login to the VPN no matter which option you choose.
    Click Yes or No or press ENTER
  3. The AnyConnect client will then complete its connection.
  4. To disconnect, open the active AnyConnect window and click to Disconnect.

How and Why to use NIU's Split Tunnel vs NIU's Full Tunnel

NIU_Split_Tunnel_VPN option is the least secure but should be used when:

  • you trust the network you are on (e.g. your home network or a remote workplace) AND
  • you must simultaneously connect to data, devices or services (e.g. printers, file shares, etc.) on the home/remote network and to data, devices or services on NIU's network.

NIU_Full_Tunnel_VPN is the most secure and should be used when:

  • you are connecting to NIU's network from an unsecured location (e.g. local restaurant or coffee shop)
    • you will not be able to print to a wireless printer when connected to the Full Tunnel

Having Trouble?

Depending on your home network, you may not be able to connect to home devices when connected to VPN. This is especially true in 2 circumstances:

  • You use an internal DNS system
  • Your internal network uses 10.x.x.x

Cisco Anyconnect Full Tunnel Nat

Install cisco anyconnect vpnTunnel

Workarounds include:

  • Use a local hosts file
  • Use 192.168 on home network

Do not use Firefox. Details about the browser issue below:

  • The newest Firefox Version 74.0, that was Released on March 10, 2020 is NOT supported on our current Cisco AnyConnect VPN.
  • Older versions of Firefox on MAC OS have an issue with the Firefox Certificate Store. You will need to use a different browser.
Cisco anyconnect full tunnel appAnyconnect

If you are still unable to install the client or cannot successfully login, please submit an incident by clicking the red button to the left to Submit an Incident.

Introduction

This document provides some guidelines for the operation of the Anyconnect VPN client. The desktop client screenshots are from the Windows client, however the information should apply to all desktop operating systems.

Desktop: Starting a VPN session

  1. Launch the Anyconnect application.
    On Windows it will be located under Start/All Programs/Cisco/Cisco Anyconnect Secure Mobility Client. Under MacOSX it is located in the Applications Folder. Under Ubuntu Linux, it will be located in the Internet folder.It may also be launched under windows by clicking on the globe icon in the lower right hand notification area.
  2. If the client was manually installed, the 'Ready to connect' area will be blank. The first time you start the client after manually installing it, you should type 'vpn.ufl.edu' just to the rigt of the 'Ready to connect' prompt and click 'Connect.'
  3. The window will appear on the screen with the 'Ready to connect' set to 'Gatorlink VPN'. Click the 'Connect' button.
  4. A username and password fields will appear. Use your gatorlink account in the form of 'username@ufl.edu' and your gatorlink password. This will give you a Gatorlink full tunnel. For other tunnel types, please see the Tunnel Types section of this document.
    Note: If you are enrolled in 2FA (Duo), you will receive a duo prompt on your default device to complete login. Information on how to use other Duo methods is on our FAQ page.
  5. Once the connection is made, the window will minimize into the icon notification area. For Windows 7 and Vista this is typically hidden and can be displayed by clicking the up arrow in the icon notification area (bottom right of screen).

Desktop: Monitoring a VPN session

  1. To check on the status of the VPN connection, click on the icon in the notification area. A small window will appear. Click on the gear icon in the lower left corner.
  2. A window will appear which initially shows the status of the VPN tunnel. From this window, you may also click on 'Route Details' to understand what networks will take the Anyconnect VPN and what networks will not. Non secured routes are routes which will not take the VPN client. Secured routes will take the VPN client. A 0.0.0.0/0 entry means that all traffic not the in 'Non secured routes' section will take the tunnel.

Desktop: Shutting down a VPN session

  1. Follow the instructions under Monitoring a VPN session to bring up the VPN status window.
  2. Click on the 'Disconnect' button.

Install Cisco Anyconnect Vpn

Available VPN Tunnel Types

Different VPN tunnel configurations can be used to control what traffic will take the VPN tunnel. You can specify what kind of VPN tunnel you would like by simply changing the user ID that you use to log into the UF VPN service. Currently there are three tunnel configurations that are available:

Cisco Tunnel Commands

  1. Full VPN Tunnel. Using a full tunnel, all network traffic to and from the VPN client will be encrypted (including all private IP networks), with the exception of traffic to and from the 'local network'. The local network is based on the local IP address and subnet mask assigned to your computer's network interface. This is the default tunnel type, and is recommended in most instances. You will receive a full tunnel if you log into the UF VPN service with the username@ufl.edu style gatorlink ID.
  2. Campus Only VPN Tunnel. Using a campus-only tunnel, only traffic sent to and from the UF network will be encrypted (including a select group of private IP networks). All other traffic will not take the tunnel. This is the recommended tunnel type for users working from home or traveling. Note that this tunnel type does not support access to library journals and other such off campus subscription services that require a UF IP address to access. The full tunnel does support this type of access. You will receive a campus-only tunnel configuration if you log into the UF VPN service with the username@ufl.edu/campus style gatorlink ID.
  3. Departmental Tunnels. At the request of a campus department or college of reasonable size, a specific tunnel will be created for use by the members of that department or college. Members of that vpn tunnel will be placed in a known private IP subnet that is dedicated to that tunnel and will receive a custom tunnel policy. Authorization to a departmental VPN tunnel is accomplished using Active Directory objects (preferred) or a list of Gatorlink accounts. Those using AD object may manage the tunnel membership without interaction with ICT Network Infrastructure. Access to this tunnel is accomplished by using the username username@ufl.edu/[dept] where [dept] is the assigned name of the individual tunnel. This will result in a full tunnel as described above with a known private IP subnet assigned to the client. You may also use username@ufl.edu/[dept]-campus to get a Departmental Campus-Only tunnel. To request a departmental VPN tunnel, please go to my.it.ufl.edu/CherwellPortal/UFITServicePortal and fill out a request.