Windows Client Configuration

ATTENTION NEW STUDENTS:Incoming students who have not yet checked in on campus for the first time are not eligible for VPN service. Please request VPN service after the fall check-in date, or if you are arriving early, after you have checked in with the Registrar in person.

If you haven't already done so,go tohttp://help.caltech.eduto request VPN service.
Select request typeIMSS-->Network, Wireless & Remote Access-->VPN Request Form.


Important note for Library journal database users

Remote journal access should now be done through the Library's authenticated proxy server using your access.caltech username and password. No special URL is needed; when you visit the Library pages and click on a database link, the Library proxy server will automatically detect whether you are connecting from a campus address, and will ask for your access.caltech username and password if you are connecting from off campus. VPN is no longer necessary for Library journal database access.


Any Connect and Virtualization

Before installing the Any Connect client, please bear in mind that virtualization software presents a problem. Cisco's official position, taken from the Release Notes for the Any Connect client, is that:

"AnyConnect does not support virtualization software such as VMWare for any platform or Parallels Desktop for Mac OS."

Enterprising users may find that for particular combinations of virtualization software and operating systems Any Connect can be made to work under virtualization. Users who have the skills and fortitude to manage such configurations are welcome to use them. However, IMSS cannot insure stability and compatibility of unsupported configurations with our VPN concentrators. Also, the number of virtualization packages and operating system combinations make offering formal support impossible. Thanks for understanding.


Download, installation, and connection information:

The Cisco AnyConnect client can be installed either via a web based install process or a manual install process. You should first try the web based process to see if it works; if not you will automatically be presented with the manual install process. (N.B. we are still working on this documentation. The manual install instructions will be added soon. It is very similar to a normal Windows program install:download the executable file, run it and use the software.)

You should quit all other programs before starting this installation. You do not need to uninstall the older version VPN3000 Cisco client if you have one. The two installations do not interfere with one another, however, you can't run both at the same time.

Please note, however, there is one exception to this. If you previously logged in using the VPN3000 clientbeforeyou log on to the computer, you used a feature called Start Before Logon. You must disable this feature in the VPN3000 client for AnyConnect to work properly. Instructions arehere. Start Before Logon is available using AnyConnect; more information is availablehere.

Most users will not be using Start Before Logon and will not need to adjust the VPN3000 client.

A web install is the most convenient way to install the AnyConnect client. In order to do a web install, you will need either Internet Explorer with ActiveX, or Firefox with Java installed. The install process will automatically detect either configuration and use it. You do not need either ActiveX or Java to do a manual install. If you have a valid ActiveX or Java configuration the installer will do a web install and not present the manual option.

Internet Explorer Only

If you are using Internet Explorer, you will need to add the Caltech SSL-VPN URL to the Trusted Sites Zone. Do the following:

1. In Internet Explorer, go to the Tools menu and choose Internet Options.
2. Click on the Security tab, then on the Trusted Sites icon. Click on the Sites button to bring up the Trusted Sites dialog.



3. In the Trusted Sites dialog, enter https://vpn.caltech.edu into the "Add this website to the zone" text field. Click on the Add button. Click on the Close button. In the Internet Options dialog, click on the OK button.


Internet Explorer and Firefox

The rest of the instructions will apply to either Internet Explorer or Firefox.

Go to https://vpn.caltech.edu. You'll see a fill-in form like so:



In the drop down menu there are two groups: Tunnel-All-Traffic and Tunnel-Caltech-Traffic-Only. Choose the Tunnel-Caltech-Traffic-Only group unless you have a specific reason not to. You'll get better performance and generate less traffic to the Caltech network. The install process will place both profiles on your computer so you can change later if you like.

Enter your access.caltech credentials and click Login or press the Enter key.

The installer application will first detect whether to use ActiveX or Java. The detection process can take up to 60 seconds.

If the installer doesn't find a usable ActiveX or Java configuration, it will offer the option of a manual installation, as in the following illustration. Manual install instructions are here. If the installer does detect a usable ActiveX or Java configuration, it will proceed with the installation. See below.


Web Installation

The web install process will begin with dialogs as in the following illustration. On Vista and Windows 7, you may see a User Account dialog requesting permission to install software. Click on Yes.



An ActiveX installation will proceed without further interruption.

A Java install will present a security dialog asking permission to run. You may want to uncheck the "Always trust content from this publisher" item. Click on the Run button.



When the installation has finished, the web page will look like this illustration:



Either ActiveX or Java Detection will be checked, and the Connected item will be checked. Notice the red circle in the graphic. Inside is an icon with a lock. Down in the lower right corner (also called the Notification Area or System Tray), there will be a small icon with a lock like so:



The install process automatically creates a VPN connection and minimizes the client window.

At this point you should test your VPNconnection to verify that it is working correctly. Click on this Caltech link. You should see that you have an IP address starting with 131.215.249.xxx. Then click on this DSLreports.com link. You should see that you have your normal IP address as assigned by your ISP (if using Tunnel-Caltech-Traffic-Only), or a Caltech IP address starting with 131.215.249.xxx (if using Tunnel-All-Traffic).

After verifying that the connection is working, you can continue using VPN or disconnect it. The quickest way to disconnect the AnyConnect client is to Right-click on the lock icon in the System Tray. You'll see a menu like this:




Choose Disconnect or Quit to close the VPN connection.

You should now have a working AnyConnect VPN installation. You do not need to reboot your computer in order to use the AnyConnect client.

To run the VPN client after installing, seeUsing the Cisco AnyConnect Client

If you need assistance with downloading, installing or troubleshooting VPN connection problems, contact us atathttp://help.caltech.edu (request type IMSS-->Network, Wireless & Remote Access-->Cannot connect to-->Remote Access (VPN).

Manual Installation

If the AnyConnect web-based install fails, it will present the option of a manual installation.


Click on the link to download the installer application.

Depending on your browser settings, you may get a dialog asking you where to save the installer file, or it may automatically choose where to store it. Typical locations are the Downloads folder or the Desktop. If you choose where to store the file, be sure to choose a location you will remember.



Now close your web browser application and locate the installer application file you just downloaded. Double-click on the file to launch it. The installation wizard will begin the installation process. Click on the Next button.


The installer will present the license agreement. Click on the "I agree ..." radio button. The Next button will highlight. Click on it to continue.



Now the installer will present the Ready to Install dialog. Click on the Install button.



Now the installer will present a status dialog. If you are running Vista or Windows 7 you may see a User Account dialog asking permission to continue. Click on the Yes button.



The installation will proceed. When it has finished, you'll see the Completed dialog. Click on the Finish button.



You should now have a successfully installed AnyConnect VPN client. Unlike the web install process, the manual install does not automatically create a VPN connection and minimize the client. If you don't intend to use VPN right away, you should test the installation by creating a VPN connection. See Using the Cisco AnyConnect Client for instructions. Once you've created a connection and tested it, you can close the connection.

You can delete the installer application after the manual install process. The AnyConnect client has an auto update feature which will keep the client current.

To run the VPN client after installing, seeUsing the Cisco AnyConnect Client

If you need assistance with downloading, installing or troubleshooting VPN connection problems, please contact us athttp://help.caltech.edu (request type IMSS-->Network, Wireless & Remote Access-->Cannot connect to-->Remote Access (VPN).