Mac OS X Client Configuration

If you haven't already done so,go to http://help.caltech.edu to request VPN service.
Select request type IMSS-->Network, Wireless & Remote Access-->VPN Request Form.


Important note for Library journal database users

Remote journal access should now be done through the Library's authenticated proxy server using your access.caltech username and password. No special URL is needed; when you visit the Library pages and click on a database link, the Library proxy server will automatically detect whether you are connecting from a campus address, and will ask for your access.caltech username and password if you are connecting from off campus. VPN is no longer necessary for Library journal database access.


Important note for using the Caltech VPN client (Cisco AnyConnect) with Mountain Lion

Users who have upgraded to Mountain Lion and have never installed (or uninstalled prior to the upgrade) will find that the install fails with the error message "vpn.pkg is damaged and can't be opened. You should eject the disk image." This is due to the new security protections in Mountain Lion. To allow the install toproceed, go to System Preferences->Personal->Security & Privacy. Launch the Secuity and Privacy applet. Cick on the General tab to highlight it. Click on the lock icon to allow changes. Under the heading "Allow applications downloaded from:" click on the Anywhere radio button. Now double click on the vpn.pkg install package. The installation should proceed as normal. When it is finished, you can change the Security & Privacy setting back to the previous setting.

Important note regarding recent Mac OS updates Snow Leopard (10.6) and the release of Lion (10.7)

In the recent updates to Mac OS Snow Leopard (10.6) and the new release of Lion (10.7) the necessary Java support for the web based install of AnyConnect is either incompatible or missing entirely. Users may install Java separately if they choose to do so. Otherwise, users of these Mac OS releases will not be able to follow the instructions below for a web based installation. Manual installation will work however. Please see the instructions here for more information.

Any Connect and Virtualization

Before installing the Any Connect client, please bear in mind that virtualization software presents a problem. Cisco's official position, taken from the Release Notes for the Any Connect client, is that:

"AnyConnect does not support virtualization software such as VMWare for any platform or Parallels Desktop for Mac OS."

Enterprising users may find that for particular combinations of virtualization software and operating systems Any Connect can be made to work under virtualization. Users who have the skills and fortitude to manage such configurations are welcome to use them. However, IMSS cannot insure stability and compatibility of unsupported configurations with our VPN concentrators. Also, the number of virtualization packages and operating system combinations make offering formal support impossible. Thanks for understanding.


Download, installation, and connection information:

The Cisco AnyConnect client can be installed either via a web based install process or a manual install process. You should first try the web based process to see if it works; if not you will automatically be presented with the manual install process.

A web install is the most convenient way to install the AnyConnect client. In order to do a web install, you will need Safari or Firefox, with Java installed. Other browsers (Opera, Chrome, etc.) may work but are not supported. The web install process will automatically detect your configuration and proceed if it is compatible. If your configuration is not compatible, the web install process will time out and you'll be offered the manual install option. You do not need either ActiveX or Java to do a manual install.


Go to https://vpn.caltech.edu. You'll see a fill-in form like so:



In the drop down menu there are two groups: Tunnel-All-Traffic and Tunnel-Caltech-Traffic-Only. Choose the Tunnel-Caltech-Traffic-Only group unless you have a specific reason not to. You'll get better performance and generate less traffic to the Caltech network. However, when using access.caltech applications, please select the Group: 2- Tunnel- All -Traffic option when connecting to Caltech VPN. The install process will place both profiles on your computer so you can change later if you like.

Enter your access.caltech credentials and click Login or press the Enter key.

The installer application will first detect whether to use Java. The detection process can take up to 60 seconds.

If the installer doesn't find a usable Java configuration, it will offer the option of a manual installation, as in the following illustration. In some cases, the installer will not respond, but keep searching, requiring the user to close the browser. In these cases a manual installation will be necessary.Manual install instructions are here. If the installer does detect a usable Java configuration, it will proceed with the installation. See below.



Web Installation

The web install process will begin with dialogs as in the following illustration.




The browser may prompt you to accept the certificate which validates the installation applet. Click on the Trust button.




When the installation has finished, the web page will look like this illustration:



Sun Java will be checked, and the Connected item will be checked. Notice the red circle in the graphic. Inside is an icon with a lock. In the upper right corner of the menu bar, there will be a small icon with a lock like so:

 

The install process automatically creates a VPN connection and minimizes the client window.

At this point you should test your VPNconnection to verify that it is working correctly. Click on this Caltech link. You should see that you have an IP address starting with 131.215.249.xxx. Then click on this DSLreports.com link. You should see that you have your normal IP address as assigned by your ISP (if using Tunnel-Caltech-Traffic-Only), or a Caltech IP address starting with 131.215.249.xxx (if using Tunnel-All-Traffic).

After verifying that the connection is working, you can continue using VPN or disconnect it. The quickest way to disconnect the AnyConnect client is to click on the AnyConnect icon in the menu bar. You'll see a menu like this:




Choose Disconnect or Quit to close the VPN connection.

You should now have a working AnyConnect VPN installation. You do not need to reboot your computer in order to use the AnyConnect client.

If you need assistance with downloading, installing or troubleshooting VPN connection problems, please contact us at http://help.caltech.edu (request type IMSS-->Desktop Support-->Computer Problems-->Need Help Installing Software).

 

 

Manual Installation

If the AnyConnect web-based install fails, it will normally present the option of a manual installation. If so, you can follow the instructions below.

If the web-baseed installer does not offer a manual install option, but keeps searching and never completes (i.e. "hangs") then it will be necessary to temporarily disable Java before doing a manual install.
 
For Safari:
From the Safari menu, choose Preferences. In the Preferences dialog, choose the Security tab. In the Web content section, click on the Enable Java checkbox to remove the checkmark. Close the Preferences window.
 
For Firefox:
Depending on the version of Firefox, the Enable Java option may be in one of two places.
  1. From the Firefox menu, choose Preferences. In the Preferences dialog, chose the Content tab. Click on the Enable Java checkbox to remove the checkbox. Close the Preferences dialog.
  2. From the Tools menu, choose Add-ons. In the Add-ons dialog, find the Java Plugin or Java Embedding Plugin entry. Click on the Disable button. Close the Preferences dialog.
With Java disabled, users can go to the https://vpn.caltech.edu web site and log in. The AnyConnect installer will attempt to detect the Java installation, but will time out after one minute. The option for a manual install will then be presented.
 



Click on the link to download the installer application.

Depending on your browser settings, you may get a dialog asking you where to save the installer files, or it may automatically choose where to store it. Typical locations are the Downloads folder or the Desktop. If you choose where to store the file, be sure to choose a location you will remember.

The installer will download two files, vpnsetup.dmg and vpnsetup.sh. To begin the manual installation, double-click on vpnsetup.dmg. An icon labeled vpnsetup.dmg will appear on the Desktop. Double-click on the vpnsetup.dmg file. A volume labeled vpn-<version number> (2.3.0254 in this case) will appear on the Desktop. Your screen should look something like the illustration below.




Now double-click on the volume icon. A window containing the installation file will appear like so:





Double-click on the vpn.pkg file to run it. The installer will begin to run. You'll be prompted to verify that you want to install the software. Click Continue in the drop-down menu, and the click Continue in the installer window.




Next, you'll be prompted to accept the licensing agreement. Click on Agree to accept the license, and click Continue to proceed with the installation.





Now you'll be prompted to select the location on your computer where the AnyConnect client will be installed. Click on the icon that represents your main hard disk. The icon will highlight as in the illustration below. Do not select the vpn volume to install the AnyConnect client. When you have selected the destination to install the client, click Continue.





Next, you'll be asked to confirm the installation. Click on the Upgrade button.




When the installer has finished, you'll see a dialog indicating that the installation was successful.







You should now have a successfully installed AnyConnect VPN client. Unlike the web install process, the manual install does not automatically create a VPN connection and minimize the client. If you don't intend to use VPN right away, you should test the installation by creating a VPN connection.

Click on this Caltech link. You should see that you have an IP address starting with 131.215.249.xxx. Then click on this DSLreports.com link. You should see that you have your normal IP address as assigned by your ISP (if using Tunnel-Caltech-Traffic-Only), or a Caltech IP address starting with 131.215.249.xxx (if using Tunnel-All-Traffic).

See Using the Cisco AnyConnect Client for instructions. Once you've created a connection and tested it, you can close the connection.

You can delete the vpnsetup.dmg and vpnsetup.sh files after the manual install process. The AnyConnect client has an auto update feature which will keep the client current.

To run the VPN client after installing, see Using the Cisco AnyConnect Client

If you need assistance with downloading, installing or troubleshooting VPN connection problems, please contact us at http://help.caltech.edu (request type IMSS-->Desktop Support-->Computer Problems-->Need Help Installing Software).