Cisco AnyConnect

Institutes and facilities of the TU Dresden can use the  Cisco AnyConnect Secure Mobility Client software in order to have protected access from the according institute networks to the TU Dresden network.
Cisco AnyConnect uses VPN Tunnel  via the default SSL port (TCP 443) and DTLS port (UDP 443). Both ports must be opened in your firewall otherweise the performance could get low.
When building the VPN connection your PC will get an IP address from within the according network.

Cisco AnyConnect has some features to afford:

  • obviously less connection problems from within external networks, because https is not as restricted as IPSec VPN
  • automatical reconnection during a network change, e.g. via WLAN
  • siginificantly easier installation of the software
  • automatic software update via the VPN-Gateway
  • Linux version independent from the kernel version

Installation


AnyConnect is supported by the following operating systems:

Operating System Automatical
Installation
via Browser		 Configuration
for manual
Installation		 Information

Windows  8 , 10 and 11 x86(32bit) and x64(64bit)		 Yes Windows 8 and 10

Windows 8 - ATTN:  Windows 8 is not supported by the current Version of AnyConnect

Windows 10: the Cisco AnyConnect Client SHOULD be deinstalled BEFORE Upgrade
Linux 64bit No Linux 64bit officially supported are:
Linux Red Hat 9.0, 8.x, and 7.x & Ubuntu LTS 22.04, 20.04, and 18.04 (64-bit only)
( it may also work with other distributions)
-- Ubuntu 15.x is not supported please use openconnect
Mac OS X 12, 11.2, 10.15, and 10.14 (all 64-bit only) Yes Mac OS X AnyConnect will NOT work with MacOSX 10.5 and it is no longer supported for MacOSX versions 10.6 to 10.13 

Cisco AnyConnect Software

The Client Software Cisco AnyConnect is necessary for the use of SSL VPN. Due to trademark and licensing laws a software download is only allowed with a valid ZIH Login. Admin rights are necessary for the first installation.

Windows - ATTENTION: when upgrading Windows  the Cisco AnyConnect Client SHOULD be deinstalled before the upgrade. Otherwise, the software may not work any longer.

The installation files for Windows have to be stored as *.msi files and the Transform-File as *.mst . If this should not work automatically, you have to right-click on the link and choose the option "save target as...". Afterwards you have to select "All files" and complete the file's name with ".msi" and ".mst" respectively. The file is stored properly then.

Version AnyConnect 4.10.06079

Version AnyConnect 4.10.04071

Because of a vulnerability in Cisco AnyConnect Client a so-called out-of-band update to the current version is recommended. To do so please download and install the packages below. If your AnyConnectLocalPolicy.xml already contains the parameters described in the following the AnyConnect Client software update can also be done by the automatic update initiated by the VPN gateway. 
Check and optionally modify  the file  AnyConnectLocalPolicy.xml  on your local machine (as administrator or root/sudo) at the corresponding location of your system:

  • Windows: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\
  • macOS: /opt/cisco/anyconnect/
  • Linux: /opt/cisco/anyconnect/

find these lines in that file:

<RestrictScriptWebDeploy>false</RestrictScriptWebDeploy>
<RestrictHelpWebDeploy>false</RestrictHelpWebDeploy>
<RestrictResourceWebDeploy>false</RestrictResourceWebDeploy>
<RestrictLocalizationWebDeploy>false</RestrictLocalizationWebDeploy>

and change the values from false to true, if they are false:

<RestrictScriptWebDeploy>true</RestrictScriptWebDeploy>
<RestrictHelpWebDeploy>true</RestrictHelpWebDeploy>
<RestrictResourceWebDeploy>true</RestrictResourceWebDeploy>
<RestrictLocalizationWebDeploy>true</RestrictLocalizationWebDeploy>

Version AnyConnect 4.9.05042

!! older versions are not recommended anymore due to vulnerabilities   !!

Old AnyConnect versions for "Windows Mobile" (not supported anymore):

About this page

ZIH Web
Last modified: Oct 24, 2022
Page Actions