Connecting via CiscoVPN

Preparation

You may either use a personal certificate issued by MPI MIS or use 2FA to authentication with the CiscoVPN service. Both can be acquired from our Self Service.

Important

If you have any questions about VPN using Cisco Anyconnct, please contact the IT Departement.

VPN Certificate

• Go to Self Service

• Login

• Click VPN Certificate

• Request your VPN-Certificate

• Make sure to save the password of the certificate.

• The certificate will be sent to your MPI-Mail-Address, named yourusername_dateofcreation.p12.

Note

You will also receive another email, wich contains an OpenVPN config. It is not needed for CiscoVPN.

• Save the certificate on your computer.

2FA Token

Please refer to Setup 2FA on how to set up your 2FA token.

Usage

Mac

Via 2FA

• Download and install the Cisco Anyconnect Mobility Client from the Managed Software Center.

• Start the Cisco Anyconnect Mobility Client and enter https://cvpn01.mis.mpg.de as the server adress you want to connect to.

• If it is not selected already, pick MPI-MIS-MFA as your Group and enter your Username, Password and TOTP Token as displayed below and click OK

  

Via Certificate

• Download and install the Cisco Anyconnect Mobility Client from the Managed Software Center.

  

• Double-Click the certificate mentioned above.

• Now MacOS asks you, if you want to save this certificate on your computer.

• Select Login as the desired target directory and enter the password you were given.

• Start the Cisco Anyconnect Mobility Client and enter https://cvpn01.mis.mpg.de as the server adress you want to connect to.

• If you are asked for a password to configure the login keychain, please enter the password of your MacBook account.

  

Linux

Via 2FA

• Run the following command in a terminal application:

sudo openconnect --authgroup MPI-MIS-MFA --user <username> https://cvpn01.mis.mpg.de

• After entering the sudo password, you will be asked twice for a password. Enter

  • first your MiS password

  • then your 2FA code.

Via Certificate

• Save your certificate on your computer (i.e. in Downloads).

• Run the following command in a terminal application:

sudo /usr/sbin/openconnect --certificate <your_cert.p12> --authgroup MPI-MIS-certificate \
                           --user <username> https://cvpn01.mis.mpg.de

• After entering the sudo password, you will be asked twice for a password. Enter

  • first your certificate password

  • then your MiS password.

Windows

Via 2FA

• Log in to cvpn01.mis.mpg.de via 2FA (MPI-MIS-MFA) with your

  • Username

  • Password

  • TOTP Token

• Download and install Cisco Anyconnect Secure Mobility Client on your device

• Open the Cisco Anyconnect Client and enter cvpn01.mis.mpg.de as the URL you want to connect to and click Connect

• As before, select MPI-MIS-MFA as your group and enter your

• Username, Password and TOTP Token and click OK.

Via Certificate

• Open the Windows Menu and search for Manage User Certificates

• Navigate to Personal/Certificates

• Right click on the directory and select import

• Click current user and proceed

• Browse to the location of your certificate and select it

• Enter the password for the certificate

• Open your Browser and go to Settings -> manage certificates -> Import

• Browse to the Location of your certificate, select it and enter the password connected to it

• Log in to cvpn01.mis.mpg.de with your certificate (MPI-MIS-certificate) together with your institute login details

• Download and install Cisco Anyconnect Secure Mobility Client on your device

• Open the Cisco Anyconnect Client, enter cvpn01.mis.mpg.de as the URL and click Connect

• As before,

• Now Windows asks you to select a certificate to connect to the server. Click on More choices and select the certificate issued by mis.mpg.de. If the Password is correct, the Cisco Anyconnect Secure Mobility Client will now connect to the institutes network.