How Do I Connect to the ASC VPN Using Cisco and Duo?

Overview

The ASC Cisco AnyConnect VPN provides secure remote access to ASC resources.

Note: Please, do not use the VPN if your service does not require it.

Always On VPN replaces Cisco AnyConnect on ASCTech managed Windows machines: click here for more information.

Contents

Alternatives to the Cisco VPN

If not required, it is best to use an alternative to the VPN. The VPN adds overhead (slowness) to connections and there are finite slots available on the VPN. There are many services that do not require the VPN.

Requires the VPN: (These are included with Always On VPN on ASCTech managed Windows endpoints.)

  • Connecting to shared and private Windows drives.
  • Re-validating your Windows license if the machine has not connected to the OSU network for 180 days.
  • Connecting to certain software license servers.
  • Syncing your OSU password on legacy computers.

Does not require the VPN:

  • Workday, Compass, and many other OSU services.
  • OneDrive, Carmen/Canvas, Zoom, Code42 and other cloud services.
  • University Email System, Office 365 apps.
  • Remote Desktop to Windows or Linux running XRDP:
    • ASC's RDP Gateway is preferred for on campus and off campus connections.
    • Guacamole for Windows Remote Desktop to Windows machines and ASC Standard Linux machines running xrdp.
      • Guacamole has the advantage that it doesn't require a client, just a web browser.
    • As of February 2, 2021, RDP will cease to function over the VPN.
  • SSH to Linux machines using Jump. (This includes Unity, but see OnDemand below.)
  • Unity has an OnDemand feature which can let you check on your jobs, start jobs, and even get a full desktop.
  • SFTP to Linux hosts, this can be tunnelled through Jump and is faster.

Linux users are strongly encouraged to use Jump, but if the VPN is required we suggest using openconnect (see related articles) instead of the Cisco client.

Always On VPN - Windows

On February 21 your ASCTech managed Windows machine will get an "Always On VPN" (AOVPN). This will route selected OSU-only management traffic directly to OSU, and will affect off campus machines.

The most visible and immediate change on the 21st will be syncing of your lastname.# password to your off campus machine. If you haven't been on the Cisco VPN since your last my.osu.edu password change this will result in an unexpected password sync to your off campus machine.

AOVPN does not route all your traffic via OSU. Just traffic that would need to go to OSU anyway. For example, you will no longer need the Cisco VPN to connect to file shares, sync passwords, renew your Windows license.

If your machine is an ASCTech managed Windows computer, your machine will connect using an "Always On VPN" to certain ASC/OSU services.

This enables anywhere access to:

  • ASC Windows file shares.
  • Immediate password syncing with your OSU lastname.# account.
  • ASC run license servers, such as Autodesk, Cinema 4D, Comsol, Deadline, IDL, Keyshot, Maple, Matlab, Mathematica, OriginPro, SolidWorks, SPSS, etc.
    • If you need a license that works without any network connectivity, contact ASCTech.
  • Windows Software Center, for installing OSU licensed software.
  • Patching and configuration, keeping your computer secure.

If your ASC Windows computer does not appear to have access to the Always On VPN, please contact us.

Note for Macintoshes: Recently imaged Macs do sync your OSU password, and Self-Service Software is available everywhere. We are looking at ways to enable file shares and license servers on Macs as well.

Procedure

How do I connect to the ASC VPN using Cisco and Duo?

1. Install the client:

  • If you are on an OSU owned computer:
    • Windows: find the Cisco client in Software Center 
    • Macintosh: find the Cisco client in Self Service
    • These will install without needing administrator rights.
  • Otherwise, please use the clients attached to this KB.
    • Windows:
      • Download anyconnect-win-4.9.05042-core-vpn-predeploy-k9.msi, ASC-AnyConnect-client-profile.xml, and Install-CiscoAnyConnect49.cmd
      • Double click the .cmd file. If Windows Smart Screen complains, it's ok to allow.
      • The install may take up to 25 minutes.
    • Macintosh:
      • Download and run the .pkg file contained in the .dmg file.
      • Check only the VPN checkbox for the components to install.

2. Once the program has been installed, open it. On a Mac, you can open it in Applications, but on Windows 10, I just searched for it in the Start Menu.

3. In the dropdown field, type vpn.asc.ohio-state.edu - this address will be saved next time you want to connect.

4. You will be prompted for your group, username, password, and second password.
For group: Select “ASC-VPN” for access to all OSU on-campus resources. Select “ASC-VPN-TunnelAll” to be able to access off-campus resources, as well as on-campus resources as though you were on campus. The “ASC-VPN-TunnelAll” is useful for directly accessing journals from the publisher’s site, for instance.
For username: Use your name.#.
For password: Use your OSU password (used for email, Carmen, my.osu.edu, etc.).
For second password: Your second password will be from Duo. If you use Duo on a smart device, you can either:

  • type “push” and then click OK, and confirm the push on your mobile device OR
  • go into Duo on your mobile app and request a passcode by pressing the key button

5. Click Accept on the Window that pops up.


6. Cisco will give you the green checkmark when you’re connected.

100% helpful - 4 reviews

Details

Article ID: 14542
Created
Fri 7/8/16 9:08 AM
Modified
Tue 2/15/22 2:16 PM

Related Articles (11)

When launching Cisco Anyconnect following error appears:
"Failed to Load Preferences."
DUO is OSU's two factor authentication service. It's also known as BuckeyePass.
Connecting to Linux Home and Group Directories: From on ASC's network, off network, and from Linux machines.
A basic guide for connecting to the ASC VPN using NetworkManager and OpenConnect on Linux.
Directions on how a user can change their Local Admin password on a Mac.
A how-to on how to sync the logon password on Windows 10 devices after changing the OSU password.
Starting point and introduction to remote resources.
Gateway.asc.ohio-state.edu allows Remote Desktop to OSU machines from off campus with Duo two factor authentication.
Guacamole is a service to access on campus computers remotely using a web browser.
A description of how to connect to a Windows PC from a Mac.

Related Services / Offerings (1)

VPN
Virtual Private Network (VPN) creates a secure, encrypted connection, which can be thought of as a tunnel, between your computer and resources within your network security perimeter.