Scribd
Upload
1K views

Remote Access User Guide

Virtual Private Network (VPN) allows your remote computer to connect securely to SPAN/BC network over a public network like a wireless hotspot or home network and access Government network resources that include your Exchange e-mail, applications and shared data. The public Internet even when connected via a public wireless hotspot.

Uploaded by

Anonymous ZSmSZErTqt
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
1K views

Remote Access User Guide

Virtual Private Network (VPN) allows your remote computer to connect securely to SPAN/BC network over a public network like a wireless hotspot or home network and access Government network resources that include your Exchange e-mail, applications and shared data. The public Internet even when connected via a public wireless hotspot.

Uploaded by

Anonymous ZSmSZErTqt
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Section Guide:

Hyperlink enabled:

1. Remote Access VPN


Guidelines
2. Before you call for help
3. MS Windows System
Requirements Remote Access Services User Guide
4. The Cisco AnyConnect VPN
Client on your Govt VIRTUAL PRIVATE NETWORK (VPN) OVERVIEW
Provisioned Workstation
5. How to connect using the VPN Remote Access Services provide secure, cost-effective ways for mobile workers,
telecommuters and non-government customers on external networks to access the
Client Shared Provincial Access Network for British Columbia (SPAN/BC).
6. Using Start Before Login SBL
for Govt Provisioned Mobile
Workstations
7. Using Remote Desktop DEFINITIONS:
Connection RDC for Virtual Private Network (VPN) allows your remote computer to connect securely to
Personal Computers SPAN/BC network over a public network like a wireless hotspot or home network and
8. Using the WTS Wake-up site access Government network resources that include your Exchange e-mail, applications
for your Govt Provisioned and shared data. The public Internet even when connected via a public wireless
Workstation hotspot.
9. Using the Disconnect/Quit
Remote Desktop Connection (RDC) is an application that allows you to use your
from VPN
remote computer to access your primary @ work Govt Provisioned Workstation over
10. Cisco AnyConnect VPN Client the Internet via a VPN enabled connection. Start Before Login (SBL) is for Govt
Download links and Provisioned Mobile Workstations to establish the remote VPN connection to Exchange
installation instructions e-mail, applications, shared data, printers and drives.
11. SPAN/Dial Info
12. Helpful Links
13. Frequently Asked Questions
14. Cisco Secure Mobility Client
for Devices other than
Windows
15. Revision History
1 REMOTE ACCESS VPN GUIDELINES

SECURITY AWARENESS!

To ensure that Government security policies are not violated by any personal Internet activity, it is very important that you
disconnect your VPN session as described in section 9 after youve completed your Government business.

If you do not disconnect your VPN session and proceed to do personal Internet activities, then be aware that your personal
Internet data traffic will be traversing the Government data network, which may result in a Government policy violation, a
security investigation and possible legal repercussions.

The Information Security Branch of the Office of the Chief Information Officer has developed resources to help explain information
security best practices. To ensure you are in compliance with policy and are aware of best practices, refer to the Information
Management/Information Technology (IM/IT) Strategic Policy web site. An additional OCIO Best Practice Guide for working with
personal and/or confidential information outside the workplace is the Working Outside the Workplace resource document.

For questions or comments on protecting yourself and government data please contact the Knowledge and Information Services,
Ministry of Citizens Services 250-356-0361 or http://www.cio.gov.bc.ca/cio/kis/infomgmt/index.page?

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 2
2 BEFORE YOU CALL FOR HELP

1. Review the contents of this guide; it has a lot of detailed information that should help guide you through most Remote
Access scenarios.

2. If you require assistance call the contact the 7-7000 Service Desk at 250-387-7000 or toll free 1-866-660-0811 option 1 or
email [email protected]. Make sure you have the following information ready it will help us resolve your problem quickly.

What is your VPN ID/IDIR ID and/or full name?


What operating system are you using (e.g.: Windows 7 or 10).
What version of the Cisco Anyconnect Client are you using?
Is this a Government provisioned workstation or personal device.
Where are you and/or what type of internet connection (home, remote office, hotel, wireless hot spot).
If using Remote Desktop Connect(RDC), what is the workstation number you are trying to connect to?
What exactly is the error or problem you are having, write down the error, screen shots are very helpful.
Contact information, phone number (an alternate contact will not be accepted).
Do you have personal/ISP firewall / router setup?
Who is your internet service provider (i.e. TELUS or Shaw)?
When did it last work?
Have you made any recent changes to your device configuration, software or hardware updates?

3 MS WINDOWS SYSTEM REQUIREMENTS FOR THE C ISCO ANYCONNECT VPN CLIENT

Cisco AnyConnect Security Mobility VPN Client System Requirements


Microsoft Windows

Windows Versions Supported

Windows 7 SP1, 8, 8.1 & 10


x86(32-bit) and x64(64-bit)

Windows Requirements
Pentium class processor or greater.
100 MB hard disk space.
Microsoft Installer, version 3.1.
Upgrading to Windows 8 or 10 from any previous Windows release requires you to uninstall AnyConnect, and reinstall it after
your Windows upgrade is complete.

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 3

4 THE CISCO ANYCONNECT VPN CLIENT ON YOUR GOVT PROVISIONED WORKSTATION

If you are using a Govt Provisioned Mobile Workstation and the Cisco AnyConnect Mobility client is not installed follow these
instructions:

1. Open the Software Centre via Start > All Programs > Microsoft System Center 2012 > Configuration Manager >
Software Center.
2. Click on Find Additional Applications link on top right
3. Enter AnyConnect in the search field on the top right to
find the package
4. Click on the install button on the bottom right.

Problems installing your software on your workstation contact the 7-7000 Service Desk at 250-387-7000 or toll
free 1-866-660-0811 option 1

NOTE: PERIODICALLY OCIO UPGRADES THE CISCO ANYCONNECT SECURE MOBILITY CLIENT THROUGH
WORKSTATION SERVICES EXPANDED PATCH MANAGEMENT PROGRAM (EPM). THE UPGRADES ARE A RESULT OF
NECESSARY SECURITY AND OR MAINTENANCE REQUIREMENTS AND ARE COMMUNICATED THROUGH Service
Bulletins. Upgrades are applied automatically for mobile workstations that have a full version of the software
installed. All Govt Provisioned workstation that do not have a full version installed must install through the
Software Centre as noted above.

If you are NOT using a Govt Provisioned Workstation you'll need to download, install and configure the Cisco
AnyConnect VPN Client Software on your Personal Computer as described in Section 10 or Section 14 for devices
other than Windows, MAC iOS or Linux.

NOTE: Users of personal workstations are notified of upgrades through the VPN Service Login Banner and through
our Service Bulletins and should upgrade at their earliest convenience in order to ensure functionality of their VPN
Service.

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 4
5 HOW TO CONNECT TO SP AN/BC USING CISCO AN YCONNECT VPN CLIENT

Click the Orb | All Programs |Select the Cisco Folder then the Cisco

AnyConnect Secure Mobility VPN Client

1. Click Connect: vpn2.gov.bc.ca

2. In the Username and Password fields, type your VPN/IDIR id or your VPN ID and your
password. Do not type in IDIR\username this will result in a Failed Login error
message. Just type your username (username must be in lower case, with NO CAPS)
and your password.

3. Click OK, The Cisco AnyConnect alert/dialogue box will open.

4. Read the message and Click Messages often contain


important information about upgrades, security information or
relevant Service Bulletin information.

5. For most computers, the Cisco AnyConnect VPN Client icon is displayed in the system tray
(bottom right hand corner of your screen)

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 5
6 USING THE START BEFO RE LOGIN FEATURE FOR A GOVT PROVISIONED WORKSTATION FULL
FUNCTIONALITY TO INC LUDE MAPPED NETWORK DRIVES AND ACCESS TO LOB APPLICATIONS

NOTE: You must ensure that you have already established a network connection either hardwired or via your
Wireless. The best way to determine a connection is to login to your workstation as usual, confirm a network
connection by opening your Browser e.g. http://www.google.ca. Once you have established a network connection,
perform a logoff and follow the instructions as noted below.

1. With Windows 7/8, Click Start


2. Click the triangle next to Shutdown
3. Click Switch User.
4. Click the Network Login button at the bottom right of
the screen.

5. Click the Cisco AnyConnect icon.


6. Click Connect

7. The Cisco AnyConnect VPN Client dialog box appears, login with your
VPN/IDIR id or you VPN id and password. Do not enter IDIR\username, this will
result in a Failed Login error message.

8. Click for the Cisco AnyConnect alert will open

9. Read the message and Click Messages often contain


important information about upgrades, security information or
relevant Service Bulletin information.

10. You will get your login screen, except that it has the Microsoft Disconnect button in the lower-right corner of the screen.
This is the only indication that the SBL connection is successful.

11. Click the Other User icon and login with your IDIR ID and password as you normally would.

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 6
7 USING REMOTE DESKTOP CONNECTION FOR A PER SONAL COMPUTER FULL FUNCTIONALITY

BEFORE YOU START:

1. BE SURE TO GET YOUR @ WORK GOVT PROVISIONED WORKSTATION NUMBER FROM THE TOP LEFT
HAND CORNER OF YOUR DESKTOP AT WORK AND WRITE IT DOWN HERE _____________
2. PRINT OFF THIS GUIDE TO USE AS A REFERENCE OR EMAIL A COPY OF THE PDF DOCUMENT TO YOUR PERSONAL
MAILBOX
NOTE: Refer to the Remote Desktop Connection (RDC) guide for detailed information on using RDC and the OCIO
WakeUp Site. If you are unable to connect to your Govt Provisioned Workstation you may need to wake it up, refer
to section 8.
For MAC or iOS users refer to section 12 Helpful Links.

Click the Orb l All Programs|Click the Cisco AnyConnect Secure Mobility

VPN Client
Click Connect: vpn2.gov.bc.ca
In the Username and Password fields, type your VPN/IDIR ID or you VPN ID and
password.
Click OK The SPAN/BC VPN Gateway alert opens

Click
For most computers the Cisco AnyConnect VPN Client icon is displayed in the
task bar

Click the Orb |All Programs l Accessories l Remote Desktop Connection.

The Remote Desktop Connection window opens

In the Computer field, type the name of your workstation + .idir.bcgov .


(ie. DB434443.idir.bcgov)
Click

Type in your credentials, your User name (IDIR ID) and Password in the dialogue
box that appears, click OK (this logs you on to your workstation).

Click OK at the Security Warning Screen

Your primary workstation desktop appears on the screen. You can now access
your e-mail, applications, and data as though you were at the office. If it doesnt
appear your desktop may have gone into Hibernation/Shutdown and must be
woken up utilizing the OCIO Wakeup as in Section 8

NOTE: Alternatively you can use the IP address of your @ Work Workstation.

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 7
8 USING THE WAKE-UP SITE CALLED SURVEYOR BY VERDIEM APPLICATIONS, TO WAKE UP YOUR
@ WORK WORKSTATION REMOTELY

1. Connect to the Surveyro WakeUp site using your Web Browser at: http://wswakeup.bcgov/
2. Type in your Computer id (ex. DB000000) in the Computer Name box , click Search

3. The Wake-Up screen appears.

4. Close your web browser

5. After a few moments your primary workstation is ready for connection from your remote computer using the same
instructions from Section 7 Using Remote Desktop Connection

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 8
See below for what to expect when using the updated application (instructions and screen shots here are from a standard
Windows 7 workstation with Internet Explorer 11, other operating systems or browsers may have a slightly different
experience). Clicking the Remote Desktop Connection button launches the RDP protocol based on the IP address of the
machine. Due to security warnings in IE, you may see the following dialogue:

Click Yes.
You may see following prompt asking if you want to open the DC######.rdp from http://wswakeup.bcgov.
Click Open.

Because you connect via IP rather than Computer name, a security prompt displays (see image below). Click
Connect.

You may see the security prompts above even if you clicked Dont ask again, as Windows often asks for security
related permissions.
Click Connect to launch the RDP screen to remotely logon to your workstation.

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 9
9 DISCONNECT/QUIT FROM CISCO VPN CLIENT

NOTE: It is important that you disconnect after youve completed your session as VPN is charged @ an hourly rate
based on usage. Be aware that if you do not disconnect your VPN session and proceed to do personal Internet
activities, your personal Internet data traffic will be traversing the Government data network. This may result in a
Government policy violation, a security investigation and possible legal repercussions. To ensure you are in
compliance with policy and are aware of best practices, refer to the Information Management/Information
Technology (IM/IT) Strategic Policy website.
NOTE: Your VPN session will automatically shut down after being connected for 12 hours. If you are still working, you
will need to re-log on to VPN).

HOW TO DISCONNECT/QUIT FROM VPN

1. Right click the Cisco AnyConnect VPN Client icon in the taskbar
2. Choose Disconnect. If you do not have an Cisco icon at the bottom right of the
screan, then double click the Cisco icon. The Disconnect icon should be your only
option in this dialog box if you are still connected.

HOW TO DISCONNECT FROM REMOTE DESKTOP CONNECTION RDC

1 Click the Orb the Arrow and Log Off this will only terminate your RDC
Connection, you will still need to disconnect from VPN to terminate your SPAN/BC Session as noted above How to Disconnect
from VPN

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 10
10 INSTALLING/UPGRADING CISCO WINDOWS ANYCON NECT VPN CLIENT ON A PERSONAL COMPUTER
NOTE: The Cisco AnyConnect VPN Client software is provided at no charge for users of the SPAN/BC VPN Gateway
service. Do not install this revision on a Govt Provisioned Workstation, it is strictly for use on Personal Workstations.
For information on the Cisco Secure Mobility Client for devices other than Windows please refer to section 13.
CISCO AnyConnect Secure Mobility VPN Client Downloads

1. Remember to always uninstall any previous versions prior to


downloading and installing any newer revisions using your Control
Panel\Programs and Feature (Uninstall, Change or Repair) Windows
utility.

Windows and 64 Bit AnyConnect


MAC AnyConnect for i386 only
Linux 64 Bit AnyConnect

2. Download and run the installer for the Cisco AnyConnect client onto
your desktop/laptop
3. Click Run
4. The Cisco AnyConnect Welcome Box appears, Click Next
5. The Setup Wizard Box appears, Click Next
6. Select To Accept the License Terms, Click Next
7. Ready to Install, click Install

NOTE: Your Personal Computer may have the User Account


Control activated and you may be prompted to allow the
installation.

8. Click Finish to complete the installation

9. You have successfully installed the Cisco AnyConnect VPN Client.


Refer back to Section 5 to connect to SPAN/BC

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 11
11 SPAN/DIAL

SPAN/Dial Service provides remote access to the Shared Provincial Access Network for British Columbia (SPAN/BC) over
standard telephone lines, allowing access to the customers office applications from a home computer or laptop with a modem.

SSBC proactively manages the resources to minimize the possibility of busy signals. However, it is a contention based service
and busy signals may be experienced from time to time. It is recommended that customers disconnect from the service when
not in use.

SSBC provides a Remote Access user ID and password, a toll-free telephone number for the SPAN/Dial service.

The SPAN/Dial service supports the industry standards found in most modems:

1. V.90 (56kbps)
2. Enhanced Throughput Cellular (ETC) error correction
3. TCP/IP Point to Point Protocol (PPP)
4. Telnet - Asynchronous terminal access

SPAN/Dial Phone Number

Toll-free Service V.90 1 (888) 873-6155

Only Available within North America

RATES

Ministry
Service Rate* Unit of Measure Type
SPAN/Dial $2.75 Hours Consumption
Virtual Private Network (VPN) $0.35 Hours Consumption
Change Remote Access Services $0.00 Each N/A
Static IP Address (In House $50.00 Event One-Time
Configuration Change)
Cancel Remote Access Services $0.00 Each N/A

Broader Public Sector (BPS)


Service Rate* Unit of Measure Type
SPAN/Dial $3.44 Hours Consumption
Virtual Private Network (VPN) $0.43 Hours Consumption
Change Remote Access Services $0.00 Each N/A
Static IP Address (In House $62.50 Event One-Time
Configuration Change)
Cancel Remote Access Services $0.00 Each N/A

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 12
12 HELPFUL LINKS

Remote Access Services - Related Documents, Service Requirements, User Guides, Forms and Download Links.

Information Management/Information Technology Policies can be found on the Office of the Chief Information
Officer web site. The OCIO has developed a Working outside the Workplace Policy, a set of guidelines and a
checklist to handle information incidents.

Best Practices for Laptop users https://sdu.gov.bc.ca/WS/SitePages/Home.aspx

Standards of Conduct for Public Service Employees - The Government of British Columbia believes that the highest
standards of conduct among public service employees are essential to maintain and enhance the publics trust and
confidence in the public service.

Understand your responsibilities regarding the appropriate use of government information and communications
technology as per the Standards of Conduct and Chapter 12, Core Policy and Procedures Manual .

USER GUIDES/DOWNLOAD LINKS:

Please note that OCIO only supports the Cisco AnyConnect Secure Mobility client on Windows platforms. OCIO does not
support any IPsec proprietary clients on any platform, connection will be denied. You must install the Cisco AnyConnect
Secure Mobility Client designed for your devices operating platform. Do not installed this revision on a Govt
Provisioned workstations, it is designed specifically for use on Personal Workstations. Users of Govt Provisioned
Workstation will automatically receive a customized revision designed for our infrastructure as per section 4.

Mobile Enterprise Service - How to setup VPN on your iPhone/iPad

Android User Guide for Cisco AnyConnect Secure Mobility Client

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 13
13 FREQUENTLY ASKED QUE STIONS

1. What is a DOMAIN account?


o Ministry users are setup with a DOMAIN user account to authenticate to resources within SPAN/BC; such as file
shares, email and applications.
o By submitting an iStore request for Remote Access, a clients DOMAIN (idir) account will gain access to the Remote
Access Services (VPN and SPAN/Dial). See the Remote Access Service Catalogue site on How to Order Services in
iStore.
https://ssbc-client.gov.bc.ca/services/remoteaccess/order.htm

2. What is a SPAN Authenticated account?


o Broader Public Sector clients, and contractors who do not have a DOMAIN (idir) account, use a SPAN(Internal)
account to authenticate, through Remote Access Services (VPN or SPAN/Dial) to gain access to SPAN/BC.
o This structure will only allow users access to SPANBC, DMZ and the ExtraNet Zones. Any user who currently
requires access into Ministry specific LOB applications or workstations hosted within the HPAS Secure Data Centre
(zone A, B, or C) will be required to have an DOMAIN (idir) account in accordance with Information Systems
Security and Network Connectivity Standard 6.4. or a Ministry Sponsor who will request an exemption to access
LOB resources and application as per Service Bulletin #463.
o Your user ID is always created in lower case only, no capitals, e.g. jadoe.

3. How do I change my SPAN password?

o All Locally/SPAN Authenticated users password reset requests (non-IDIR) are required to have the account owner,
Ministry Information Security Officer or delegated authority to open an incident through the CSC Service Desk by
email at [email protected] or call 387-7000 (toll-free 1 866 660-0811), option 3.

4. I changed my DOMAIN(IDIR) password from another computer, now I cannot logon to the Govt Provisioned mobile
workstation. What can I do?
o If the workstation has not been connected to SPAN/BC to learn your new password, the old password will work to
connect to the desktop. You will require the new password to logon to the VPN connection.
o OCIO recommends that when you change your DOMAIN password that you logon to the Govt Provisioned mobile
workstation with the new DOMAIN password while connected to SPAN/BC before working remotely.

5. What Operating Systems does the Cisco AnyConnect VPN Client install on?
o OCIO has tested and supports the Cisco AnyConnect Secure Mobility VPN Client on Windows 7.
o For other Operating Systems see section 14.

6. Using an Govt Provisioned Workstation the Start Before Logon feature doesnt always connect when Im using a
wireless network. I receive the error Connection attempt has failed due to un-resolvable host entry.
o A VPN connection requires that the workstation be connected to a network. This will require that you logon with
the CTRL-ALT-DEL screen, confirm an Internet connection, then logoff and connect via VPN using the Network
Logon screen as in section 6.
Examples of this are:
Using a connection from a hotel where you need to open an Internet Browser and enter the hotel
authentication.
Using a Rogers Wireless Rocket Stick (WWAN) with an USB Connection.
Using a wireless network for the first time.

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 14
7. To automatically detect the network connection, ensure the Network Setting is set to Connect automatically when this
network is in range. To set this on a Vista mobile workstation verify the following settings:
o Open Network and Sharing Center
o Under Tasks (on the left panel), click Manage wireless networks. This brings up a dialog that lists the wireless
network connections you have created
o Right click on the wireless connection that you want to view its settings (Properties).

8. How do I request an exemption for the 12 hour session time-out for a specicific VPN account ?
o Submit an iStore Order for PI-Change Remote Access, providing the VPN id and explaining what I required. (ie,
turn off 12 hour session time-out for two weeks? until further notice ? pernenently? for the VPN id: xxxxxxx).
o This will ensure we have the appropriate approval for the change and an audit trail of that approval process in the
event theres a security audit or billing dispute resulting from the removal of the 12 hour session timeout.

9. I have a Windows XP Personal Computer (PC). Which VPN client should I use?
o OCIO does not support any Business applications on Windows XP as per Service Bulletin #552.

10. Why can I not see my local LAN access devices on my personal computer? This may include shared LAN drives or wireless
printers.
o To address security vulnerabilities this level of access is disabled. To ensure you are in compliance with policy and
are aware of best practices, refer to the Information Security Awareness website.
o You can utilized a Govt Provisioned workstation and use the Start Before Login Feature to connect to Shares and
Printers

11. I cant access my Line of Business Applications


o If a Domain authenticated users password expires or is locked the system wont allow you into your normal RAS
account profile, but still allows some access with a default IP which will prevent you from gaining access through a
Ministry defined firewall etc.
You must call the 7-7000 Service Desk at 250-387-7000 or toll free 1-866-660-0811 option 1 if your VPN
account is IDIR Authenticated (or if you dont know) to have your idir id unlocked or password reset.
If your VPN account is SPAN Authenticated you must email or call; [email protected]. (toll-free 1 866
660-0811), option 3. to open a ticket to have your VPN password reset.
You may not have been added to the correct group template when your account was created or you have
transferred to another Branch and not been assigned to the correct group. Call or email the
[email protected]. (toll-free 1 866 660-0811), option 3.
You may have neglected to quit a previous session. If your account was created with a Static IP you will
only be granted access with your specific privileges once, you must ensure you have logged off any
previous connections before you can successfully gain access to your LOB application/data.

12. How do I get the Cisco VPN AnyConnect client?


o Refer to Section 4 for the Cisco Anyconnect on Govt Provisioned mobile workstations.
o If you are using a non-Govt provisioned workstation, and you have administrator privileges, refer to Section 10.

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 15
13. Why does my VPN session Time Out?
o OCIO has implemented a 12-hour session timeout for all Remote Access VPN users, which will result in any user
who has an active VPN session in excess of 12 hours to be disconnected. This feature limits the risk of users
inadvertently forgetting to quite their VPN sessions after conducting their government business.

14. I am using a Government provisioned workstation. How do I get my SPAN/BC network drives or printers?
o If you require the Domain Logon script to run, which will map your corporate shared drives and printers, you will
need to use the Start Before Login feature as in section 6.
o This feature is only available if a specific add-on has been installed. It is not supported on personal workstations.

15. I have a laptop that supports both wireless and wired connections and having problems connecting using the wireless
connection.
o Full details on how to use the wireless feature on a Government Provisioned mobile workstation can be found in
the Mobile Workstation Guide posted in the Remote Access Service Catalogue:

https://ssbc-client.gov.bc.ca/workstations/Mobile_User_Guide.pdf

16. I am using my @home ISP (Internet Service Provider) and having connection issues:
o Ensure your workstation has Internet connectivity by bringing up the browser and opening up a site. If there is no
connectivity, call your provider for assistance.
o Your ISP may have some settings that block certain traffic. If you have connectivity to the network but cannot
connect through VPN, call your provider for assistance on enabling specific traffic to allow the connection.

17. Administrator AnyConnect package message The AnyConnect package on the secure gateway could not be located

o This error is a result of not having the up-to-date revision of the AnyConnect client installed on your personal
workstation. Uninstall any older revisions and install the lastest revision as instructed in section 10. If you are
using an Government Provisioned workstation call 7-7000 Service Desk at 250-387-7000 or toll free 1-866-660-
0811 option 1

18. Administrator Reboot message The secure gateway has terminated the VPN connection
o This error is a result of an emergency reboot to the Remote Access VPN Service. The following are instructions to
reconnect your session:
If youve connected using the Start Before Login; save any open documents to your desktop and log off
your workstation and log in again using the Start Before Login instructions.
If youve connected to your @work workstation using the Remote Desktop Connection; reconnect your
Cisco AnyConnect Secure Mobility Client and establish your RDC session again and all connections to
resources, documents and services should be resumed.
If your on an Government Provisioned workstation and connected using the Cisco AnyConnect Secure
Mobility Client connection, do not restart your workstation, you only need to reconnect and all
connections to resources and services should be resumed.

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 16
19. Secure Access Gateway error message The secure gateway has rejected the connection attempt, No address available for
SVC Connection
o This error is cause when the VPN template/group policy that you have been assigned to has reached maximum
logins. It is recommended you wait for a period of time and try again or open an incident indicating that your
assigned group template has reached maximum logins (no IPs available).

20. Windows 7 Installation error The VPN client agent was unable to create the interprocess communication depot
o This error is caused by Internet Connection Sharing (ICS) being enabled. You can disable ICS:

Click the Start button.


Click on Control Panel.
Click on View Network Status and Tasks
Click on Change adapter settings
Right-click the shared connection and choose Properties
Click the Sharing tab
Clear the Allow other network users to connect through this computer's Internet connection checkbox
Click OK
o You can then try and reinstall the VPN Client again.

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 17
14 CISCO ANYCONNECT SECURE MOBILITY CLIENT FOR DEVICES OTHER TH AN WINDOWS

Cisco AnyConnect VPN Client System Requirements


Please note that OCIO only supports the Cisco AnyConnect Secure Mobility client on Windows platforms. OCIO does not
support any IPSec proprietary clients on any platform, connection will be denied. You must install the Cisco AnyConnect
Secure Mobility Client designed for your devices operating platform.

Linux Versions

Linux Red Hat 6, 7 & Ubuntu 12.04 (LTS),14.04 (LTS), and 15.04 (LTS) (64-bit only)

Linux Requirements

x86 instruction set.


64-bit processor.
32 MB RAM.
20 MB hard disk space.
Superuser privileges are required for installation.
libstdc++ users must have libstdc++.so.6(GLIBCXX_3.4) or higher, but below version 4.
Java 5 (1.5) or later. The only version that works for web installation is Sun Java. You must install Sun Java and configure your
browser to use that instead of the default package.
zlib - to support SSL deflate compression
xterm - only required if you're doing initial deployment of AnyConnect via Weblaunch from ASA clientless portal.
gtk 2.0.0.
gdk 2.0.0.
libpango 1.0.
iptables 1.2.7a or later.
tun module supplied with kernel 2.4.21 or 2.6.

MAC OS X Versions

Mac OS X 10.9, 10.10, and 10.11

Mac OS x Requirements

AnyConnect requires 50MB of hard disk space.


To operate correctly with Mac OS X, AnyConnect requires a minimum display resolution of 1024 by 640 pixels.

Mac OS x Guidelines

Mac OS X 10.8 introduces a new feature called Gatekeeper that restricts which applications are allowed to run on the
system. You can choose to permit applications downloaded from:
o Mac App Store
o Mac App Store and identified developers
o Anywhere
The default setting is Mac App Store and identified developers (signed applications). AnyConnect is a signed application, but it is
not signed using an Apple certificate. This means that you must either select the Anywhere setting or use Control-click to bypass
the selected setting to install and run AnyConnect from a pre-deploy installation. Users who web deploy or who already have
AnyConnect installed are not impacted.

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 18
15 VERSION HISTORY

Document Control/Major Revisions

Date Change Reference

November 2010 Removed Legacy Client Information


August 2011 Updated the VPN client download links
Minor revisions to change WTS references to SSBC
Updated Security Awareness Information, installation instructions. MAC and/or iOS Helpful
Links.
Updated Security Awareness Information as per OCIO recommendations.
November 2011 Updated the VPN client download links to Version 2.5.3055 per service bulletin #292
August 2012 Updated with new RAS Assessment tool, modified for internal publication, minor edits and updated
client software hyperlinks.
April 2013 Updated for Version 3.1.02026
May 2013 Updated for Version 3.1.03103
July 2013 Updated for Version 3.1.04059
November 2013 Updated for Version 3.1.04072
March 2014 Updated for Version 3.1.05152
May 2014 Updated for Version 3.1.05160
July 2014 Updated for Version 3.1.05170
October 2014 Updated for Version 3.1.05182
December 2014 Updated for Version 3.1.05187
January 2015 Updated document hyperlinks
March 2015 Updated document hyperlinks version 3.1.06073
May 2015 Updated Manual Wording and Links
June 2015 Updated for Version 3.1.08009
October 2015 Updated for Version 3.1.11004
January 2016 Updated for WWW2 GUID downloadable links
March 2016 Updated for Version 3.1.13015
July 2016 Updated for Version 4.3.00748
December 2016 Updated for Version 4.3.03086
January 2017 Minor Wording and Link Changes

https://ssbc-client.gov.bc.ca/services/remoteaccess/RemoteAccessUserGuide.pdf Page 19

You might also like