Remote Access VPN Setup Using Hardware Token

Remote Access – VPN Setup Using Hardware Token MWI Animal Health provides remote access to the MWI network using a VPN (virtual private network). Use ...
Author: Helena Morris
5 downloads 1 Views 1MB Size
Remote Access – VPN Setup Using Hardware Token MWI Animal Health provides remote access to the MWI network using a VPN (virtual private network). Use the information on this site to setup and connect to the MWI VPN.

Exception Note: MWI issues software security tokens for use with a mobile device to access the VPN. If you do not have a smartphone or tablet mobile device, you will be issued a physical RSA hardware token device that will generate the passcode you will need to enter to connect to the VPN. Please be aware the hardware token device has a higher cost to MWI and a greater risk of being lost. They are considered an exception and should only be used when there is no alternative.

Before You Get Started: You need the following to setup your VPN access. If you don't have one or more of the items below, contact the Help Desk (1.888.236.5590 or [email protected]) for assistance before you proceed.   

I have a business need for MWI remote access and have security access for it. I have an MWI Windows/network username and password. I have an RSA hardware token.

Steps to Connect: There are three major steps to set up your VPN remote access that will take approximately 10 minutes to complete. Follow the directions for each step carefully to successfully complete the setup.

Step 1: Install Security Software In this step, you will confirm the security software you need on your laptop has been installed. Allow ~1 minute to complete this step.

Confirm security software on your MWI laptop: 1. Your MWI laptop was scheduled to have MWI AnyConnect VPN software automatically installed when you are connected to the MWI network. Confirm you have the software by locating the MWI AnyConnect VPN icon on your desktop or by going to Start > All Programs > Cisco > Cisco AnyConnect Secure Mobility Client. Desktop icon:

Start menu:

2. Open the program. NOTE: You do NOT need to click Connect yet.

3. If the program opens successfully, your laptop is ready. Now let's get your mobile device ready.

IMPORTANT: If you cannot locate the MWI AnyConnect VPN program or it will not open, contact the Help Desk (888.236.5590 or x2940). You need this program installed in order to proceed.

CONGRATULATIONS! You have completed Step 1. Proceed to Step 2 - Setup for the directions to setup your personal security token and PIN you will need to connect to the MWI VPN.

Step 2: Setup Your PIN In this step, you will create a personal PIN which you will use every time you connect to the VPN. You will need to synchronize information between your RSA hardware token and your laptop and go back and forth between the two, so have both devices ready for use before you get started. Follow the directions below closely, as this is the most detailed part of the process. Allow ~10 minutes to complete this step.

1. On your MWI laptop, open the MWI AnyConnect VPN software using the desktop icon or by going to Start > All Programs > Cisco > Cisco AnyConnect Secure Mobility Client.

2. Click Connect. 3.

You will be prompted to enter a passcode.

4. Go to your RSA hardware token and enter the 6-digit code that is currently displaying into the Passcode: field and click OK.

NOTE: If there are two or less dashes displaying to the left of the passcode numbers currently displaying, we recommend you wait until the next passcode displays (every 60 seconds) so there is time for the code to authenticate correctly.

5. You will be prompted to create a new personal PIN that you will enter along with the RSA generated passcode every time you connect to the VPN. Your PIN must (1) contain numbers only, (2) be between 4-8 digits long, and (3) not start with the number 0. Enter your new PIN in the Answer: field and click Continue.

6. You will be prompted to re-enter your new PIN to confirm the digits. Enter your new PIN in the Answer: field again and click Continue.

7. If you entered your new PIN correctly, you will see ‘Your new PIN has been successfully created!’ in the Authentication Message.

IMPORTANT! Now you need to use your PIN + passcode to proceed. 8. Go to your RSA hardware token and wait for the 6-digit code that is currently displaying on your mobile device to change to the next code (within 60 seconds). NOTE: If you try to re-use the code you entered before you created your new PIN, you will get an error. Waiting for the code to change is important!

9. Go to your MWI laptop and enter your new PIN+ the Passcode displaying on the RSA hardware token in the Answer: field in the MWI AnyConnect VPN software.

Your new PIN + Passcode

10. Click Continue. IMPORTANT! If a ‘Login Failed’ or any other error message displays at any point, something went wrong. Contact the Help Desk (888.236.5590 or x2940) for assistance. 11. A security banner will display. Click Accept.

12. You are now temporarily connected to the MWI VPN.

13. Click Disconnect. You have successfully configured your VPN access and will learn how to quickly and securely connect to the VPN next.

CONGRATULATIONS! You have completed Step 2. Proceed to Step 3 - Connect for the directions you will follow to access the MWI VPN from this point forward.

Step 3: Connect to MWI VPN Securely After you have successfully setup your personal PIN, you can connect to the MWI VPN using your RSA hardware token and laptop at any time. Follow the directions below to connect in a few short steps. Allow ~1 minute to complete this step.

1. On your laptop, open the AnyConnect program and click Connect.

2. Enter your PIN+ the Passcode displaying on your RSA hardware token in the Passcode: field and click OK. NOTE: If there are two or less dashes displaying to the left of the passcode numbers currently displaying, we recommend you wait until the next passcode displays (every 60 seconds) so there is time for the code to authenticate correctly.

Your PIN + Passcode

3. An MWI security banner will display. Click Accept.

4. You are now connected to the MWI VPN until you choose to Disconnect, close your laptop, or your connection expires after a long period of inactivity.

IMPORTANT: Use the RSA SecurID/MWI AnyConnect VPN authentication process to connect to the MWI VPN from this point forward. STOP using the previous MWI Network Connection software as it will no longer work when it is retired. You can delete the desktop icon if you prefer (single-click the icon and press Delete on your keyboard). Please contact the Help Desk (888.236.5590 or x2940) if you have any questions or need support.