Remote Access (VPN)

GFZ employees can connect to our network remotely (e.g. from at home) using VPN. With VPN you gain access to the GFZ Intranet website, central servers and your department's servers.

Prerequisite

To be able to use VPN to access the GFZ network you have to activate VPN on the "Passwords & Services" site on the intranet.

VPN client

To connect to the GFZ network, you need to install the Cisco Anyconnect Client. Therefore, go to https://asa.gfz-potsdam.de, select "GFZ-Mitarbeiter" and enter your username and password. The installation will start automatically.

Installation

In case this is the first time you establish a VPN connection via ASA, you need to install the Cisco AnyConnect client. Therefore, go to https://asa.gfz-potsdam.de. As GROUP select 'GFZ-Mitarbeiter', enter your username and password and click on 'Login'.

Fig. 1: Website asa.gfz-potsdam.de

The client will try to install automatically.

Fig. 2: Automatic installation

Click on 'Download' and in the next window on 'Execute'. After the installation process is complete, the connection will be established automatically.

Fig. 3: Automatic connection

How to connect

Open the client under Start -> Programs -> Cisco AnyConnet Secure Mobility Client

Fig. 4: Open Cisco AnyConnect

Select 'asa.gfz-potsdam.de and click on 'Connect'. A new window will open. Select 'GFZ-Mitarbeiter' as group and enter your username and password. Click on 'OK' and the connection will be established.

Fig. 5: Enter login data

Installation

In case this is the first time you establish a VPN connection via ASA, you need to install the Cisco AnyConnect client. Therefore, go to https://asa.gfz-potsdam.de. As GROUP select 'GFZ-Mitarbeiter', enter your username and password and click on 'Login'.

Fig. 1: Website asa.gfz-potsdam.de

The client will try to install automatically.

Fig. 2: Automatic installation

If the automatic installation fails, the Cisco AnyConnect Client is offered for manual installation. Click 'AnyConnect VPN' to start the download.

Fig. 3: Manual installation

How to connect

Open the Start menu and select the Cisco AnyConnect Secure Mobility Client.

Fig. 4: Open Cisco AnyConnect

Select 'asa.gfz-potsdam.de' and click on 'Connect'.

Fig. 5: asa.gfz-potsdam.de

A new window will open. Select 'GFZ-Mitarbeiter' as group and enter your username and password. Click on 'OK' and the connection will be established.

Fig. 5: Enter login data

Installation

In case this is the first time you establish a VPN connection via ASA, you need to install the Cisco AnyConnect client. Therefore, go to https://asa.gfz-potsdam.de. As GROUP select 'GFZ-Mitarbeiter', enter your username and password and click on 'Login'.

Fig. 1: Website asa.gfz-potsdam.de
Fig. 2: Automatic installation

The client will install automatically. Click on "Allow".

Fig. 3: Allow installation

Enter the login password of your Mac account to begin the installation.

Manual Installation

Fig. 4: Download the VPN Client

It may occur, that the manual installation cannot be performed. In that case, you can download the installer.

Open the downloaded .dmg file and double click on the .pgk file.

Fig. 5: Image content

After you have followed the instructions of the installer, close the installer.

Fig. 6: Successful installation

How to connect

Start the Cisco AnyConnect Client via Launchpad.
Enter "asa.gfz-potsdam.de" as server address and click on "Connect".

Fig. 7: Connect

Select "GFZ-Mitarbeiter" as group and enter your username and password.

The connection will be established.

Fig. 8: Authentification

You can choose one of the following VPN clients.

  • Cisco AnyConnect
  • Openconnect

Installing and Using Cisco AnyConnect

In case this is the first time you establish a VPN connection via ASA, you need to install the Cisco AnyConnect client. Therefore, go to https://asa.gfz-potsdam.de. As GROUP select 'GFZ-Mitarbeiter', Enter your username and password and click on 'Login'.

Fig. 1: Website asa.gfz-potsdam.de

The client will install automatically. Click on 'Download' and follow the instructions on your display.

Fig. 2: Automatic installation

In case the automatic installation is not possible, click on the link below 'Install using the link below' and save the shell script on your hard disk.

Fig. 3: Manual installation

Open a terminal and change into the directory where you saved the script. Execute the script as root:

 

chmod +x vpnsetup.sh 

sudo ./vpnsetup.sh

Fig. 4: Installation via terminal

Open the VPN client under Applications → Internet → Cisco AnyConnect Secure Mobility Client. Next to 'Connect to', enter 'asa.gfz-potsdam.de', choose 'GFZ-Mitarbeiter' as group and enter your username and password. Click on 'Connect'.

Fig. 5: Enter login data

The connection is now established.

Installing and Using Openconnect

OpenConnect can be used as an alternative for the Cisco AnyConnect Client.

Open a terminal window and run the following command as root:

On Ubuntu machines:

apt-get install openconnect

On Suse machines:

zypper in openconnect

OpenConnect has to be run as root.

On Ubuntu machines:

openconnect --script=/usr/share/vpnc-scripts/vpnc-script --authgroup=GFZ asa.gfz-potsdam.de

On Suse machines:

openconnect --script=/etc/vpnc/vpnc-script --authgroup=GFZ asa.gfz-potsdam.de

Enter your username and password when prompted. The connection will now be established.

You can interrupt the connection by pressing CTRL+C.

To run the program in background add "-b" to the start command you can find above. To kill the process use the following command:

kill -HUP <pid>

Installation

For android and apple devices, Cisco Systems, Inc. provides the app 'Cisco AnyConnect'. Download and install the app from the App Store (iOS) or Google Play Store (Android).

Fig. 1: App installation

Open the Cisco AnyConnect App.

To configure a new connection, tap on "Connection" and then on "Add New VPN Connection".

Enter "asa.gfz-potsdam.de" as server address and tap on "Done".

Fig. 2: App configuration

Set the AnyConnect VPN Switch from "Off" to "On".

Choose "GFZ-Mitarbeiter" as Group and enter your username and password. Click on "Connect".

Fig. 3: Authentication

Contact

Helpdesk (IT-Support)
+49 331 288 2845
Profile