GFZ employees can connect to our network remotely (e.g. from at home) using VPN. With VPN you gain access to the GFZ Intranet website, central servers and your department's servers.
Prerequisite
To be able to use VPN to access the GFZ network you have to activate VPN on the "Passwords & Services" site on the intranet and have set a domain password.
VPN client
To connect to the GFZ network, you need to install the Cisco Anyconnect Client. Therefore, go to https://asa.gfz-potsdam.de, select "GFZ-Mitarbeiter" and log in with your GFZ account name and domain password, then enter the code from your 2nd factor device.
VPN is only possible via 2-factor authentication (2FA). So you have to register a 2nd factor first.
Only one device can be registered.
Register smartphone as 2nd factor
To use your smartphone for 2FA, you need a 2-factor authentication app. which you can download from the Appstore/Playstore if you have not installed such an app yet.
The following apps have been successfully tested:
- Google Authenticator (Android, iOS)
- Aegis (Android, also in F-Droid)
- Raivo (iOS)
- Authy (Android, iOS)
In the browser, open the website asa.gfz-potsdam.de.
Select the group "GFZ-Mitarbeiter".
A new window will open.
Log in with your user name and domain password.
When you log in for the first time, you will be shown a QR code.
Important. Write down the secret key and the scratch codes in a safe place.
If you lose your smartphone, you will need this information.
Open your 2-factor authentication app on your phone.
In the app, click the "+" icon or "Add Entry" (or similar, depending on the app).
Select QR Code and scan the QR code.
A new entry "GFZ Potsdam: GFZ Single-Sign On" will be added to your authenticator app.
Now click on "Confirm" in the browser-window on your computer.
A new window "Confirm Account Registration" will open.
For "Token", enter the 6-digit code that your Authenticator app displays.
For "Device Name", you can enter any name you want.
("Device Name" means the device you use for the second factor.
For example, you can assign "Smartphone" as name.)
When you're done, click "Register."
Installation
Go to asa.gfz-potsdam.de.
Select "GFZ employees" and click Login.
In the new window, log in with your GFZ username and domain password.
Then enter the code from your 2-factor authentication device.
Click on "Download for Windows" to download the Cisco Any Connect Client.
Double click on the downloaded *.msi file and follow the instructions.
Administrator privileges are required for installation.
How to connect
Open the Start menu and select the Cisco AnyConnect Secure Mobility Client.
Select 'asa.gfz-potsdam.de' and click on 'Connect'.
Select "GFZ-Mitarbeiter" as the group.
In the new window, log in with your GFZ user name and domain password.
Enter the code from your 2-factor authentication device in the "Token" field.
Click on "Log in". The VPN connection is established.
Installation
In case this is the first time you establish a VPN connection via ASA, you need to install the Cisco AnyConnect client.
Go to asa.gfz-potsdam.de.
Select "GFZ employees" and click Login.
In the new window, log in with your GFZ username and domain password.
Then enter the code from your 2-factor authentication device.
Click on "Download for macOS".
Open the downloaded .dmg file and double click on the .pgk file.
Follow the instructions and then click on 'Install'. Enter the password of your Mac.
How to connect
Open the Cisco AnyConnect Client.
Enter "asa.gfz-potsdam.de" as server address and click on "Connect".
Select "GFZ-Mitarbeiter" as the group.
In the new window, log in with your GFZ user name and domain password.
Enter the code from your 2-factor authentication device in the "Token" field.
Click on "Log in". The VPN connection is established.
In your menu bar, you will now find the VPN client icon. Use it to disconnect, reconnect or exit the Cisco AnyConnect Client.
Installation
In case this is the first time you establish a VPN connection via ASA, you need to install the Cisco AnyConnect client.
Go to asa.gfz-potsdam.de.
Select "GFZ employees" and click Login.
In the new window, log in with your GFZ username and domain password.
Then enter the code from your 2-factor authentication device.
Click on "Download for Linux" to download the Cisco Any Connect Client.
Open a terminal and navigate to the downloaded anyconnect-linux64-#.#.#####-core-vpn-webdeploy-k9.sh file.
Run the following command: (Replace the "#" with the actual version number).
sudo bash anyconnect-linux64-#.##.#####-core-vpn-webdeploy-k9.sh
Advice for OpenSUSE
For the graphical user interface of AnyConnect Client the library libpangox.so have to be installed in OpenSUSE. Please install this via Yast if necessary.
ldd /opt/cisco/anyconnect/bin/vpnui
...
libpangox-1.0.so.0 => not found
zypper in libpangox-*
How to connect
Start Cisco AnyConnect.
Enter "asa.gfz-potsdam.de" as the server address and click "Connect".
Select "GFZ-Mitarbeiter" as the group.
In the new window, log in with your GFZ user name and domain password.
Enter the code from your 2-factor authentication device in the "Token" field.
Click on "Log in". The VPN connection is established.
