AnyConnect VPN FAQ

A VPN or Virtual Private Network allows you to establish a secure connection to another network. At MSU, a VPN connection is required to access many resources on the campus network (like Opal, Sympa list server, etc.) when you are off-campus so the servers remain secure. All MSU faculty, students, and staff in good standing can use the MSU VPN.

MSU's VPN  is Cisco AnyConnect. The Cisco AnyConnect Secure Mobility client is available for almost all devices and platforms and will allow more MSU employees to work securely from any location at any time.

Yes, you will need to download the AnyConnect Secure Mobility Client. Please visit  http://www.montana.edu/uit/computing/desktop/vpn/index.html for instructions.

Yes, the AnyConnect client needs admin rights to be installed, however subsequent updates will not need them. If you do not have admin privileges on your computer please contact your Departmental IT staff or the MSU Service Desk (994-1777 or [email protected]) for installation assistance.

Yes, you must contact the UIT Service Desk to request access in addition to downloading the new AnyConnect Client .  Contact the Service Desk at 994-1777 or [email protected].

Yes, your VPN connection will timeout after 30 minutes of inactivity. As long as the VPN tunnel is being used you will stay connected.

The only exception is for the ADMIN-VPN, which does not timeout due to inactivity.

A VPN Tunnel is an encrypted communication between two devices. The network device is commonly a firewall as it is in our case. We have a Cisco ASA for our network device. The client device is commonly yourlaptop or phone with the client software installed. The tunnel is created when the client device initiates a connection to the firewall. This connection is now like a virtual wire going through the internet to build a connection to network resources behind the firewall. 

 

The VPN is setup as a Split Tunnel this configuration was a group decision from the VPN working Group. The Split Tunnel is setup to only route traffic through the VPN Tunnel that is destined for MSU network resources, all other traffic will go out your regular internet connection.

When this happens it is likely because the In Common Intermediate Certificate needs to be "trusted". When the error pops up, you will need to "trust" the certificate. Depending on your situation, you may have to check a box to "Always trust this..." And/or also click a button to Connect Anyway or Always Connect.

Reboot (restart) the computer. This will log out all of the other users who are logged into the computer.  You'll then be able to log back in and connect. 

To access local resources, like your home printer while at home and connected to MSU through the full tunnel VPN  (the MSU-Employee-full group), make this change to the AnyConnect client on your computer before connecting.

1. Open the AnyConnect Secure Mobility Client and click Settings icon in lower-left corner as shown in image below.
   
2. If on Windows, select Preferences tab. On Mac go directly to step 3.
3. Check box next to Allow local (LAN) access when using VPN (if configured),  then close box. 
   

Now when you connect to MSU-Employee-full group of VPN you will have access to local as well as MSU resources. 

Please note that this will not work if you are connecting from a large segmented network like the MSU campus network, you will only have access to resources in the same VLAN.