Virtual Private Network (VPN) Guide

SF State provides a secure VPN for faculty and staff to access protected on-campus resources.

 

Please note, this document pertains to the new VPN serving being rolled out Summer 2016. If you experience issues, please report them to service@sfsu.edu and/or review the previous VPN Guide.


VPN Security Groups

Current faculty and staff are automatically included in the FACULTY-STAFF security group. For access to other groups, the SF State Virtual Private Network (VPN) Account Authorization form should be completed.

VPN Security Groups
Security Group Level Group Name  Access
11 FACULTY-STAFF  General access to campus resources from outside the campus firewall
10 GROUP-3rdPARTY  3rd party vendors needing access to specific campus resources
9 GROUP-AT  Access to Academic Technology resources
8 GROUP-CMS  Access to the Campus Management Solution resources
7 GROUP-CMS-TEST  Access to the Campus Management Solution Testing resources
6 GROUP-HSS  Access to Health and Social Sciences resources
5 GROUP-ITS  Access to Information Technology Services resources
4 GROUP-L1  Access to Level 1 data protected resources
3 GROUP-L1-LTD  Access to Limited Level 1 data protected resources
2 NETWORKS  Access to campus Network resources
1 SYSTEMS  Access to campus Systems resources

 

NOTE: A SF State ID is required to use VPN. For vendors who do not have a SF State ID, the sponsoring department should contact Human Resources for Community Member credentials before completing the SF State Virtual Private Network (VPN) Account Authorization form on the vendor's behalf.

 

AnyConnect VPN for Windows

Install AnyConnect for Windows

  1. Download the AnyConnect VPN Windows Installer
  2. Double click the downloaded file to launch the installer
  3. Click Next
  4. Accept the License Agreement and click Next
  5. Click Install
  6. If required, enter Administrator credentials
  7. When the install is complete, click Finish

Run AnyConnect for Windows

  1. Launch the installed Cisco AnyConnect Secure Mobility Client application
  2. Enter vpn.sfsu.edu in the Connect box and click Connect
    AnyConnect Server Screenshot
  3. Select the lowest Group for which you have credentials from the Group pulldown (Note: If you have access to multiple groups, selecting a higher group will result in login failure)
  4. Enter your SF State ID
  5. Enter your SF State Password
    AnyConnect Credentials Screenshot
  6. Users in groups requiring Duo Authentication, complete your Duo Authentication/Second Password
  7. Click OK

Note: When connected, the AnyConnect icon will appear in the system tray (area by the clock). To disconnect, right click the icon and select VPN Disconnect.

Windows AnyConnect Icon Screenshot

 

AnyConnect VPN for Mac

Install AnyConnect for Mac

  1. Download the AnyConnect VPN Mac Installer
  2. Double click the downloaded file to open the virtual drive
  3. Double click the included installer file, AnyConnect.pkg
  4. Click Continue
  5. Click Continue
  6. Click Agree
  7. Uncheck Web Security and Posture, then click Continue
  8. Click Install
  9. If required, enter Administrator credentials
  10. When the install is complete, click Close

Run AnyConnect for Mac

  1. Launch the installed Cisco AnyConnect Secure Mobility Client application
  2. Enter vpn.sfsu.edu in the Connect box and click Connect
    Mac Anyconnect Server Screenshot
  3. Select the lowest Group for which you have credentials from the Group pulldown (Note: If you have access to multiple groups, selecting a higher group will result in login failure)
  4. Enter your SF State ID
  5. Enter your SF State Password
    Mac AnyConnect Login Screenshot
  6. Users in groups requiring Duo Authentication, complete your Duo Authentication/Second Password
  7. Click OK

Note: When connected, the AnyConnect icon will appear in the Apple menu bar (by the clock). To disconnect, click the icon and select Disconnect.

Mac AnyConnect Icon

 

AnyConnect VPN for iPhone/iPad

Install AnyConnect for iPhone/iPad

  1. Open the App Store app
  2. At the bottom of the App Store screen, click on Search, and type Cisco AnyConnect in the search box. When it appears in the list, tap Cisco AnyConnect
  3. Tap Get, then tap Install to download the Cisco AnyConnect app
  4. When prompted, enter your Apple ID & Password
  5. Once the application is installed, tap Open to open the application
  6. Tap OK when prompted that Cisco AnyConnect will extend the VPN capabilities of your device
  7. Tap Connections
  8. Tap Add VPN Connection...
  9. Enter a description (e.g., SF State VPN)
  10. Enter vpn.sfsu.edu as the Server Address
  11. Tap Save

Run AnyConnect for iPhone/iPad

  1. Open the AnyConnect App
  2. Toggle the AnyConnect On/Off to On
  3. Select the lowest group for which you have credentials from the GROUP menu (Note: If you have access to multiple groups, selecting a higher group will result in login failure)
  4. Duo Authentication users: If you use the same iPhone/iPad for Duo, get your Duo credential before entering your ID and Password
  5. Enter your SF State ID
  6. Enter your SF State Password
  7. Users in groups requiring Duo Authentication, complete your Duo Authentication/Second Password
  8. Click Connect
  9. To disconnect, toggle the AnyConnect On/Off to Off

 

Run AnyConnect VPN from your Browser

Running AnyConnect from a browser is not recommended but is available for software downloads and Duo enrollment/account updates.

  1. Navigate your Web browser to https://vpn.sfsu.edu
  2. Select the lowest group for which you have credentials from the GROUP pulldown (Note: If you have access to multiple groups, selecting a higher group will result in login failure)
  3. Enter your SF State ID
  4. Enter your SF State Password
  5. Users in groups requiring Duo Authentication, complete your Duo Authentication/Second Password
  6. Click Login
  7. Depending on your browser settings, you may see a Java warning. Allow the Java applet to run
  8. Click Run
  9. If required, enter Administrator credentials
  10. Outcomes:
    • You are connected and can see the conformation message: You are all set to use the VPN connection
    • You are connected but the Web page says it was unsuccessful: You are all set to use the VPN connection, the message can be ignored
    • You are NOT connected and the Web page says it was unsuccessful: Complete a manual installation and connection of the client

Note: Connection status can be found by hovering over the AnyConnect icon in the system tray (Windows) or Apple menu bar (Mac).