I recently did some work on an HA Cisco ASA for VPN using the AnyConnect clients. It is a cross platform system that works very well. This system was unique in that it used the very excellent two factor solution from SecureAuth. Using client installed certificates with the AnyConnect client provides a two factor solution that was easy to roll out. Windows, Linux and Mac are supported. I personally use Ubuntu as my desktop of choice, and found that the AnyConnect client installed easily on the 32bit systems. However, on 64-bit Ubuntu there were a few problems that had to be worked around. There are a few sources online for fixes, this is what worked for me. YMMV:
OS: Ubuntu 10.04.1 64bit (also worked on 10.10 64bit):
VPN: Cisco ASA with AnyConnect Essentials
Certificate provider: SecureAuth
I skipping the setup of these two systems, assuming you currently have a working two-factor AnyConnect VPN. SecureAuth and Cisco Anyconnect both provide a web based (ActiveX, FF Plugin, or Java) installation process for your clients. Depending on your setup, you will first install a certificate, and then install the VPN client. Once completed, launching the VPN client will locate your certificate, and prompt you for your password to complete authentication.
However, on Ubuntu 64-bit you will receive a certificate error. The truth is, the certificate is fine, we just need to install some additional packages. The are located in the 32bit version of Firefox though. It is a few technical hoops to jump through, but you are already using Linux as your desktop, so it’s easy:
- Go to firefox.com.
- Download Firefox. The version you want should be a tar.bz file
- Extract it to /usr/local/firefox
Time for the CLI, of course:
sudo apt-get install ia32-libs lib32nss-mdns
cd /usr/local/firefox
sudo ln -s libnss3.so /opt/cisco/vpn/lib/nss3.so
sudo ln -s libplc4.so /opt/cisco/vpn/lib/libplc4.so
sudo ln -s libnspr4.so /opt/cisco/vpn/lib/libnspr4.so
sudo ln -s libsmime3.so /opt/cisco/vpn/lib/libsmime3.so
sudo ln -s libsoftokn3.so /opt/cisco/vpn/lib/libsoftokn3.so
sudo ln -s libnssdbm3.so /opt/cisco/vpn/lib/libnssdbm3.so
sudo ln -s libfreebl3.so /opt/cisco/vpn/lib/libfreebl3.so
sudo ln -s libnssutil3.so /opt/cisco/vpn/lib/libnssutil3.so
sudo ln -s libplds4.so /opt/cisco/vpn/lib/libplds4.so
sudo ln -s libsqlite3.so /opt/cisco/vpn/lib/libsqlite3.so
Go back to Firefox, and browse to your VPN’s URL. The install should connect right away. You will also now have a working client in the Gnome GUI now too.