Cisco Secure Client for Windows

Introduction

The Cisco Secure Client for Windows allows you to access both your VPN and Wireless Network Access in one place. These instructions only apply to Windows Machines. Basic VPN access is still available for Macintosh and Linux, and is documented in the Article - VPN (Virtual Private Networ... (teamdynamix.com).

Network Access Manager

The Network Access Manager is your control panel for connecting to both wired and wireless networks. This overrides the built-in network management in the Windows Operating System. This tool allows you to connect to a wireless network before login so you can use the VPN before the login feature.

There is a built-in profile for ISU-SECURE by default. This will use your username and password at login to connect you automatically on campus to the ISU-SECURE wireless network (You cannot use your email address to login). You can also add your home / hotspot / coffee shop wireless networks through this tool.

When you login to the machine without using the connect before login feature, you will see a Cisco Secure Client window pop up on the screen after logging in that shows authenticating / connecting to the network. This will occur on wired or wireless networks and it is not connecting you to the VPN. You can only connect to the VPN when you manually decide to connect to the VPN.

To open the Network Access Manger, use the instructions above to open the Client Window in the VPN before LOGIN section, or click on the icon on the task bar (shown below) if you are already logged into the machine.

​​​​​​

When you click the dropdown menu to view the network list, if you have previously connected to a wireless network or have multiple wireless networks listed, they will appear like the example below:

If you click on a network you have not previously authenticated, you may prompted to do so. Below is an example of adding a home wireless network:

A fully unknown Wi-Fi network will display a more in-depth configuration.

Please note, this is the same behavior on the “Start Before Login” screens for when connecting to a home network.

Eduroam is a federated authentication service that allows participating institutions to provide access to their wireless networks to users from other eduroam affiliated institutions. If you are  connecting to eduroam, please use the settings below (eduroam is not deployed as a default setup at this time): 

To modify or remove profiles, click on the icon with three lines to the right of the network listed. In the example below, ISU-SECURE and WIRED are administrative and can not be modified by the user. However, eduroam as a user created network can be modified.  

Using the Connect to VPN before Login feature

The Cisco Secure client has a feature to allow a user to connect to the VPN before they login to the workstation. This allows a user who has never been on a machine before to connect to the VPN (assuming all specifications are met for connecting to the VPN - See Article - VPN (Virtual Private Networ... (teamdynamix.com). You can also connect your machine to a remote wireless network / home network through this feature.

  1. On Windows 10 machines, after restarting the computer, you will have a new icon on your desktop on the lower right. The Windows 11 icon is slightly different but in the same location. 

This is the start before you login icon to the Secure Client. 

  1. When you click on this icon, this image will pop up:

Uploaded Image (Thumbnail)

  1. The AnyConnect VPN and Network Access Manager windows will pop up. You can use the Network window to connect your device to any wireless or wired network (see section on using the Network Access Manager below).  Once connected, type vpn.indstate.edu in the AnyConnect VPN window and click Connect and login to the VPN normally. This includes the MFA prompt and phone code. When you login to the VPN the first time, the VPN target is blank, but it will atuomatically display after the first use.

  1. After you connect to the VPN successfully, including the MFA prompt, you will return the Windows login screen and a new “Disconnect from the VPN” icon will be seen in the bottom right.  

 

  1. You may now login to your ISU account as normal on your workstation. You must use your username (not your email address) for this to work. 

    Once you are logged in and all processes are running, you can click on the Secure Client icon in the taskbar:

 

 

You will see a pop up that looks like the following:

Connecting to the VPN

To connect to the VPN as normal after logging into the machine, use the instructions in the Article - VPN (Virtual Private Networ... (teamdynamix.com).

What is Cisco Umbrella?

Cisco Umbrella extends data protection to devices and users anywhere, whether they are on campus or in a remote location.  Domain name servers (DNS) are at the heart of connecting every Internet request. Securing the DNS layer is the first line of defense in blocking malicious domains, IP addresses, botnets, and cloud applications before a connection is ever established.

For more information on Cisco Umbrella, please refer to the Cisco Umbrella KB article: https://indstate.teamdynamix.com/TDClient/1851/Portal/KB/ArticleDet?ID=151560

NEW FEATURES for Windows 

  • VPN Client (rebranded “AnyConnect VPN Client” as “Secure Client”) 

  • Network Access Manager – Allows Cisco product to connect you to the network. 

  • Connect before Login – Allows you to connect to the Wireless and the VPN before you login to the workstation. This tool allows you access on a workstation you've never used previously and it is on our domain. 

  • Minor cosmetic changes to icons and appearance to the product. 

  • System automatically connects to ISU-SECURE on wireless (If applicable) with your Windows credentials and runs the system login scripts. 

  • In testing, the system would take the credentials of an “unknown user” to the system and automatically connect to ISU-SECURE with those credentials and then create the user profile on the device. Additional testing / validation is required.  

KNOWN CAVEATS for Windows 

  • Once this is installed, you will be required to use the Cisco Secure Client from the task bar to connect to wireless networks. You can no longer use the OS. Click on the icon in the task bar, in the network section, select the available desired network. Known networks previously configured will show up in bold. You can manage network connections from the menu to the right.  

  • ISU-SECURE is predefined to use your ISUAD credentials for login. When logging into the device with the single sign on (SSO) setup, it will automatically attempt to login to ISU-SECURE on wireless. Presently, it will not accept email addresses for the client login.  

  • You cannot connect to the ISU-SECURE or eduroam networks while on campus before you login mode. They will not show up in the pre-login window.  

  • If you travel with your device, you will need to manually configure eduroam (see instructions above). 

  • When you login to your Windows machine, a Cisco Secure Client window will pop up. This is the client connecting you to the network either wired or wirelessly. VPN access is only done when initiated by the user.  

Additional Resources

Contact the Technology Support Center at 812-237-2910 if you need further assistance.

Print Article

Related Articles (2)

Following these instructions you should be fully connected to the VPN appliance.
Staff and faculty who are working from home or off campus may need to connect to resources that are only available from on campus, such as the L: Drive. Connecting to the VPN provides a secure and easy-to-use method for connecting to the campus network.

Related Services / Offerings (4)

Several technical issues may arise when traveling internationally. If you are leaving the country and plan to access any ISU resources, we recommend you allow us to check for conflicts.
Assistance with connecting to the ISU Network via wireless, wired, or Virtual Private Network (VPN) connection.
Networking Consultation to facilitate system and device best practices for business use cases or for devices being connected to the network.
Request an "Affiliated" University Account for someone that is not an employee or student.