End-of-Sale and End-of-Life Announcement for the Cisco AnyConnect Secure Mobility Client Version 3.x. End-of-Sale and End-of-Life Announcement for the Cisco AnyConnect Essentials, Mobile, Phone, Premium, Shared Premium, Flex, Advanced Endpoint Assessment, and FIPS Client Licenses. Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.5. Deploy AnyConnect. PDF - Complete Book (6.47 MB) PDF - This Chapter (1.53 MB).
AnyConnect Plus/Apex licensing and Cisco head-end hardware is required. The application is not permitted for use with legacy licensing (Essentials or Premium PLUS Mobile). AnyConnect may not be used with non-Cisco hardware under any circumstances. Click the AnyConnect VPN link to download the file, which should be named anyconnect-win-4.5.02036-core-vpn-webdeploy-k9.dmg. Find the file in the Downloads folder, then click it to open the file. Double-click the file displayed, which is named anyconnect-win-4.5.02036-core-vpn-webdeploy-k9.pkg. AnyConnect Pre-Deployment Package (Mac OS) Login and Service Contract Required. Application Programming Interface API (Mac OS) Login and Service Contract Required.
Note: This is a local copy of Steve Grandi's instruction file here: http://www.noao.edu/cis/login/anyconnect-vpn.html
DOWNLOADS (Version 4.5.03040):
Note: This software can be downloaded multiple times and does not limit the number of downloads. Download AnyConnect 4.8.00175 for Mac (Last updated 10/8/2019).
If you need downloads for other versions, please see Steve's links below.
Cisco AnyConnect VPN clients; Steve Grandi, 01/08/18
1) Introduction
At NOAO-Tucson, we use the Cisco AnyConnect system for remote access to our network via individual VPN tunnels. A Cisco ASA 5512-X (Adaptive Security Appliance) unit is installed in out network to handle connections over the Internet. Staff use clients, formally known as the AnyConnect Secure Mobility Client, which are installed on their 'remote' computers to establish encrypted VPN tunnels with the ASA.
Staff use their AD (Active Directory) credentials (which are also used for the NOAO-Tucson email system and the 'inside' NOAO-WiFi wireless system) to authenticate their identity with the ASA. Best torrent client ubuntu 20 04. Staff are assigned to various 'classes' (such as CIS, LSST or DKIST) which we are used for implementing 'Security Domains' which restrict some classes to isolated portions of our network.
1.0) AD Passwords and 2FA
You need a username/password for an AnyConnect VPN connection. We use the same Single Sign-On AD password scheme for AnyConnect as we do for the NOAO-WiFi system and for the email system. Password guidelines may be found here.
As of December 2, 2017, a '2-factor authentication' (2FA) step (through Duo Security) was added to the Tucson AnyConnect login. Please read about 2FA here and here.
1.1) Open Source Alternative for Linux
A report from Erik Johansson:
----------------------------------------------------------------------------
You may already know this, but there is an open source VPN client for Linux
that supports the Cisco AnyConnect VPN: openconnect (see:
http://www.infradead.org/openconnect/). It is in the ubuntu repository, so
I imagine it is in Fedora and Red Hat as well.
I just installed it and it seems to work fine. The nice thing is that it
integrates into the gnome network manager so that I can activate it by
bringing up the network-settings menu from the system tray network icon as
opposed to running the separate Cisco app.
----------------------------------------------------------------------------
Erik prepared a set of installation instructions which can be found here.
I successfully installed the Openconnect client on a laptop running Linux Mint 12 and connected with anyconnect.noao.edu. I had to install a Certificate as per the instructions in Section 2.2.1 below.
Cisco Anyconnect 4 5 Download Free
1.2) Anyconnect on 'gadgets'
An anyconnect client is available for IOS devices: iPhone, iPad, iPod Touch. Search the App store for 'anyconnect.'
Anyconnect clients are available for many Android phones and tablets. Kindle Fire and Samsung devices both feature clients in their respective App stores. Also, for Android devices running ICS (4.0) or above, there is a generic package called AnyConnect ICS+. Again, consult the App stores.
Anyconnect is not (yet?!?) available on Windows 8 RT.
2) Installing and Using the Cisco anyconnect Client
Browse to the following directory:
and grab the appropriate file (note that Cisco has changed the form of the filenames from previous versions):
anyconnect-macos-4.5.03040-predeploy-k9.dmg
anyconnect-win-4.5.03040-core-vpn-predeploy-k9.msi
anyconnect-linux64-4.5.03040-predeploy-k9.tar.gz
There are other versions of the software in the FTP area other than those mentioned above: don't use them without consulting me first!
Due to a security problem, all versions of the AnyConnect Client for Windows and MacOS prior to version 4.3 have been deprecated. If you connect to the AnyConnect server through a Windows or Mac system with any earlier version, you will be be automatically updated to version 4.3.04027. If the OS version running on your PC or Mac does not support this version of AnyConnect, I believe, from anecdotal evidence, that bad things will happen and you will be out of luck (I don't have old enough OS versions to test this on).
Linux users are on their own as regards to security issues. AnyConnect will insist on a version equal to or higher than 3.1.14018, however.
The MacOS 4.5.03040 package is for 10.11 (El Capitan), 10.12 (Sierra) and 10.13 (High Sierra) systems only. 10.10 (Yosemite) users can use the 4.4.01054 distribution and 10.9 (Mavericks) users can install the 4.3.04027 distribution, but one of these days security issues will no doubt force us to require a later AnyConnect version: So upgrade your Mac to a newer version of MacOS!
10.5 (Leopard), 10.6 (Snow Leopard), 10.7 (Lion) und 10.8 (Mountain Lion) users are out of luck, as are PowerPC Mac users.
The Windows package supports Windows 10, 8, 8.1 and 8.1 Update 1 (both 32 and 64 bit) and Win7 (both 32 and 64 bit). WinXP and WinVista are no longer supported.
AnyConnect version 4 has abandoned the 32-bit Linux distribution. Version 4.5 is officially supported on Red Hat 6 & 7 (hence CentOS 6 & 7) and Ubuntu 14.04(LTS) and 16.04(LTS). Version 4.4 is officially supported on Red Hat 6 & 7 (hence CentOS 6 & 7) and Ubuntu 12.04(LTS), 14.04(LTS) and 16.04(LTS).
The AnyConnect 3.1 Linux package is 'guaranteed' to run on Ubuntu 9.x, 10.x, 11.x and 12.x and on RedHat RHEL 6 Desktops. I can verify that it installs and runs on Ubuntu 9.04/32, 9.10/32-bit, on CentOS 5.4/32bit and Linux Mint 12 (64 bit). Use the -linux_64- file for 64-bit Linux installations.
2.1) MacOS
Install this program on your Mac from the downloaded .dmg disk image (click on the .dmg in the Finder 'Downloads' window and then click on the AnyConnect.mpkg icon in the window that pops up). Accept the defaults and acknowledge the legalese during the installation.
When you are asked what components to install, uncheck everything except the VPN component.
If you are running Mountain Lion (Mac OS 10.8) or later, there is one complication that you have to deal with first. Go to System Preferences -> Security & Privacy -> General. You will have to click on the Lock and enter the Admin password. Now, under 'Allow applications downloaded from:', click the circle next to 'Mac App Store and Identified Developers.'
Note that if you are running a version of the AnyConnect client that is earlier than 4.3.04027, the next time you connect, the AnyConnect server will upgrade the client on your remote computer to this version. This has casued issues in the past: if things go pear-shaped for you: pleae let us know!
Fire up the newly-installed program (it will be installed as Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app). A panel labeled 'Cisco AnyConnect Secure Mobility Client' will appear.
On the top-of-the-screen bar (next to the Apple symbol), click on 'Cisco AnyConnect Secure Mobility Client' and then click on 'Preferences.' In the Preferences Pane that pops up, Click on 'Enable local Lan Access (if Configured).' In fact, you probably want to check all the preferences in the pane.
Back in the 'Cisco AnyConnect Secure Mobility Client' panel, you will see a blank box labeled 'Connect To.' Type 'anyconnect.noao.edu' in the box, highlight the entry with the mouse, and hit the 'Connect' button. Eventually you will be asked for your username and password.
If your credentials are accepted, a box will appear on your screen that says 'Welcome to NOAO-Tucson's VPN remote-access system (Authorized Users Only!). You are in the CIS Group.' Of course, your assigned group will appear instead of CIS. Hit the 'Accept' button and the system will cogitate for a bit.
You should now be connected on the internal NOAO-Tucson network! An icon (looks like a globe with a lock) will be present on the top-of-the-screen bar that you can use to disconnect the connection, show statistics or quit the VPN client.
Note an 'uninstall' application is located in the 'Cisco' tab in the Applications folder.
2.2) Linux
Note the alternative program 'openconnect' discussed above.
(As performed on my Asus EEE PC901 netbook running Ubuntu 9.10/32-bit)
Using Firefox, download the the .tar.gz file, use tar to uncompress and untar the ciscovpn directory. cd into ciscovpn and run 'sudo vpn_install.sh'. Lots of legalese should appear followed by a cryptic 'Done!'.
Fire up the program via Applications -> Internet -> Cisco AnyConnect VPN Client. A panel will appear and a new icon will appear in the Notification area. Put anyconnect.noao.edu in the 'Connect To:' box in the panel. Click on the 'gears' symbol to the right of the 'Connect To:' box and check the box for 'Enable local LAN access (if configured)' and hit the Close button.
Now enter your Username and Password in the appropriate boxes, and hit the 'Connect' button. When the conection takes place, the panel will disappear and the icon will change shape and show a padlock. Left-clicking the icon will bring up a statistics panel. Right-clicking the icon will bring up a menu and allow you to disconnect.
In a non-Ubuntu system, to fire up the connection, type in a terminal window
/opt/cisco/vpn/bin/vpn connect anyconnect.noao.edu
You will be prompted for your username and password and see lots of funky output.
Cisco Anyconnect 4.5 Download Mac
You should now be connected on the internal NOAO-Tucson network!
/opt/cisco/vpn/bin/vpn disconnect
will disconnect the VPN.
Anyconnect For Mac Download
2.2.1)
If you get an error message about 'problem with a Certificate', then you need to do the following:
grab ftp://ftp.noao.edu/pub/grandi/GeoTrust-root-cert.pem and put this file in ~/.cisco/certificates/ca/ (which you will have to create).
I had to do this on a CentOS 5.4 system but not on Ubuntu 9.04 or 9.10.
2.3) Windows
Download the .msi file, double click on it, agree that it is safe to run, accept the license, and complete the install. Find the newly installed program at Programs -> Cisco AnyConnect Secure Mobility Client and run it. In the pane that appears, click on the Preferences icon (looks like a pair of gears) and click on 'Enable local Lan Access (if Configured)' and hit the 'OK' button. Type 'anyconnect.noao.edu' into the box and hit the 'Connect' button. You will be prompted for your username and password.
If your credentials are accepted, a box will appear on your screen that says 'Welcome to NOAO-Tucson's VPN remote-access system (Authorized Users Only!). You are in the CIS Group.' Of course, your assigned group will appear instead of CIS. Hit the 'Accept' button and the system will cogitate for a bit.
You should now be connected on the internal NOAO-Tucson network! An icon for the VPN client will appear in the Windows icon area (you will probably have to unhide it first) that you can use to disconnect and/or quit the client.
Note that if you are running a version of the AnyConnect client that is earlier than 4.3.04027, the next time you connect, the AnyConnect server will upgrade the client on your remote computer to this version. This has casued issues in the past: if things go pear-shaped for you: pleae let us know!
Anyconnect For Mac Os
Imagine taking your corporate laptop and smartphone to wherever you feel most comfortable: public transport, a coffee shop, or a swanky hotel conference room. These are all public spaces where your personal information is at risk. When you jump unto an open WiFi connection, your device is exposed to possible phishing scams and data breaches. Instead of being confined to your desk, check out Cisco AnyConnect and experience freedom in working here and there, and everywhere. The infinite protection was created to ensure your organization is safe and protected no matter where you are. As a unified security endpoint agent, it delivers multiple security services for all. It has a wide range of security services like remote access, posture enforcement, web security features, and roaming protection. Overall, it has all the features necessary to provide a heavily-armed and highly secure experience for any user.
Gold-standard in cyber security
Protect yourself from hacking and data breaches with the best cyber security program available today
The Cisco AnyConnect Secure Mobility Client has raised the bar for end users who are looking for a secure network. No matter what operating system you or your workplace uses, Cisco enables highly secure connectivity for every device. As a mobile worker roaming to different locations, the always-on intelligent VPN efficiently adapts to a tunneling protocol. For example, AnyConnect’s Datagram Transport Layer Security (DTLS) thrives in offices that are constantly on VoIP applications. The impenetrable security keeps all your calls, messages, and files safe from outsiders. In AnyConnect version 4.4, you’ll experience a wide range of endpoint security services and streamlined IT operations from a single unified agent. Achieve tighter security controls and enable direct, highly secure, per-application access to corporate resources in Cisco’s mobile per-application VPN services. Trust AnyConnect’s strong compliance capabilities to block an endpoint’s compromised state and isolating the integrity of your company’s network. This is possible because of the software’s endpoint posture assessment and remediation capabilities of wired, wireless and VPN environments that are in conjunction with Cisco Identity Services Engine 1.3. Any out-of-compliance endpoints get automated remediation actions or commands based on policy requirements.
Anyconnect 4.5 Download Mac High Sierra
Work anywhere
Monitor endpoint application usage both on an off-premises with AnyConnect’s Network Visibility Module. Whether you use Windows or Mac OS X platforms, you can uncover potential behavior anomalies. It will assist you to make more informed network and service design decisions, which is always of big help. You can also share rich contextual data from the AnyConnect Network Visibility Module to the growing number of Internet Protocol Flow Export (IPFIX)-capable network-analysis tools. Of course, the AnyConnect client offers basic web security and malware threat defense. Choose from any of the built-in features like the premise-based Cisco Web Security Appliance, cloud-based Cisco Web Security, or Cisco Umbrella Roaming. Along with remote access, the comprehensive and highly secure enterprise mobility solution automatically blocks phishing and command-and-control attacks. Work in a protected and productive work environment by operating with consistent, context-aware security policies.
Connect with Ease
AnyConnect 4.4 offers simplified licensing to meet your company’s needs. The AnyConnect Plus includes basic VPN services such as device and per-application VPN, trusted network detection, basic device context collection, and Federal Information Processing Standards (FIPS) compliance. This plan also offers non-VPN related services like AnyConnect Network Access Manager, Cloud Web Security module, and the Cisco Umbrella Roaming module. The second and more advanced offer is AnyConnect Apex. This plan includes more advanced cybersecurity measures like endpoint posture checks, network visibility, next-generation VPN encryption, and clientless remote access VPN.
Whether you choose the Plus or Apex plan, Cisco guarantees that both licenses eliminate the need to purchase per headend connections and dedicated license servers. You must also think that Apex offers all Plus license functionality. In this case, only one type of license is required for each user. This model lets you design and combine license tiers in one network, shifting licensing from simultaneous connections to total unique users.
Where can you run this program?
AnyConnect version 4.4 is compatible with these operating systems and requirements: Windows, Mac, Android and iPhone
Is there a better alternative?
Cisco AnyConnect is an unbeatable provider of cybersecurity. But, creating your best work often needs strong, reliable and fast WiFI. With IPVanish, you can get the best of both worlds. Enjoy high-speed internet in a secure and private connection with this virtual private network app. The VPN service assures you that all your devices are protected from outside computers, smartphones, and routers. Their 360-degree approach to protection keeps you safe from hackers and snoopers, and at the same time, offers unlimited bandwidth on all platforms. This is a perfect match for you if you need supreme internet connectivity and cyber security.
Our take
Cisco AnyConnect Secure Mobility is a great solution for creating a flexible working environment. Work anywhere on any device while always protecting your interests and assets from Internet-based threats. Its availability does depend on Cisco hardware, but it is a minor-added expense to the safest cyber security network available today.
Should you download it?
Yes. It is an excellent investment, and definitely worth downloading to your smartphone and PC.
Cisco Anyconnect Mac Os Download
4.7.04056
Note: This is a local copy of Steve Grandi's instruction file here: http://www.noao.edu/cis/login/anyconnect-vpn.html
DOWNLOADS (Version 4.5.03040):
If you need downloads for other versions, please see Steve's links below.
Cisco AnyConnect VPN clients; Steve Grandi, 01/08/18
1) Introduction
At NOAO-Tucson, we use the Cisco AnyConnect system for remote access to our network via individual VPN tunnels. A Cisco ASA 5512-X (Adaptive Security Appliance) unit is installed in out network to handle connections over the Internet. Staff use clients, formally known as the AnyConnect Secure Mobility Client, which are installed on their 'remote' computers to establish encrypted VPN tunnels with the ASA. Easeus data recovery for mac full.
Staff use their AD (Active Directory) credentials (which are also used for the NOAO-Tucson email system and the 'inside' NOAO-WiFi wireless system) to authenticate their identity with the ASA. Staff are assigned to various 'classes' (such as CIS, LSST or DKIST) which we are used for implementing 'Security Domains' which restrict some classes to isolated portions of our network.
1.0) AD Passwords and 2FA
You need a username/password for an AnyConnect VPN connection. We use the same Single Sign-On AD password scheme for AnyConnect as we do for the NOAO-WiFi system and for the email system. Password guidelines may be found here.
As of December 2, 2017, a '2-factor authentication' (2FA) step (through Duo Security) was added to the Tucson AnyConnect login. Please read about 2FA here and here.
1.1) Open Source Alternative for Linux
A report from Erik Johansson:
----------------------------------------------------------------------------
You may already know this, but there is an open source VPN client for Linux
that supports the Cisco AnyConnect VPN: openconnect (see:
http://www.infradead.org/openconnect/). It is in the ubuntu repository, so
I imagine it is in Fedora and Red Hat as well.
I just installed it and it seems to work fine. The nice thing is that it
integrates into the gnome network manager so that I can activate it by
bringing up the network-settings menu from the system tray network icon as
opposed to running the separate Cisco app.
----------------------------------------------------------------------------
Erik prepared a set of installation instructions which can be found here.
I successfully installed the Openconnect client on a laptop running Linux Mint 12 and connected with anyconnect.noao.edu. I had to install a Certificate as per the instructions in Section 2.2.1 below.
1.2) Anyconnect on 'gadgets'
An anyconnect client is available for IOS devices: iPhone, iPad, iPod Touch. Search the App store for 'anyconnect.'
Anyconnect clients are available for many Android phones and tablets. Kindle Fire and Samsung devices both feature clients in their respective App stores. Also, for Android devices running ICS (4.0) or above, there is a generic package called AnyConnect ICS+. Again, consult the App stores.
Anyconnect is not (yet?!?) available on Windows 8 RT.
2) Installing and Using the Cisco anyconnect Client
Browse to the following directory:
and grab the appropriate file (note that Cisco has changed the form of the filenames from previous versions):
anyconnect-macos-4.5.03040-predeploy-k9.dmg
anyconnect-win-4.5.03040-core-vpn-predeploy-k9.msi
anyconnect-linux64-4.5.03040-predeploy-k9.tar.gz
There are other versions of the software in the FTP area other than those mentioned above: don't use them without consulting me first!
Due to a security problem, all versions of the AnyConnect Client for Windows and MacOS prior to version 4.3 have been deprecated. If you connect to the AnyConnect server through a Windows or Mac system with any earlier version, you will be be automatically updated to version 4.3.04027. If the OS version running on your PC or Mac does not support this version of AnyConnect, I believe, from anecdotal evidence, that bad things will happen and you will be out of luck (I don't have old enough OS versions to test this on).
Linux users are on their own as regards to security issues. AnyConnect will insist on a version equal to or higher than 3.1.14018, however.
The MacOS 4.5.03040 package is for 10.11 (El Capitan), 10.12 (Sierra) and 10.13 (High Sierra) systems only. 10.10 (Yosemite) users can use the 4.4.01054 distribution and 10.9 (Mavericks) users can install the 4.3.04027 distribution, but one of these days security issues will no doubt force us to require a later AnyConnect version: So upgrade your Mac to a newer version of MacOS!
10.5 (Leopard), 10.6 (Snow Leopard), 10.7 (Lion) und 10.8 (Mountain Lion) users are out of luck, as are PowerPC Mac users.
The Windows package supports Windows 10, 8, 8.1 and 8.1 Update 1 (both 32 and 64 bit) and Win7 (both 32 and 64 bit). WinXP and WinVista are no longer supported.
AnyConnect version 4 has abandoned the 32-bit Linux distribution. Version 4.5 is officially supported on Red Hat 6 & 7 (hence CentOS 6 & 7) and Ubuntu 14.04(LTS) and 16.04(LTS). Version 4.4 is officially supported on Red Hat 6 & 7 (hence CentOS 6 & 7) and Ubuntu 12.04(LTS), 14.04(LTS) and 16.04(LTS).
The AnyConnect 3.1 Linux package is 'guaranteed' to run on Ubuntu 9.x, 10.x, 11.x and 12.x and on RedHat RHEL 6 Desktops. I can verify that it installs and runs on Ubuntu 9.04/32, 9.10/32-bit, on CentOS 5.4/32bit and Linux Mint 12 (64 bit). Use the -linux_64- file for 64-bit Linux installations.
2.1) MacOS
Install this program on your Mac from the downloaded .dmg disk image (click on the .dmg in the Finder 'Downloads' window and then click on the AnyConnect.mpkg icon in the window that pops up). Accept the defaults and acknowledge the legalese during the installation.
When you are asked what components to install, uncheck everything except the VPN component.
If you are running Mountain Lion (Mac OS 10.8) or later, there is one complication that you have to deal with first. Go to System Preferences -> Security & Privacy -> General. You will have to click on the Lock and enter the Admin password. Now, under 'Allow applications downloaded from:', click the circle next to 'Mac App Store and Identified Developers.'
Note that if you are running a version of the AnyConnect client that is earlier than 4.3.04027, the next time you connect, the AnyConnect server will upgrade the client on your remote computer to this version. This has casued issues in the past: if things go pear-shaped for you: pleae let us know!
Fire up the newly-installed program (it will be installed as Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app). A panel labeled 'Cisco AnyConnect Secure Mobility Client' will appear.
On the top-of-the-screen bar (next to the Apple symbol), click on 'Cisco AnyConnect Secure Mobility Client' and then click on 'Preferences.' In the Preferences Pane that pops up, Click on 'Enable local Lan Access (if Configured).' In fact, you probably want to check all the preferences in the pane.
Back in the 'Cisco AnyConnect Secure Mobility Client' panel, you will see a blank box labeled 'Connect To.' Type 'anyconnect.noao.edu' in the box, highlight the entry with the mouse, and hit the 'Connect' button. Eventually you will be asked for your username and password.
If your credentials are accepted, a box will appear on your screen that says 'Welcome to NOAO-Tucson's VPN remote-access system (Authorized Users Only!). You are in the CIS Group.' Of course, your assigned group will appear instead of CIS. Hit the 'Accept' button and the system will cogitate for a bit.
You should now be connected on the internal NOAO-Tucson network! An icon (looks like a globe with a lock) will be present on the top-of-the-screen bar that you can use to disconnect the connection, show statistics or quit the VPN client.
Note an 'uninstall' application is located in the 'Cisco' tab in the Applications folder.
2.2) Linux
Note the alternative program 'openconnect' discussed above.
(As performed on my Asus EEE PC901 netbook running Ubuntu 9.10/32-bit)
Using Firefox, download the the .tar.gz file, use tar to uncompress and untar the ciscovpn directory. cd into ciscovpn and run 'sudo vpn_install.sh'. Lots of legalese should appear followed by a cryptic 'Done!'.
Fire up the program via Applications -> Internet -> Cisco AnyConnect VPN Client. A panel will appear and a new icon will appear in the Notification area. Put anyconnect.noao.edu in the 'Connect To:' box in the panel. Click on the 'gears' symbol to the right of the 'Connect To:' box and check the box for 'Enable local LAN access (if configured)' and hit the Close button.
Now enter your Username and Password in the appropriate boxes, and hit the 'Connect' button. When the conection takes place, the panel will disappear and the icon will change shape and show a padlock. Left-clicking the icon will bring up a statistics panel. Right-clicking the icon will bring up a menu and allow you to disconnect.
In a non-Ubuntu system, to fire up the connection, type in a terminal window
/opt/cisco/vpn/bin/vpn connect anyconnect.noao.edu
You will be prompted for your username and password and see lots of funky output.
You should now be connected on the internal NOAO-Tucson network!
Mass gmail account creator download. /opt/cisco/vpn/bin/vpn disconnect
will disconnect the VPN.
2.2.1)
If you get an error message about 'problem with a Certificate', then you need to do the following:
grab ftp://ftp.noao.edu/pub/grandi/GeoTrust-root-cert.pem and put this file in ~/.cisco/certificates/ca/ (which you will have to create).
I had to do this on a CentOS 5.4 system but not on Ubuntu 9.04 or 9.10.
2.3) Windows
Download the .msi file, double click on it, agree that it is safe to run, accept the license, and complete the install. Find the newly installed program at Programs -> Cisco AnyConnect Secure Mobility Client and run it. In the pane that appears, click on the Preferences icon (looks like a pair of gears) and click on 'Enable local Lan Access (if Configured)' and hit the 'OK' button. Type 'anyconnect.noao.edu' into the box and hit the 'Connect' button. You will be prompted for your username and password.
If your credentials are accepted, a box will appear on your screen that says 'Welcome to NOAO-Tucson's VPN remote-access system (Authorized Users Only!). You are in the CIS Group.' Of course, your assigned group will appear instead of CIS. Hit the 'Accept' button and the system will cogitate for a bit.
You should now be connected on the internal NOAO-Tucson network! An icon for the VPN client will appear in the Windows icon area (you will probably have to unhide it first) that you can use to disconnect and/or quit the client.
Note that if you are running a version of the AnyConnect client that is earlier than 4.3.04027, the next time you connect, the AnyConnect server will upgrade the client on your remote computer to this version. This has casued issues in the past: if things go pear-shaped for you: pleae let us know!