AnyConnect setup guides

Windows 10/11

1. Install Secure Client VPN with the VPN module.
2. Open the app and in the “VPN” field enter the gateway FQDN (e.g., vpn.company.com).
3. Click Connect. If prompted, choose your group/tunnel. Complete primary auth and MFA.
4. Verify: open ipconfig to confirm a new adapter and VPN IP; run route print to see injected routes; resolve an internal DNS name.

If the connection page opens in a browser (SAML), keep the browser window focused until the client reports “Connected”.

macOS 12 or later

1. Install the .pkg. On first run, approve extensions in System Settings if required.
2. Enter the VPN gateway FQDN and connect. Use your corporate identity provider to authenticate.
3. Verify with ifconfig that a utun/tap interface appears; check the DNS search domains in Network settings.

Linux (Ubuntu)

1. Install the AnyConnect packages for your distro.
2. Launch the GUI or use CLI: /opt//secureclient/bin/vpn connect vpn.company.com.
3. Authenticate and verify: ip a shows the tunnel interface; resolvectl status lists VPN DNS.

iOS / Android

1. Install “ Secure Client VPN” from the app store.
2. Add a connection, enter the gateway FQDN, save and connect.
3. Approve MFA and verify access to internal apps.

Managing profiles and groups

Profiles define connection entries, backup servers, and restrictions like UI lock‑down and Always‑On. Importing a .xml profile saves time and prevents typos. Group selection maps to tunnel‑group and group‑policy on the headend; use descriptive group names so users can switch without tickets.

Verification and rollback

After changes, validate routing (full vs split), DNS suffix order, and reachability to core services such as identity, file shares, and intranet portals. If a change breaks connectivity, revert the profile and roll back the client upgrade for the impacted cohort while you triage logs.

Operational checklists