Cisco AnyConnect 3.1 VPN Client with Start Before Logon Module

Cisco AnyConnect VPN Client 3.1 with Start-Before-Logon Module
IT Division has added a module, called Start-Before-Logon, to the Cisco AnyConnect VPN Client. The module allows the
computer to act as if it is on the OSU local area network even before logging into the computer . The major advantage is
increased security but a beneficial side effect is a dramatically shorter time to complete a logon to the computer when
off-campus. The VPN connection allows you to use network drives and resources as you would on campus.
Overview of steps to use the client
Preliminary Steps:
1. Configure wireless network profile (See Appendix A)
2. Ensure that you have the AnyConnect client (See Appendix B)
3. Configure the Start-Before-Logon module (See Appendix C)
AnyConnect Start-Before-Logon Module Usage
1. Do a CTRL+ALT+DELETE, switch user, and run the Start-Before-Logon user interface
2. Logon to your user account
Detailed AnyConnect Start-Before-Logon Module Steps:
Prerequisite: The computer must have connected to the wireless network you are trying to use prior to using
the Start-Before-Logon module. If it has not, logon without the VPN and configure the wireless access point first. This
must be done with every new wireless access point because Windows does not have a wireless configuration utility
available before logon. Follow the instructions in Appendix A as an example of how to configure a wireless network
connection. If you have previously used the access point and saved its configuration, Start-Before-Logon should work.
Click the Switch User button,
Click the Cisco AnyConnect button,
, in the lower right corner.
Enter your OKey username and password into the Cisco AnyConnect dialogue box.
Select your username (“SSBHD441M1\ssbsupport” in this example).
Logon as you usually do.
Appendix A
Configure Wireless Network Profile:
In the following example, we will connect to the OSUSTAFF network access point.
Choose the wireless network icon,
, from the System Tray in the lower right corner.
Select OSUSTAFF and click on the Connect button.
Authenticate to the wireless network using your OKey username and password.
On the Windows Security Alert box, click the
5. When connected the wireless network bars will look like the following
Appendix B
Installing the Cisco AnyConnect Start-Before-Logon Module
If you already have the Cisco AnyConnect VPN Client installed, logon to the VPN. The AnyConnect client will
check to ensure it is the latest version. If it is not, you will see a dialogue box similar to the following figure:
If you do not have the AnyConnect client, open a browser and go to and logon with
your OKey username and password.
If you receive the Security Warning dialogue box below, please click the Yes button.
If you have an updated version of Java, the following dialogue box will alert you that it is about to run a Java
applet that installs the Cisco AnyConnect client.
The following dialogue box appears as the installer is running.
When the installer completes, you will get the following dialogue box inside the browser. You may close the
Appendix C
Configuring the Cisco AnyConnect client to use the Start-Before-Logon module
Click the Cisco VPN client icon,
, from the system tray in the lower right corner of the screen, or go to
Start-All Programs-Cisco-Cisco AnyConnect Secure Mobility Client.
2. Click the settings icon,
, in the Ciso AnyConnect Secure Mobility Client dialogue box.
3. Click the Preferences tab, check mark all of the available boxes.
Note: If Start-Before-Logon will not work because it says there are no trusted networks, try unchecking the
Block connections to untrusted servers checkbox.