To be able to use VPN to access the GFZ network you have to activate VPN on the "Passwords & Services" site on the intranet.

In case this is the first time you establish a VPN connection via ASA, you need to install the Cisco Secure client.

Go to asa.gfz-potsdam.de.
Select "GFZ employees" and click Login.

In the new window, log in with your GFZ username and domain password.
Then enter the code from your 2-factor authentication device.

Click on "Download for Linux" to download the Cisco Secure Client.

Open a terminal and navigate to the downloaded cisco-secure-client-linux64-#.#.#.##-core-vpn-webdeploy-k9.sh file.

Run the following command: (Replace the "#" with the actual version number).

sudo bash cisco-secure-client-linux64-#.#.#.##-core-vpn-webdeploy-k9.sh

Advice for OpenSUSE

For the graphical user interface of Secure Client the library libpangox.so have to be installed in OpenSUSE. Please install this via Yast if necessary.

ldd /opt/cisco/anyconnect/bin/vpnui
...
libpangox-1.0.so.0 => not found

zypper in libpangox-*

Start Cisco Secure Client.

Enter "asa.gfz-potsdam.de" as the server address and click "Connect".

Select "GFZ-Mitarbeiter" as the group.
In the new window, log in with your GFZ user name and domain password.

Enter the code from your 2-factor authentication device in the "Token" field.

Click on "Log in". The VPN connection is established.