How to access on-campus resources from off-campus
In order to provide secure access to some on-campus resources, IST has implemented a virtual private network (VPN). The campus VPN can be accessed by installing the Cisco VPN client. To do so:
- Go to https://cn-vpn.uwaterloo.ca in a browser. This will not work in the old Edge.
- Enter your WatIAM userid and your WatIAM password.
- In the "Second password" field, choose your second factor from this list:
|Second factor||Second password field|
|Duo push notification||type: push (for multiples, push1 or push2 ...)|
|Phone call||type: phone (for multiples phone1 or phone2 ...)|
|Test message (SMS)||type: sms (for multiples, sms1 or sms2 ...)|
|IST provided Yubikey||
place cursor in second password field and touch token
(non-IST-provided hardware auth devices must be programmed for OTP and registered with IST)
|Duo token or bypass code||type: the passcode in second password field|
<thanks to Steve Weber for the excellent collaboration experience>
- Enter your WatIAM userid and your WatIAM password as above, but this time enter your new code received from authentication in the “Second Password” field.
- Once you get in, click the blue "Download" button.
- Save the file it offers to download. Once it is fully downloaded, double-click it to install the client on your computer.
- Once installed, you will have to start the VPN client by searching "Cisco" on your machine and running the "Cisco AnyConnect Secure Mobility Client" program. The program is in Finder > Applications > Cisco on the Mac.
- This is also a good time to pin the client to your taskbar or dock to make it easier to find in the future.
- Enter the VPN address cn-vpn.uwaterloo.ca in the address field.
- Choose the server address 'UW-General-Campus' from the dropdown and enter your WatIAM credentials when prompted.
- In the future, when you reboot, the client will remember the VPN address and your WatIAM userid, but it will forget your password.
- Enter your 2FA method in the "Second password" field, using the instructions in #3 above.
- When the client is connected, a small lock symbol appears in front of the Cisco icon (the icon looks like a baseball with stylized blue stitching) in the System Tray in Windows or in the Dock on Mac.
- You can now remote into your work computer (if properly set up), access your N: drive, R: drive, the IST SPSS VDI, and other restricted resources and software on campus.
- Make sure you have activated two-factor authentication by going to Two-factor Authentication | University of Waterloo and then scrolling down to find the yellow "Get started now" button. For more information see, 2FA.
- Confirm you entered your WatIAM userid just plain without "@uwaterloo.ca" or "nexus\".
- Confirm you chose "UW-General-Campus" from the login dropdown.
- Try uninstalling the VPN client and re-downloading a fresh copy.
- Check the system requirements and other searchable Cisco documentation.
Issues or Concerns?
- Please contact the Science Computing Helpdesk.