Campus VPN (Virtual Private Network)

Setting up Cisco VPN

In order to provide secure access to some on-campus resources, IST has implemented a virtual private network (VPN). The campus VPN can be accessed by installing the Cisco VPN client. To do so:

  • Go to https://cn-vpn.uwaterloo.ca in a browser. This will not work in the old Edge.
  • Enter your WatIAM userid and your WatIAM password.
  • In the "Second password" field, choose your second factor from this list:
Second factor Second password field
Duo push notification type: push (for multiples, push1 or push2 ...)
Phone call type: phone (for multiples phone1 or phone2 ...)
Test message (SMS) type: sms (for multiples, sms1 or sms2 ...). Enter first of ten codes you receive into second password field 
IST provided Yubikey

place cursor in second password field and touch token

(non-IST-provided hardware auth devices must be programmed for OTP and registered with IST)
Duo token or bypass code type: the passcode in second password field
  • Once you get in, click the blue "Download" button.
  • Save the file it offers to download. Once it is fully downloaded, double-click it to install the client on your computer. 
  • Once installed, you will have to start the VPN client by searching "Cisco" on your machine and running the "Cisco AnyConnect Secure Mobility Client" program. The program is in Finder > Applications > Cisco on the Mac.
    • This is also a good time to pin the client to your taskbar or dock to make it easier to find in the future.
  • Enter the VPN address in the address field:
    • For off-campus and/or wireless connections, use cn-vpn.uwaterloo.ca
    • For on-campus, wired connections, use vpn-inside.private.uwaterloo.ca
  • Choose the server address 'UW-General-Campus' from the dropdown and enter your WatIAM credentials when prompted.
    • In the future, when you reboot, the client will remember the VPN address and your WatIAM userid, but it will forget your password.
  • Enter your 2FA method in the "Second password" field, using the instructions in #3 above.
  • When the client is connected, a small lock symbol appears in front of the Cisco icon (the icon looks like a baseball with stylized blue stitching) in the System Tray in Windows or in the Dock on Mac.
  • You can now remote into your work computer (if properly set up), access your R: drive and other restricted resources and software on campus. 

Trouble connecting?

  • If you are unsure whether the VPN is connected, use this link to check https://checkvpn.uwaterloo.ca/
  • Make sure you have activated two-factor authentication by going to https://2fa.uwaterloo.ca/duo/enroll. For more information see, 2FA.
  • Confirm you entered your WatIAM userid just plain without "@uwaterloo.ca" or "nexus\".
  • Confirm you chose "UW-General-Campus" from the login dropdown.
  • Try uninstalling the VPN client and re-downloading a fresh copy.
  • Check the system requirements and other searchable Cisco documentation.

Issues or Concerns? Please contact the Science Computing Helpdesk.