• On-campus Science Computing offices are *open* with limited core hours of 9 a.m. to 4 p.m.
    • Please contact a Science Computing representative for an appointment.
      • Due to reduced staffing, walk-ins may be disappointed.
      • Virtual support is still available at the above contacts or via Teams.
  • In-person access to the student computing labs (Nexus labs) is not currently available.

Campus VPN (Virtual Private Network)

How to access on-campus resources from off-campus

In order to provide secure access to some on-campus resources, IST has implemented a virtual private network (VPN). The campus VPN can be accessed by installing the Cisco VPN client. To do so:

  1. Go to https://cn-vpn.uwaterloo.ca in a browser. This will not work in the old Edge.
  2. Enter your WatIAM userid and your WatIAM password.
  3. In the "Second password" field, choose your second factor from this list:
Second factor Second password field
Duo push notification type: push (for multiples, push1 or push2 ...)
Phone call type: phone (for multiples phone1 or phone2 ...)
Test message (SMS) type: sms (for multiples, sms1 or sms2 ...)
IST provided Yubikey

place cursor in second password field and touch token

(non-IST-provided hardware auth devices must be programmed for OTP and registered with IST)

Duo token or bypass code type: the passcode in second password field

<thanks to Steve Weber for the excellent collaboration experience>

  1. Enter your WatIAM userid and your WatIAM password as above, but this time enter your new code received from authentication in the “Second Password” field.
  2. Once you get in, click the blue "Download" button.
  3. Save the file it offers to download. Once it is fully downloaded, double-click it to install the client on your computer. 
  4. Once installed, you will have to start the VPN client by searching "Cisco" on your machine and running the "Cisco AnyConnect Secure Mobility Client" program. The program is in Finder > Applications > Cisco on the Mac.
    1. This is also a good time to pin the client to your taskbar or dock to make it easier to find in the future.
  5. Enter the VPN address cn-vpn.uwaterloo.ca in the address field.
  6. Choose the server address 'UW-General-Campus' from the dropdown and enter your WatIAM credentials when prompted.
    1. In the future, when you reboot, the client will remember the VPN address and your WatIAM userid, but it will forget your password.
  7. Enter your 2FA method in the "Second password" field, using the instructions in #3 above.
  8. When the client is connected, a small lock symbol appears in front of the Cisco icon (the icon looks like a baseball with stylized blue stitching) in the System Tray in Windows or in the Dock on Mac.
  9. You can now remote into your work computer (if properly set up), access your N: driveR: drive, the IST SPSS VDI, and other restricted resources and software on campus.

Trouble connecting?

  • Make sure you have activated two-factor authentication by going to Two-factor Authentication | University of Waterloo and then scrolling down to find the yellow "Get started now" button. For more information see, 2FA.
  • Confirm you entered your WatIAM userid just plain without "@uwaterloo.ca" or "nexus\".
  • Confirm you chose "UW-General-Campus" from the login dropdown.
  • Try uninstalling the VPN client and re-downloading a fresh copy.
  • Check the system requirements and other searchable Cisco documentation.

Issues or Concerns?