Campus VPN (Virtual Private Network)

Setting up Cisco VPN

In order to provide secure access to some on-campus resources, IST has implemented a virtual private network (VPN). The campus VPN can be accessed by installing the Cisco VPN client. To do so:

  • Go to in a browser. This will not work in the old Edge.
  • Enter your WatIAM userid and your WatIAM password.
  • In the "Second password" field, choose your second factor from this list:


Second factor Second password field
Duo push notification type: push (for multiples, push1 or push2 ...)
Phone call type: phone (for multiples phone1 or phone2 ...)
Test message (SMS) type: sms (for multiples, sms1 or sms2 ...)
IST provided Yubikey

place cursor in second password field and touch token

(non-IST-provided hardware auth devices must be programmed for OTP and registered with IST)

Duo token or bypass code type: the passcode in second password field


  • Enter your WatIAM userid and your WatIAM password as above, but this time enter your new code received from authentication in the “Second Password” field.
  • Once you get in, click the blue "Download" button.
  • Save the file it offers to download. Once it is fully downloaded, double-click it to install the client on your computer. 
  • Once installed, you will have to start the VPN client by searching "Cisco" on your machine and running the "Cisco AnyConnect Secure Mobility Client" program. The program is in Finder > Applications > Cisco on the Mac.
    • This is also a good time to pin the client to your taskbar or dock to make it easier to find in the future.
  • Enter the VPN address in the address field:
    • For off-campus and/or wireless connections, use
    • For on-campus, wired connections, use
  • Choose the server address 'UW-General-Campus' from the dropdown and enter your WatIAM credentials when prompted.
    • In the future, when you reboot, the client will remember the VPN address and your WatIAM userid, but it will forget your password.
  • Enter your 2FA method in the "Second password" field, using the instructions in #3 above.
  • When the client is connected, a small lock symbol appears in front of the Cisco icon (the icon looks like a baseball with stylized blue stitching) in the System Tray in Windows or in the Dock on Mac.
  • You can now remote into your work computer (if properly set up), access your R: drive and other restricted resources and software on campus. 


Trouble connecting?

  • If you are unsure whether the VPN is connected, use this link to check
  • Make sure you have activated two-factor authentication by going to Two-factor Authentication | University of Waterloo and then scrolling down to find the yellow "Get started now" button. For more information see, 2FA.
  • Confirm you entered your WatIAM userid just plain without "" or "nexus\".
  • Confirm you chose "UW-General-Campus" from the login dropdown.
  • Try uninstalling the VPN client and re-downloading a fresh copy.
  • Check the system requirements and other searchable Cisco documentation.


Issues or Concerns? Please contact the Science Computing Helpdesk.