Setting up Cisco VPN
In order to provide secure access to some on-campus resources, IST has implemented a virtual private network (VPN). The campus VPN can be accessed by installing the Cisco VPN client. To do so:
- Go to https://cn-vpn.uwaterloo.ca in a browser. This will not work in the old Edge.
- Enter your WatIAM userid and your WatIAM password.
- In the "Second password" field, choose your second factor from this list:
Second factor | Second password field |
---|---|
Duo push notification | type: push (for multiples, push1 or push2 ...) |
Phone call | type: phone (for multiples phone1 or phone2 ...) |
Test message (SMS) | type: sms (for multiples, sms1 or sms2 ...) |
IST provided Yubikey |
place cursor in second password field and touch token (non-IST-provided hardware auth devices must be programmed for OTP and registered with IST) |
Duo token or bypass code | type: the passcode in second password field |
- Enter your WatIAM userid and your WatIAM password as above, but this time enter your new code received from authentication in the “Second Password” field.
- Once you get in, click the blue "Download" button.
- Save the file it offers to download. Once it is fully downloaded, double-click it to install the client on your computer.
- Once installed, you will have to start the VPN client by searching "Cisco" on your machine and running the "Cisco AnyConnect Secure Mobility Client" program. The program is in Finder > Applications > Cisco on the Mac.
- This is also a good time to pin the client to your taskbar or dock to make it easier to find in the future.
- Enter the VPN address in the address field:
- For off-campus and/or wireless connections, use cn-vpn.uwaterloo.ca
- For on-campus, wired connections, use vpn-inside.private.uwaterloo.ca
- Choose the server address 'UW-General-Campus' from the dropdown and enter your WatIAM credentials when prompted.
- In the future, when you reboot, the client will remember the VPN address and your WatIAM userid, but it will forget your password.
- Enter your 2FA method in the "Second password" field, using the instructions in #3 above.
- When the client is connected, a small lock symbol appears in front of the Cisco icon (the icon looks like a baseball with stylized blue stitching) in the System Tray in Windows or in the Dock on Mac.
- You can now remote into your work computer (if properly set up), access your R: drive and other restricted resources and software on campus.
Trouble connecting?
- If you are unsure whether the VPN is connected, use this link to check https://checkvpn.uwaterloo.ca/
- Make sure you have activated two-factor authentication by going to Two-factor Authentication | University of Waterloo and then scrolling down to find the yellow "Get started now" button. For more information see, 2FA.
- Confirm you entered your WatIAM userid just plain without "@uwaterloo.ca" or "nexus\".
- Confirm you chose "UW-General-Campus" from the login dropdown.
- Try uninstalling the VPN client and re-downloading a fresh copy.
- Check the system requirements and other searchable Cisco documentation.
Issues or Concerns? Please contact the Science Computing Helpdesk.