Setting up Cisco VPN
In order to provide secure access to some on-campus resources, IST has implemented a virtual private network (VPN). Please follow the instructions below on how to install and use the VPN client.
- Download the Cisco AnyConnect Secure Mobility VPN Client:
- If you're off-campus, go to https://vpn.uwaterloo.ca/+CSCOE+/logon.html.
- If you're on-campus, go to https://vpn-inside.private.uwaterloo.ca/.
- Enter your WatIAM userid and your WatIAM password.
- In the "Second password" field, choose your second factor from this list:
| Second factor | Second password field |
|---|---|
| Duo push notification | type: push (for multiples, push1 or push2 ...) |
| Phone call | type: phone (for multiples phone1 or phone2 ...) |
| Test message (SMS) | type: sms (for multiples, sms1 or sms2 ...). Enter first of ten codes you receive into second password field |
| IST provided Yubikey |
place cursor in second password field and touch token (non-IST-provided hardware auth devices must be programmed for OTP and registered with IST) |
| Duo token or bypass code | type: the passcode in second password field |
- Once you're logged into the website, click the blue "Download" button.
- Save the file and once it's finished downloading, double-click on the installer.
- An installation wizard will open and you can click "Next" to most of the prompts and then click "Install".
- Once installed, you will have to start the VPN client by searching "Cisco" on your device and running the "Cisco AnyConnect Secure Mobility Client" program. The program is in Finder > Applications > Cisco on the Mac.
- We recommend pinning the client to your taskbar or dock to make it easier to find for future use.
- Enter the VPN address in the address field:
- If you are off-campus use vpn.uwaterloo.ca
- If you are on-campus use vpn.private.uwaterloo.ca
- Select the Group you'd like to use from the dropdown menu and enter your WatIAM credentials when prompted:
- Choose "UW-General-Campus" from the dropdown menu if you're off-campus and/or wirelessly connected.
- Choose "UW-General-Campus-Internal" from the dropdown menu if you're on-campus and on the wired network.
- In the future, when you reboot your device, the Cisco client will remember the VPN address and your WatIAM username, but not your password.
- Enter your 2FA method in the "Second password" field, using the instructions in Step 3.
- When the client is connected, a small lock symbol appears in front of the Cisco icon (the icon looks like a baseball with stylized black and blue stitching) in the System Tray in Windows or in the Dock on Mac.
- You can now remote into your work computer (if properly set up), access your R: drive and other restricted resources and software on campus.
Trouble connecting?
- If you are unsure whether the VPN is connected, you can check your VPN status at https://checkvpn.uwaterloo.ca/.
- Make sure you have activated DUO two-factor authentication by going to https://2fa.uwaterloo.ca/duo/enroll. For more information see, 2FA/Duo.
- Confirm you entered your WatIAM username without "@uwaterloo.ca" or "nexus\".
- Try uninstalling the VPN client and re-downloading a fresh copy.
- Check the system requirements and other searchable Cisco documentation.