How to install and connect to the VPN - Mac OS

Use checkvpn.uwaterloo.ca to see your computer's VPN connection status.

Video instructions

This video outlines how to access the VPN using the Duo Mobile push option. See step 2 below for instructions for other authentication methods (e.g. 6-digit code, bypass code, Yubikey).

Settings at a glance

If you already have the Cisco VPN client installed, you can use the following settings to connect: 

  • Server/connect to address: https://cn-vpn.uwaterloo.ca/

  • Username:  8-character UWaterloo username (eg. myuserna)

  • Password:  password

  • Second Password:

    • Type push for Duo Mobile push; enter ‘push2’ to receive the prompt on a secondary device, ‘push3’ to receive the prompt on a tertiary device, etc.

To avoid multiple prompts on your phone, accept the push within 10 seconds.

  • Type sms for text codes ( this option is for students only ); you will get a text message with 10 codes. Re-enter your password, and type the first code in the second password field.

  • Type phone to get a phone call ( this option is for students only ); enter ‘phone2’ to receive the prompt on a secondary device, ‘phone3’ to receive the prompt on a tertiary device, etc.

  • For Duo hardware token or Duo app, enter the 6-digit code from the token or app

  • For a Yubikey, touch the YubiKey with your cursor in the text box

How to install

  1. To begin, log in to the VPN website with your UWaterloo credentials (i.e. your UWaterloo 8-character username and password).  Most can use https://cn-vpn.uwaterloo.ca/+CSCOE+/logon.html, but depending on where you are on campus, you may need to use https://vpn-inside.private.uwaterloo.ca

    1. Second Password:

      • Type push for Duo Mobile push; enter ‘push2’ to receive the prompt on a secondary device, ‘push3’ to receive the prompt on a tertiary device, etc. To avoid multiple prompts on your phone, accept the push within 10 seconds.

      • Type sms for text codes ( this option is for students only ); you will get a text message with 10 codes. Re-enter your password, and type the first code in the second password field.

      • Type phone to get a phone call ( this option is for students only ); enter ‘phone2’ to receive the prompt on a secondary device, ‘phone3’ to receive the prompt on a tertiary device, etc.

      • For Duo hardware token or Duo app, enter the 6-digit code from the token or app

      • For a Yubikey, touch the YubiKey with your cursor in the text box

    2. Accept the Duo 2FA prompt on your device to continue to the next step.

  2. Once the fields above are entered, you will be redirected to the Download & Install page shown below. Click the Download for macOS button to download the installer disk image.

  3. Go to your downloads folder and double-click on the installer image, which will have a name such as  anyconnect-macos-4.6.01103-core-vpn-webdeploy-k9.dmg. This will mount and open the image and you should see the following window:
     

  4. Double-click on the .pkg installer file and you will be taken through the installation process. Click Continue to move through the steps.

  5. If you are running OS 10.14 (Mojave) you will get the following warning. Click OK to continue.
     

  6. At some point in the installation, you may get the below dialogue window. If so, click  Open Security Preferences and enable Cisco software.  Note:  you may also get the "Cisco Secure Client Secure Mobility Client Notification" shown below. In this case, click on the  Allow button, which will also take you to the Security & Privacy settings dialogue. 


     

  7. To authorize Cisco's apps, you will need to authorize them in the Security & Privacy settings shown below.
     

  8. Click on the lock icon on the bottom left and enter your admin credentials to unlock so you can make changes.

  9. Click on the Allow button to allow software from Cisco. After which you can close this preference window.

  10. You should eventually get to the final screen shown below. Click Close.

  11. Depending on your OS version you might get the following dialogue after closing the installer. Clicking on Move to Trash will delete the installer disk after closing. If you don't get the above option, you will have to eject the installer volume and delete the installer disk manually.

Search for Cisco Secure Client on your MAC OS to open the app and connect to the VPN.

How to connect

You do not need to repeat the installation process each time you want to use the VPN. The installation process installs the Cisco VPN client into the Applications folder. You can run it from there or add it to your Dock.

If you haven't connected before, you will need to specify the VPN server:

  1. Select "cn-vpn.uwaterloo.ca" and click Connect. This brings you to a login window where you can authenticate with your UWaterloo credentials (i.e. your 8-character UWaterloo username and password). Under the Group drop-down menu, select UW-General-Campus
    Note: 'UW-General-Campus' is the recommended profile. 'UW-Campus' should be used as an alternative profile.

    1. Enter your 8-character UWaterloo username into the username field--without the @uwaterloo.ca.

    2. Enter the Second Password:

      • Type push for Duo Mobile push; enter ‘push2’ to receive the prompt on a secondary device, ‘push3’ to receive the prompt on a tertiary device, etc. To avoid multiple prompts on your phone, accept the push within 10 seconds.

      • Type sms for text codes ( this option is for students only ); you will get a text message with 10 codes. Re-enter your password, and type the first code in the second password field.

      • Type phone to get a phone call ( this option is for students only ); enter ‘phone2’ to receive the prompt on a secondary device, ‘phone3’ to receive the prompt on a tertiary device, etc.

      • For Duo hardware token or Duo app, enter the 6-digit code from the token or app

      • For a Yubikey, touch the YubiKey with your cursor in the text box

    3. Click OK in the bottom right.

    4.  Accept the Duo 2FA prompt on your device to continue.

  2. Once you’ve accepted the 2FA prompt on your device, you should see the pop-up below in the top-right of your screen.

  3. When the client is active, the VPN connection can be controlled from the Menu Bar icon:
     

Need Help?

Contact the IST Service Desk online or 519-888-4567 ext. 44357.

Article feedback

If you’d like to share any feedback about this article, please let us know.