Campus VPN (Virtual Private Network)
Setting up Cisco AnyConnect
In order to provide secure access to some on-campus resources, IST has implemented a virtual private network (VPN). The campus VPN can be accessed by installing the Cisco VPN client. To do so:
Go to https://cn-vpn.uwaterloo.ca in a browser. This will not work in the old Edge.
Enter your WatIAM userid and your WatIAM password.
In the "Second password" field, choose your second factor from this list:
Second factor | Second password field |
|---|---|
Duo push notification | type: push (for multiples, push1 or push2 ...) |
Phone call | type: phone (for multiples phone1 or phone2 ...) |
Test message (SMS) | type: sms (for multiples, sms1 or sms2 ...) |
IST provided Yubikey | place cursor in second password field and touch token (non-IST-provided hardware auth devices must be programmed for OTP and registered with IST) |
Duo token or bypass code | type: the passcode in second password field |
<thanks to Steve Weber for the excellent collaboration experience>
Enter your WatIAM userid and your WatIAM password again as above, but this time enter your new code received from authentication in the “Second Password” field.
Once you get in, click the blue "Download" button.
Save the file it offers to download. Once it is fully downloaded, double-click it to install the client on your computer.
Once installed, you will have to start the VPN client by searching "Cisco" on your machine and running the "Cisco AnyConnect Secure Mobility Client" program. The program is in Finder > Applications > Cisco on the Mac.
This is also a good time to pin the client to your taskbar or dock to make it easier to find in the future.
Enter the VPN address in the address field:
If you are off-campus and/or using WiFi, use cn-vpn.uwaterloo.ca
If you are on-campus and using ethernet, use vpn-inside.private.uwaterloo.ca
Choose the server address 'UW-General-Campus' from the dropdown and enter your WatIAM credentials when prompted.
In the future, when you reboot, the client will remember the VPN address and your WatIAM userid, but it will forget your password.
Enter your 2FA method in the "Second password" field, using the instructions in #3 above.
When the client is connected, a small lock symbol appears in front of the Cisco icon (the icon looks like a baseball with stylized blue stitching) in the System Tray in Windows or in the Dock on Mac.
You can now remote into your work computer (if properly set up), access your R: drive and other restricted resources and software on campus.
Trouble connecting?
If you are unsure whether the VPN is connected, use this link to check: https://checkvpn.uwaterloo.ca/
Make sure you have activated two-factor authentication by going to Two-factor Authentication | University of Waterloo and then scrolling down to find the yellow "Get started now" button. For more information see, 2FA.
Confirm you entered your WatIAM userid just plain without "@uwaterloo.ca" or "nexus\".
Confirm you chose "UW-General-Campus" from the login dropdown.
Try uninstalling the VPN client and re-downloading a fresh copy.
Check the system requirements and other searchable Cisco documentation.
Issues or Concerns? Please contact the Science Computing Helpdesk.