VPN is a useful way to make a secure connection to the Cornell network remotely or utilizing a wireless connection.  Another benefit of VPN is the ability to see your server shares, printers, and other Cornell resources without remotely connecting to an on-campus computer (more configuration is necessary past this documentation).  Two-Step VPN goes one-step further in verifying that the person who is attempting to make a VPN connection is who they say they are.   Below are instructions on how to make a successful VPN connection to the Cornell network using either a Windows or Mac computer.

***NOTE*** IF you would like to connect to your work computer via Remote desktop, you'll need to make a succesful VPN connection prior to connecting to your computer using Remote Desktop.  Remote Desktop instructions are available on the ILR Tech Services portion of the ILR website under Desktop -> Remote Access & Two-Step VPN.

1) Access the Cisco VPN Software


On the bottom right hand side on the desktop, click on the up arrow (near the clock) then select Cisco AnyConnect.  The icon will look like a small globe.  Alternatively, if the Cisco AnyConnect icon is not available after clicking on the arrow, you can find it by clicking on the Start menu Windows start menu logo on the far left hand side on the desktop.  After clicking on Start, scroll down the alphabetical list and find Cisco -> Cisco AnyConnect Secure Mobility Client.  If your device does not have the Cisco VPN client, you can download and install it by clicking here.  Please note that you will need an administrative rights account to install Cisco AnyConnect on your device.

Windows system tray showing the icon for Cisco AnyConnect


On the desktop go to Go -> ApplicationsCisco AnyConnect Secure Mobility Client.  If the Go menu item is not visible, click once on an empty spot on the desktop.

Expanded Mac Go menu with the menu item, Applications, selected

**NOTE** If you need to install the Cisco VPN software, on the desktop of the Mac, select Go -> Applications -> Self Service Find CU AnyConnect VPN within the list of software that can be installed -> click Install.

2) Connect to VPN

Windows and Mac

The Cisco AnyConnect Secure Mobility Client pop-up box will appear.  To the left of Connect, verify that cuvpn.cuvpn.cornell.edu is entered.  If it is, click Connect.

Mac dialog for tselection of VPN network for Cisco AnyConnect VPN connection

3) Login to Two-Step VPN

Windows and Mac

A dialog box will appear with the heading Cisco AnyConnect | cuvpn.cuvpn.cornell.edu.  Use the following options to connect (select OK when all fields have been entered):

Group = Select Two-Step_Login from the drop down menu.

Username = yournetid@IL-VPN (this is case sensitive so use capital letters for IL-VPN).

Password = your netid/email password.

DUO Passcode(push/sms/phone):

push: When typing push, a notification will be sent to your DUO Mobile app on your Smartphone.

sms: When typing sms, ten unique sets of numbers will be sent via text message to your Smartphone.  Any of these codes can be used for twenty-four hours.  Each code can only be used once.

phone: when typing phone, the default phone number setup in your two-step device management will ring to verify your identity.

Mac dialog for two-step authentication into Cisco AnyConnect VPN connection

4) Successful Connection Verified


The Cisco AnyConnect connected pop-up box will appear on the bottom right on your desktop verifying you’ve successfully connected to Two-Step VPN.


Windows Cisco AnyConnect status message in the system try

To double-check you’re still connected to VPN, click on the up arrow on the bottom right near the clock and look for an image of a lock over the top of a globe.

Windows icon for locked Cisco AnyConnect vpn session


On the top right of the screen on the desktop (near the clock) a pop-up box will appear indicating a successful VPN connection.Also, at the top of the screen on the desktop near the clock, you can double check that you’re currently connected to VPN by looking for an image of a globe with a lock just to the right of the globe.

Mac Cisco AnyConnect status message in the menu bar VPN menu

5) Disconnect


To disconnect from VPN, click on the up arrow by the clock -> select the image of the globe with a lock.The Cisco AnyConnect Secure Mobility Client pop-up will appear.  Click Disconnect.

Windows icon for locked Cisco AnyConnect vpn session      Windows dialog showing the disconnect from Cisco AnyConnect message


On the desktop, select the image of a globe with a lock at the top of the screen.A drop-down menu will appear.  Choose Disconnect.

Apple menu bar VPN menu expanded to show the disconnect menu item