Use Duo with your Virtual Private Network (VPN)

Cisco AnyConnect is the primary Virtual Private Network (VPN) tool supported by the University of Minnesota. All VPNs require Duo Security Multi-Factor Authentication (Duo). 

Use this article to connect to VPN using your Duo Security authentication.

In this article:

When to Use VPN

VPN should only be used when resources cannot be accessed by other means. A VPN is not needed for most web-based UMN resources and services, such as MyU, University Gmail, Canvas, Google Workspace, and Office 365, and others.

For additional information, refer to the Virtual Private Network (VPN) Resource page.

To see whether an application requires VPN, refer to this list of UMN Applications and VPN requirementsYou will need to sign in.

Before Connecting to VPN

  1. Ensure that you have Duo Security Multi-Factor Authentication set up on your UMN account.
  2. VPN connects using your primary device. If you don't have a primary device, it defaults to the first Duo device in your device list.

Connecting to Your VPN

  1. Launch the Cisco AnyConnect client from your computer.
  2. Choose the desired VPN Pool from the drop-down menu and click Connect. Available VPN Pools: 
    • AnyConnect-UofMvpnFull (Full Tunnel)
    • UMN - Departmental Pools
    • UMN - Split Tunnel - General Access VPN Pool
      Cisco AnyConnect Client VPN dropdown options displayed.
  3. Click Connect.
  4. A new window opens, prompting for your Username and Password. To use the default authentication method (a push to a cell phone or tablet, or call to a landline):
    1. Username: Your UMN internet ID
    2. Password: Your UMN password
    3. Click OK. A Duo Security push or call sends to your default Duo device.

To verify your identity with any other method, continue to the next section.

Using Duo if You Don't Have Your Primary Device

Unlike other UMN applications, Cisco AnyConnect does not allow you to select how you connect. By default, you will receive a push notification to your primary device or an automated call to a landline.

You may have a situation that requires verifying your identity using a different device, or using a method other than the default push, such as:

  • Using a personal or different device than the default when working remotely.
  • Using a work cell phone or departmental that must be left on campus. 
  • Forgetting or misplacing your primary Duo device. 

If you have additional devices added to your account, you can choose to connect to VPN from the following options:

To connect using an option other than the default (or to push to an additional device), you need to add additional information after entering your password. 

Connecting Using an Additional Option

If you have multiple devices registered or you are using a passcode, you will add numbers at the end of a keyword to verify your identity with the desired device.

  1. Sign in to the Cisco AnyConnect Client and choose your desired VPN pool.
  2. Username: Your UMN Internet ID
  3. Password: Enter your password plus a keyword, separated by a comma:
    • Note: Make sure to add the comma between the password and keyword with no additional spaces.
      Cisco AnyConnect login with sample password "1Passwordexample,123456" highlighted.
    • To use a passcode, token, or bypass code: After the comma, enter the generated passcode numbers, adding no additional spaces
    • To push a login request to the device of your choice: After the comma, enter "push" followed by the device number.
      • Example: password,push2 sends a push request to the second phone in your list of registered Duo Devices.
    • To receive a phone call to your phone of choice: After the comma, enter "phone" followed by the device number from your list of Duo devices.
      • Example: password,phone3 calls the third phone in your list of registered Duo devices.
  4. Click OK.
TDX ID
5875