Use Duo with your Virtual Private Network (VPN)

Cisco AnyConnect is the primary Virtual Private Network (VPN) tool supported by the University of Minnesota. All VPNs require Duo Security Multi-Factor Authentication (Duo). 

Use this article to connect to VPN using your Duo Security authentication.

Note: If you are using another tool to access VPN (Windows, Mac OS, Linux Native clients or IPSEC) we strongly recommend transitioning to Cisco AnyConnect for future VPN access.

In this article:

When to Use VPN

VPN should only be used when resources cannot be accessed by other means. A VPN is not needed for most web-based UMN resources and services, such as MyU, University Gmail, Canvas, Google Workspace, and Office 365, and others.

For additional information, refer to the Virtual Private Network (VPN) Resource page.

To see whether an application requires VPN, refer to this list of UMN Applications and VPN requirements. You will need to sign in.

Before Connecting to VPN

  1. Ensure that you have Duo Security Multi-Factor Authentication set up on your UMN account.
  2. Set your Default Duo Device

Connecting to Your VPN

  1. Launch the Cisco AnyConnect client from your computer.
  2. Choose the desired VPN Pool from the drop-down menu and click Connect. Available VPN Pools: 
    • AnyConnect-UofMvpnFull (Full Tunnel)
    • UMN - Departmental Pools
    • UMN - Split Tunnel - General Access VPN Pool
      Cisco AnyConnect Client VPN dropdown options displayed.
  3. Click Connect.
  4. A new window opens, prompting for your Username and Password. To use the default authentication method (a push to your primary device):
    1. Enter your Username: Your UMN internet ID
    2. Enter your Password: Your UMN password
    3. Click OK. A Duo Security push will automatically be sent to your default Duo device.

To verify your identity with any other method, continue to the next section.

Using Duo if You Don't Have Your Default Device

Unlike other UMN applications, Cisco AnyConnect does not allow you to select how you connect. By default, you will receive a push notification to your primary device. You may have a situation that requires verifying your identity using a different device, or using a method other than the default push, such as:

  • Using a personal or different device than the default when working remotely.
  • Using a work cell phone or departmental that must be left on campus. 
  • Forgetting or misplacing your primary Duo device. 

If you have additional devices added to your account, you can choose to connect to VPN from the following options:

To use an option other than the default push (or to push to an additional device), you need to add additional information after entering your password. 

Connecting Using an Additional Option

If you have multiple devices registered or you are using a passcode, you may add numbers at the end of a keyword to verify your identity with the desired device.

  1. Enter your Username: Your UMN Internet ID
  2. Enter your Password: Enter your password plus a keyword, separated by a comma:
    • Note: Make sure to add the comma between the password and keyword with no additional spaces.
      Cisco AnyConnect login with sample password "1Passwordexample,123456" highlighted.
    • To use a passcode, token, or bypass code: After the comma, enter the generated numbers, adding no additional spaces
    • To push a login request to the device of your choice: After the comma, enter "push"followed by the device number.
      • Example: password,push2 sends a push request to the second phone in your list of registered Duo Devices.
    • To receive a phone call to your phone of choice: After the comma, enter "phone" followed by the device number.
      • Example: password,phone3 calls the third phone in your list of registered Duo devices.
  3. Click OK.