VPN: Using Duo Append Mode with Cisco AnyConnect

Certain Departmental Pools, and starting March 29, 2020, both General Access VPN Pools require Two Factor Authentication (2FA) through Duo Security. Since the Cisco AnyConnect application does not support the inline Duo Prompt to choose your authentication method, instead this is handled with the Duo Append Mode. 

Append Mode by default will send a push notification to a your default device, but allows you to choose from our other supported 2FA methods, passcode, phone call, and push to other devices.

Using Duo 2FA with Cisco AnyConnect

  1. Launch the Cisco AnyConnect Secure Mobility Client. 
  2. Choose the appropriate VPN Pool from the drop-down menu and click Connect.
    • The available choices should be, "UMN - Departmental Pools", "UMN - Full Tunnel - General Access VPN Pool", and "UMN - Split Tunnel - General Access VPN Pool".
  3. A separate window should open, prompting for your Username and Password.
  4. To use the default authentication method, a push to a your default device, simply enter your information and click OK.
    1. Username: Internet ID
    2. Password: Internet Password
  5. To use any other method for authentication, please consult the table below.
    • The format is as follows, [Internet ID Password],[Type], i.e. comma separated with no additional spaces.
    • If you have multiple devices registered, you may add a number to the end and dictate which device will be used.

      This table outlines the Duo Append Mode choices, shows specific examples, and outlines the intended action.
       TypeExample To...

       passcode

       password,123456 Login using a passcode generated in Duo Mobile, by a token, or generated Bypass Codes.
       push 

      password,push

      password,push2

       Push a login request to your device of choice.
      phone 

      password,phone

      pasword,phone3

       Authenticate with a phone callback to your phone of choice.
    • In the table, €˜push2' and 'phone3', would send a push request to the second phone in your list of registered Duo Devices and a phone call to the third.
  6. With successful authentication, the Cisco AnyConnect application should have a message at the top, "Connected to [VPN Pool]" based on which VPN Pool was chosen. 
  7. To disconnect and end the connection, simply click Disconnect.