Secure Sockets Layer (SSL) virtual private network (VPN) provides secure remote access from one machine to restricted/private resources across a public network. Virginia Tech's SSL VPN service, referred to as "Remote Access VPN”, is a service that allows a user to access Virginia Tech resources remotely across the globe. This service does not provide any end-to-end encryption to other services that are being accessed over VPN but does encrypt the traffic between your machine and the VPN device. )

Contents

• Prerequisites
• Supported Platforms
• Connection Options
• Instructions
  • Installing Cisco Secure Client in macOS
  • Connecting to the VPN in macOS
  • Disconnecting from the VPN in macOS
• Troubleshooting
  • Uninstalling Cisco Secure Client
• Related Links
  • Installing and Connecting to Remote Access VPN on Windows
  • Installing and Connecting to Remote Access VPN in Linux
  • Connecting to Remote Access VPN in Android or iOS
  • Remote Access VPN Frequently Asked Questions

Prerequisites

• All current Virginia Tech faculty, staff, and students are eligible to access Remote Access VPN.
• You must have an active Virginia Tech PID and DUO 2-factor configured. For more information on using DUO, please visit Using 2-Factor Authentication.
• You may use either Virginia Tech provided computers or personally owned computers to connect to Remote Access VPN, as long as they meet the minimum system and password requirements. 
• You must have access to an administrator account on the computer. If you have a computer owned by Virginia Tech and do not have that access, contact your Network Liaison or contact 4Help.
• To access Virginia Tech Remote Access VPN service you must enable both IPv4 and IPv6 stacks on your network adapter. IPv6 requirement is not dependent on your ISP's ability to provide you with an IPv6 address, this is because the VPN allocates you an IPv6 address and does need the IPv6 stack to be enabled on your network adapter. If you do not know how to enable IPv6 for your device, please contact your Network Liaison or contact 4Help. 

Top of page

Supported Platforms

For security reasons, we ask users to upgrade their machines to the latest version and update them periodically to receive any patches for vulnerabilities. Network Infrastructure and Services (NI&S) is unable to support operating systems that are no longer supported by the operating system manufacturer. 

To find out if your system is supported visit: Cisco Secure Client - Supported Operating Systems.

Top of page

Connection Options

We recommend VT Traffic as the connection profile that most of our users should use. We also offer an All Traffic connection option as well. For more information, see the Which Connection Profile Do I Use? section of Remote Access VPN Frequently Asked Questions.

Top of page

Installing Cisco Secure Client in macOS

1. Verify that your computer is running a supported macOS operating systems.
2. If you have not already done so, enroll in 2-factor authentication by following the instructions at Enrolling, Adding, Managing, or Removing a Duo 2FA Device.
3. If you previously used the Ivanti VPN client to connect to the Virginia Tech Remote Access VPN verify that it is uninstalled.  To uninstall the client see Uninstalling the Ivanti VPN Client from macOS. If you are unable to remove the Ivanti package, please contact your liaison or contact 4help.
4. To avoid any conflicts, delete all VPN connections.
   1. In the top-left corner of the screen, click the Apple.
   2. Click System Settings.
   3. Click Network on the left pane.
   4. If you have an VPN menu in the right pane click it to enter the VPN menu, otherwise continue to step 7.
      1. Click the circled “i” to the right of each VPN connection.
      2. At the bottom of the window, click Remove Configuration…
      3. Click Remove to confirm action.
5. To download the Cisco Secure Client installer, click the following link: 
   
   

   cisco-secure-client-macos-vpn.pkg (current version: 5.1.9.113)

   
   
   
6. When prompted, save the installer file to your computer. 
7. After the download is complete, in Finder, double-click cisco-secure-client-macos-vpn.pkg to launch the installer.
8. You may be asked for a local administrator account's username and password.  Enter those credentials and click OK.
9. A new Window should open for the VPN installer.
10. When the Welcome window displays click Continue.
    
11. Click Continue on the Software License Agreement.
12. On the window that pops up click Agree to the Software License Agreement.
    
    
    
    
13. You may be prompted to select a destination if you have multiple hard drives.  If you receive this window select where you want to install the Cisco Secure Client and click Continue.
    
    
    
    
14. Click Install to perform a standard installation of the Cisco Secure VPN software.
    
15. You may receive the following Cisco Secure Client Action Required window.  Follow the instructions provided on the window so that the Cisco Secure Client can operate properly.
    
    
    
    
16. Once installation is complete, select Close.
    
17. If you are experiencing any problems please review the Remote Access VPN Frequently Asked Questions before contacting 4Help by clicking Get Help at the top of this page.

Top of page

Connecting to the VPN in macOS

Initial Bootstrap Connection 

1. The first initial connection to the Cisco Secure AnyConnect VPN requires you to manually enter the connection details.  After you establish the initial connection the client will automatically update itself with any software updates as well as your standard connection profiles you will then use in the future.
2. Start by opening the Cisco Secure Client. Either click on its icon in the macOS top menu bar and selecting “Show Cisco Secure Client Window”, or by opening the Finder and navigating to Applications, Cisco and double clicking on Cisco Secure Client.
   
   
   
   
3. Enter into the text box:  https://vpn.vt.edu/VT-Traffic
   
   Then click Connect.
   
   
   
   
4. When you hit connect, your default browser will open and send you to login.vt.edu. In the browser window type in your VT credentials.
   1. In the Username text box, type your VT PID.
   2. In the Password text box, type your PID password.
   3. Click Login.
      
      
      
      
5. Complete 2-factor authentication. For issues with DUO, please visit this 4Help article 
   
    
   
   
6. The screen will default to your preferred 2-factor method.  If you prefer to use another method click on the Other options link.  The following list contains the options available for 2-factor authentication
   
   
   • To use push notification:
     
     1. Select Duo Push from the Other options list.
        (This will send a push notification to the first push-capable device that is enrolled in your Duo account. To send the push notification to a different device, select the last item from the Other options list, Manage devices.)
        
     2. When the push notification appears, accept the Duo push notification.
        1. If the push notification does not appear, see Duo Mobile App Errors, Problems, and Connection Issues / Duo Push Not Received.
   • To use a Yubikey:
     
     1. The Yubikey must be previously registered with Duo as AES. U2F tokens will not work. For instructions on enrolling devices to DUO, see this 4help article.
     2. Select Security key from the Other options list.
     3. When prompted to "Touch your security key" tap your YubiKey. The passcode will be automatically generated and submitted by the YubiKey for you.
   • To use a 6-digit numeric passcode from the Duo mobile app:
     
     1. Start the Duo mobile app.
     2. In the Duo mobile app, tap Show to the right of the hidden Passcode.
     3. On your computer select Duo Mobile passcode from the Other options list.
     4. In the Passcode text box, type the 6-digit numeric passcode from the Duo mobile app.
     5. Click Verify.
   • To use a 6-digit numeric passcode from a D-100 token or a software token:
     
     1. Use the D-100 token or the smartphone application to generate a 6-digit numeric code.
     2. On your computer select Duo Mobile passcode from the Other options list.
     3. In the Passcode text box, type the 6-digit D-100 numeric passcode.
     4. Click Verify.
   • To use a Bypass code from 4Help:
     1. Contact 4Help and obtain a bypass code.
     2. Enter the bypass code in the text box.
     3. Click Verify.
        
        
7. If this is the first time connecting on your machine you will receive the following prompt:
   
   
   
   If the computer is public or shared between multiple users select "No, other people use this device" so that your VPN login information is not saved.  If you are the only user of the computer select "Yes, this is my device". 
   
   
8. Once the VPN connection is established, the browser will display the following message. You are now connected to the VPN and can close that browser tab.   Also the Cisco Secure Client will now show a green checkmark next to the lock.
   
    
9. After the initial connection is successfully established your client will update itself.  You can continue to use the VPN while it is updating.  Later, when you disconnect and reconnect to the VPN you will notice new connection profiles have been added, VT Traffic and All Traffic.
10. If you do not know which of these connection profiles to use, we recommend using VT Traffic. For more information, see Which Connection Profile do I use?
11. If you are experiencing any problems please review the Remote Access VPN Frequently Asked Questions before contacting 4Help by clicking Get Help at the top of this page.

Top of page

Disconnecting from the VPN in macOS

1. Click on the Cisco Secure Client icon in the dock.  Alternately click on the icon in the upper right and select Show Cisco Secure Client Window.
2. In the Cisco Secure Client window, click the Disconnect button.
   
   
   
   Once the VPN disconnects the green checkmark will turn to a gray circle with three dots. 

Top of page

Uninstall the Cisco Secure Client

1. The following information is provided in the situation that the Cisco Secure vpn client is no longer working correctly and 4Help has advised you that the vpn client needs to be reinstalled. These instructions assume you have the appropriate admin permissions on your Mac system to install software. 
   
   
   1. Open the Finder
   2. navigate to Applications, then to Cisco.
   3. Click on Uninstall Cisco Secure Client.
   4. If present, click on Uninstall Cisco Secure Client - DART. 
   5. This will have removed all the Cisco Secure Client vpn software and you can continue troubleshooting with 4Help or reinstall the software.
      
      

Top of page