Configure VPN Client on your Computer, Tablet, or Phone


Overview

Download and configure the UCSD Virtual Private Network (VPN) Cisco Secure Client on your computer, phone, or tablet. If you would like more information about the campus VPN, see the Virtual Private Networks (VPN) at UCSD page.

See the steps for your operating system:

Critical Concepts

Two-Step Login

Steps to take

Windows 11 / 10

Before you begin: You must log into your computer with administrator rights.

  1. Download the corresponding Cisco Secure Client for your Windows version. This will be the file with the name that ends in "core-vpn-webdeploy-k9". then click Run.
    • NOTE: If you encounter any issues accessing this Sharepoint link, please try logging into mcvpn.ucsd.edu to access the download link titled Windows Client Download.
    • If you are unsure if your device is a Windows-on-Arm device, navigate to your system's Settings > System > About. Under "Device Specifications" > "System type", it will say "ARM-based processor" if your device is a Windows-on-Arm device.
  2. Install the Cisco Secure Client:
    1. Click Next to begin the installation.
    2. Accept the terms, and click Next.
    3. Click Install.
    4. You may be asked if you want to allow the following program to install software on this computer - Click Yes.
    5. Click Finish.
  3. If you are not a paid employee or are not being enforced as part of the Secure Connect project on the VPN, skip to step 6.
    1. If you are unsure if you are being enforced, see Secure Connect Timelines and Updates for the Secure Connect VPN rollout timeline.
  4. Download the VPN Cisco Secure Client - ISE Posture module. This will be the file name that ends in "iseposture-webdeploy-k9".
  5. Install the Cisco Secure Client - ISE Posture Module:
    1. Click Next to begin the installation.
    2. Accept the terms, and click Next.
    3. Click Install.
    4. You may be asked if you want to allow the following program to install software on this computer - Click Yes.
    5. Click Finish.
  6. Run the Cisco Secure Client.
    • Click on the Windows Start Button (this will display the Windows Start Menu). Click on All Apps and choose the Cisco folder.
  7. In the first window, enter vpn.ucsd.edu in the box and click on the Connect button to the right.
    Screenshot: AnyConnect client installation welcome screen. Click Next to continue.
  8. A second window will appear. Select your desired connection profile from the Group drop-down menu:
    • 2-Step Secured options:
      • split - Route only campus traffic through the UCSD VPN. All other traffic goes through your normal Internet provider.
      • allthruucsd - Route all traffic through the UCSD VPN.
        • Use this option when accessing the CMS.
    • secure-connect options - Needs to be used if you are required to comply with Secure Connect NAC.
      • split - Similar to "2-Step Secured - split" but for devices required to comply with Secure Connect NAC.
      • allthruucsd - Similar to "2-Step Secured - allthruucsd" but for devices required to comply with Secure Connect NAC.
      • Screenshot of the Cisco VPN Secure Client Tunnel groups with a red box around the secure-connect-allthu and secure-connect-split tunnel groups
  9. Enter your Active Directory username and password. For Duo Two-Step, please stop here and review how to use two-step on the VPN.
  10. Click Ok.

    Choosing VPN group and entering AD credentials for the VPN

    Screenshot of the AnyConnect VPN Client connected to the VPN with the ISE Posture Module displaying as compliant below it
  11. Next, navigate to "captive-portal.ucsd.edu". If you are required to comply with Secure Connect enforcement on the VPN, this page will say "UC San Diego VPN Security" at the top. If you do not see this, or already have the Posturing Agent (ISE Posture Module) installed, please skip to step 17.
  12. On the page that appears, click "Start". Then click on the "This is my first time here" dropdown menu.
  13. Under step 1, click on the "Click here to download and install Agent" link. This will download the required module to your device.
    • Screenshot of Secure Connect captive portal for VPN ISE posturing with a red arrow pointing to the installation link for the ISE posture module
  14. You may get an error when downloading the module. If so, hover the mouse over the download, click the 3 dots, and click "Keep"

    Screenshot of error message when downloading the VPN ISE posture module with the 3 dots clicked on and the button "Keep" highlighted

  15. When the module finishes downloading, click on the download to initiate the installation of the module.
    1. If you get the error "SmartScreen can't be reached right now", click "Run", then click "Yes".

      Screenshot of VPN Smartscreen error message indicating SmartScreen can't be reached right now with the button "Run" boxed with a dotted line

  16. In the window that appears, click "Connect". Once the installation finishes, click "Quit".
    1. You can now close out the "captive-portal.ucsd.edu" website.
  17. If the device does not have all of the required software for connecting to the VPN, you will be redirected to articles on how to become compliant.
    1. If you are not already logged into the "Services & Support" website, you will then need to use your Active Directory (AD) credentials to log in and access the articles.
    2. Follow the steps in the articles to download and install the required software.
    3. Once your device has all of the required software, the ISE Posture module should automatically re-scan your device to check again for compliancy.
      1. If the module does not automatically re-scan your device, you can click the "Scan Again" button in the VPN client under "ISE Posture" to re-run the scan.
  18. To disconnect from the VPN after your session is finished:
    1. Click on the Windows Start Button (this will display the Windows Start Menu). Click on All Apps and choose the Cisco Secure Client.
    2. When the window appears, click on the Disconnect button.

Mac OS X

You must log into your computer with administrator rights.

Computer must be running Mac OS X 10.10.x and above to use the Cisco Secure Client. Older Mac operating systems are no longer supported.

  1. If the client was previously installed on your device, uninstall old client by following these steps (this will require a computer restart):
    1. Go to your Applications folder.
    2. Locate and double-click on the Cisco folder.
    3. Double-click on Uninstall Cisco Secure Client.
    4. Click Uninstall.
    5. Enter your computer's administrator password.
    6. You will then see a message saying that "Cisco Secure Client has been uninstalled".
      • Click Close.
    7. Restart your computer.
  2. Download the VPN Cisco Secure Client.
    • NOTE: If you encounter any issues accessing this Sharepoint link, please try logging into mcvpn.ucsd.edu to access the download link titled MAC Client Download.
  3. After the download completes, double-click the cisco-secure-client-macos installation file. The installer icon shown below will appear on your desktop.

    Screenshot of MacOS Cisco Secure Client installer with the Cisco Secure Client.pkg and the Profiles folder

  4. Run the installation package by double-clicking on the Cisco Secure Client package image.
  5. Install the Cisco Secure Client:
    1. Click Continue to begin the installation.
    2. Click Continue.
    3. When the Software License Agreement window appears, click Agree to accept.
    4. Deselect all of the options except for "ISE Posture". If you are not a paid employee or are not being enforced as part of the Secure Connect project on the VPN, deselect all of the options, including "ISE Posture".
      1. If you are unsure if you are being enforced, see Secure Connect Timelines and Updates for the Secure Connect VPN rollout timeline

        Screenshot of VPN custom installer with only the ISE Posture checked

    5. Click Continue.
    6. Click Install.
    7. If prompted, enter your Administrative (system) username and password.
    8. You may get the following "Action Required" pop-up . If you do, click on "Open System Settings" on the bottom of the pop-up.

      Screenshot of VPN Action Required pop-up for VPN service not being enabled on Mac

    9. In the Systems Settings window that appears, toggle "Cisco Secure Client - AnyConnect VPN Service" on. If prompted, enter your Administrative (system) username and password.
    10. You may then get the following "Action Required" pop-up . If you do, click on "Open System Settings" on the bottom of the pop-up.

      Screenshot of VPN Action Required pop-up for VPN system extension blocked on Mac

    11. In the System Settings window that appears, click Allow
    12. When you see the "Install Succeeded" pop-up window, click Close to continue.
    13. You may then get the following pop-up. Click Allow.

      Screenshot of VPN Socket Filter pop-up for filtering network content

  6. Run the Cisco Secure Client by going to the Cisco folder in Applications and double-clicking the Cisco Secure Client.
  7. Enter vpn.ucsd.edu in the "Connect to" field.
  8. Press the return (enter) key.
  9. Select your desired connection profile from the Group drop-down menu:
    • 2-Step Secured options:
      • split - Route only campus traffic through the UCSD VPN. All other traffic goes through your normal Internet provider.
      • allthruucsd - Route all traffic through the UCSD VPN.
        • Use this option when accessing the CMS.
    • secure-connect options - Needs to be used if you are required to comply with Secure Connect NAC.
      • split - Similar to "2-Step Secured - split" but for devices required to comply with Secure Connect NAC.
      • allthruucsd - Similar to "2-Step Secured - allthruucsd" but for devices required to comply with Secure Connect NAC

        Screenshot of the Cisco VPN Secure Client Tunnel groups with a red box around the secure-connect-allthu and secure-connect-split tunnel groups

  10. Enter your AD username and password. For Duo Two-Step, please stop here and review how to use two-step on the VPN.
  11. Click OK.

    Screenshot of the AnyConnect VPN Client connected to the VPN with the ISE Posture Module displaying as compliant below it
  12. Next, navigate to "captive-portal.ucsd.edu". If you are required to comply with Secure Connect enforcement on the VPN, this page will say "UC San Diego VPN Security" at the top. If you do not see this, or already have the Posturing Agent (ISE Posture Module) installed, skip to step 18.
  13. On the page that appears, click "Start". Then click on the "This is my first time here" dropdown menu.
  14. Under step 1, click on the "Click here to download and install Agent" link. This will download the required module to your device

    Secure Connect captive portal for VPN ISE posturing with a red arrow pointing to the installation link for the ISE posture module

  15. When the module finishes downloading, navigate to the Downloads folder and double-click on the file with the ".dmg" extension. Then double-click the "Cisco Network Setup Assistant" to initiate the installation of the module.
  16. In the window that appears, click "Connect". Once the installation finishes, click "Quit".
    1. You can now close out the "captive-portal.ucsd.edu" website.
  17. If you encounter the following prompt or any similar prompts from "csc_iseposture", click "Don't Allow".

    Screenshot of the "csc_iseposture" module requesting access to files on the computer
  18. Upon connecting to one of the secure-connect connection profiles, a compliance module will automatically install on your device. Once this has finished installing, the ISE Posture module will evaluate your device's compliance to security standards.
  19. If the device does not have all of the required software for connecting to the VPN, you will be redirected to articles on how to become compliant.
    1. If you are not already logged into the "Services & Support" website, you will then need to use your Active Directory (AD) credentials to log in and access the articles.
    2. Follow the steps in the articles to download and install the required software.
    3. Once your device has all of the required software, the ISE Posture module should automatically re-scan your device to check again for compliancy.
      1. If the module does not automatically re-scan your device, you can click the "Scan Again" button in the VPN client under "ISE Posture" to re-run the scan.
  20. To disconnect from the VPN after your session is finished:
    1. Open the Cisco Secure Client application.
    2. Click on the Disconnect button.

Screenshot of Cisco Secure Client with a red box around the disconnect button and a red arrow pointing to the red box

Android / Chromebook

  1. Open the Google Play store on your Android or Chromebook device and search for "Cisco Secure Client".
    1. For Chromebooks, if you do not have the Google Play store, follow these steps to get the Google Play store app. (Note: you must be signed into a non-guest account on your Chromebook.)
  2. Click Install.
  3. Enter the VPN Connection:
    1. Open the Cisco Secure Client app.
    2. Select Connections.
    3. Select Add New VPN Connection.
    4. In Description enter: UCSD
    5. In Server Address enter: vpn.ucsd.edu
    6. Click Done.

      Screenshot: settings on VPN connection

  4. On the Cisco Secure Client home screen, turn on Cisco Secure Client by selecting the Off toggle (it will change to On).
  5. A second window will appear. Select your desired connection profile from the Group drop-down menu:
    • 2-Step Secured options:
      • split - Route only campus traffic through the UCSD VPN. All other traffic goes through your normal Internet provider.
      • allthruucsd - Route all traffic through the UCSD VPN.
        • Use this option when accessing the CMS.
  6. In the username field, enter your Active Directory (AD) username.
  7. In the Passcode field, enter your Active Directory (AD) password. For Duo Two-Step, please stop here and review how to use two-step on the VPN.
  8. Click Connect.
  9. To disconnect from the VPN after your session is finished:
    1. Open the Cisco Secure Client.
    2. On the Cisco Secure Client home screen, turn off Cisco Secure Client by clicking the On toggle (it will change to Off).

iPhone / iPad

  1. Using your iPhone or iPad, download the Cisco Secure Client app from the App Store.

    Screenshot: AnyConnect app on App Store

  2. Add a VPN Connection:
    1. Click on Connections.
    2. Click Add VPN Connection.
    3. Fill out the requested information:
      • Description: UCSD VPN
      • Server Address: vpn.ucsd.edu
    4. Click Save.
    5. When prompted if you would like to "Add VPN Configurations", click Allow.
  3. Connect to the VPN:
    • On the main page, toggle the Cisco Secure Client VPN button to On position.

      Screenshot: AnyConnect VPN button to on position (green, to the right)

    • Select your desired connection profile from the Group drop-down menu:
      1. Only use the ones labeled "2-Step Secured" or "secure-connect". 
      2. 2-Step Secured options:
        • split - Route only campus traffic through the UCSD VPN. All other traffic goes through your normal Internet provider.
        • allthruucsd - Route all traffic through the UCSD VPN.
          • Use this option when accessing the CMS.
    • Enter your Active Directory (AD) credentials.
    • Click Connect.
    • A Duo push will be sent to the Duo app; approve it and then return to the Cisco Secure Client app.
    • Accept the connection.

      The Duo push when connecting to the VPN

  4. To disconnect from the VPN after your session is finished, toggle the Cisco Secure Client VPN button to the OFF position.

    Screenshot: Disconnect toggle in off position

 

Linux

Before you begin: You must either log into your computer with administrator rights or have the system root password.

Debian/Ubuntu/Linux Mint:

  1. Download the VPN Cisco Secure Client, choosing the file named cisco-secure-client-linux64-5.1.14.145-predeploy-k9.tgz (the version may be different).
  2. Open your terminal application.
  3. Go to the directory where the file downloaded (using the cd command).
  4. Type tar -xzf cisco-secure-client-linux64-5.1.14.145-predeploy-k9.tgz (you may need to modify the filename if the version has changed), then press enter to decompress the archive.
  5. Type cd cisco-secure-client-linux64-5.1.14.145/vpn (you may need to modify the filename if the version has changed) to change directories to the installed files.
  6. Type sudo ./vpn_install.sh and press enter to install the VPN package. You may need to enter your password.
  7. If you are not a paid employee or are not being enforced as part of the Secure Connect project on the VPN, skip to the "To use" section.
    1. If you are unsure if you are being enforced, see Secure Connect Timelines and Updates for the Secure Connect VPN rollout timeline.
  8. Type cd cisco-secure-client-linux64-5.1.14.145/iseposture (you may need to modify the filename if the version has changed) to change directories to the ISE posture module files.
  9. Type sudo ./iseposture_install.sh and press enter to install the ISE posture module. You may need to enter your password.

Other (e.g. Arch):

  1. Download the VPN Cisco Secure Client, choosing the file named cisco-secure-client-linux-arm64-5.1.14.145-predeploy-k9.tgz (the version may be different).
  2. Open your terminal application.
  3. Go to the directory where the file downloaded (using the cd command).
  4. Type tar -xzf cisco-secure-client-linux-arm64-5.1.14.145-predeploy-k9.tgz (you may need to modify the filename if the version has changed), then press enter to decompress the archive.
  5. Type cd cisco-secure-client-linux-arm64-5.1.14.145/vpn (you may need to modify the filename if the version has changed) to change directories to the installed files.
  6. Type sudo ./vpn_install.sh and press enter to install the VPN package. You may need to enter your password.
  7. If you ever need to uninstall the VPN, enter sudo ./vpn_uninstall.sh in the same directory.

To use:

  1. Run the Cisco Secure Client by searching for the application called Cisco Secure Client.
  2. Enter vpn.ucsd.edu in the Connect to field.
  3. Click Connect.
  4. Select your desired connection profile from the Group drop-down menu:
    • 2-Step Secured options:
      • split - Route only campus traffic through the UCSD VPN. All other traffic goes through your normal Internet provider.
      • allthruucsd - Route all traffic through the UCSD VPN.
        • Use this option when accessing the CMS.
      • secure-connect options - Needs to be used if you are required to comply with Secure Connect NAC.
        • split - Similar to "2-Step Secured - split" but for devices required to comply with Secure Connect NAC.
        • allthruucsd - Similar to "2-Step Secured - allthruucsd" but for devices required to comply with Secure Connect NAC

          Screenshot of the list of VPN tunnel groups with a red box around the secure-connect groups

  5. Enter your AD username and password. For Duo Two-Step, please stop here and review how to use two-step on the VPN.
  6. Click Connect. If you are not required to comply with the Secure Connect NAC VPN or your VPN already shows "ISE Posture", skip to step 12.

    Screenshot of the Secure Client VPN with the ISE posture module installed

  7. You will be redirected to a page with "UC San Diego VPN Security" at the top. On this page, click "Start".
  8. If you do not have the required module for your VPN instance, click on the "This is my first time here" dropdown menu.
  9. Under step 1, click on the "Click here to download and install Agent" link. This will download the required module to your device.
  10. When the module finishes downloading, click on the download to initiate the installation of the module.
  11. In the window that appears, click "Connect". Once the installation finishes, click "Quit".
  12. To disconnect from the VPN after your session is finished:
    1. Right-click the Cisco Secure Client icon located near the top right corner of your screen.
    2. Select Quit.

Screenshot: AnyConnect icon located in top right corner of screen. Quit available on drop down menu.

If you still have questions or need additional assistance, please contact the ITS Service Desk. You can call us at (858) 246-4357, email us at support@ucsd.edu, or submit a ticket at support.ucsd.edu.