Skip to main content

Cornell University


On This Page

On Wednesday, June 5, 2024, Cisco AnyConnect VPN (also known as CUVPN) will be updated. Cisco is making a name and icon change that could cause confusion. Learn more about the key differences and what to expect.
Two-Step Login is required for all users to authenticate to the CU VPN. Use these links for directions on how to complete the new login screen for CU VPN:

Use Cornell's virtual private network (VPN) service when you need to connect to IT resources hosted on campus, resources that would otherwise be unavailable from distant networks. CU VPN provides an added layer of security for accessing services hosted on Cornell's campus networks.


  • Encrypts network traffic between your computer and the Cornell IT resources hosted on campus to protect against electronic eavesdropping.
  • Provides secure access to IT resources hosted on campus that would otherwise be unavailable from distant networks.

Who Can Use CU VPN

CU VPN can be used by students, faculty, trustees, staff, those with sponsored NetIDs, and selected affiliates. It is not available for alumni and retirees.

You must have a valid NetID to use CU VPN. If you don't have a NetID--for example, some contractors or vendors--you may be eligible for a Sponsored NetID. Contact the department you're working with for more information.

Services That Require CU VPN

Here's a short list of services that require CU VPN when you're connecting from your home network (or other non-Cornell network):

In addition, some department systems may require Cornell VPN when you're off campus. Your department's IT or computer support staff can tell you if any systems have that requirement.

VPN and Cloud-Based Applications

CU VPN uses split tunneling, meaning only traffic to and from Cornell's IT resources hosted on campus use the VPN tunnel. Cloud-based services and other internet services (not hosted on campus) do not use the CU VPN tunnel. That means most of the university's IT services do not use the CU VPN. For example, Office 365, hosted by Microsoft, does not go over the tunnel. Cloud-based applications are secured using HTTPS, CUWebLogin, or Two-Step Login, but not through CU VPN.

Departmental VPNs

The departmental VPN option allows units to establish and manage VPNs for exclusive use by their own staff, restricting access to individuals identified by and working within the unit. Departments can have one or more private networks, and individuals can be in as many as the department allows.

Support Contact:

Cornell IT Service Desk

Normal Business Hours: Monday-Friday, 8am-6pm (Eastern Time)
Emergency Service Disruptions: After Hours Support

Service Details:


Cornell's VPN service provides an added layer of security when you're connecting from off campus to university IT resources hosted on campus. (It's required to connect to some services.)


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.