Skip to main content

Cornell University

Install CU VPN for Mac

Install the Cisco Secure Client software to connect to Cornell's VPN service. You must have administrative privileges to install the software.

This article applies to: CU VPN

Enter the following:

  1. Connect to https://cuvpn.cuvpn.cornell.edu. The SSL VPN Service Login dialog box will open.
  2. Enter the following:
    • In the Group box, select Two-Step_Login. This is required for all VPNs as of July 15, 2021.
    • In the User Name box, enter your Cornell NetID or GuestID.
      Note: If you are connecting to a departmental VPN, enter your NetID and the name of the departmental group, for example, pqs665@departmental_group_name.
    • In the Password box, enter your NetID password.
    • In the DUO Passcode (push/SMS/phone) box, type one of the following options to complete Two-Step Login:
  3. A Downloads page will appear after a successful login. It may take a few seconds to a few minutes to collect information about your system.
  4. If you see two tabs labeled Download and Automatic Provisioning, select Download. (It's okay if you don't see these tabs.)
  5. Click Download for macOS.
  6. Navigate to your default downloads folder and double-click the anyconnect dmg file, then double-click the anyconnect pkg file.
    You may be asked to enter an administrative password for your computer.

    There two ways to get the DMG, which will change the next step on Install.

    If you download via cupvn.cuvpn.cornell.edu (headend), you will get a DMG (webdeploy) that does not need to select the Installation Type. 
    CIsco AnyConnect pkg panel

    If you download the Cisco installers (out-of-band) from downloads.cornell.edu/vpn – you’ll need to select the tools as below.
    Cisco AnyConnect unpkg panel
  7. Follow the on-screen instructions.
    If asked, on the Installation Type screen, make sure VPN is selected and everything else is not selected.

    Webdeploy panel (skips the selection):
    Cisco Install AnyConnect Panel
    Cisco panel (from download):
    CIsco Custom Installz
During the client install, a pop-up window will appear. You will be prompted to grant local administrator (not Cornell) approval for two items. Grant approval with your MacOS fingerprint reader or password. Allow/enable Cisco Secure Client to run, and Cisco Secure Client - Socket Filter to support safe DNS. If the pop-up notifications disappear before you can click on them, click on the date/notification bar to re-display. 
  1. If installing on macOS 10.13 (High Sierra) or higher, you may see System Extension Blocked alert. If you see this alert, follow the lettered steps below. Otherwise, continue with step 9 below.
    1. Click Open Preferences (or Open Security Preferences). The System Preferences - Security & Privacy panel will open.
    2. Unlock the Panel clicking on the lock icon in the lower left corner.
      Privacy and Security window in Mac with "Allow" button circled.
    3. Next to System software from application "Cisco Secure Client - Socket Filter" was blocked from loading click Allow.
    4. A Pop-up “Cisco Secure Client - Socket Filter” Would Like to Filter Network Content – click Allow.
      Network Content Filter Permissions window with "Allow" circled.
    5. Close the Security & Privacy Panel.
    6. Click OK or Dismiss on the Extension Blocked dialog box.
  2. Close the installer.
For information about connecting using the CU VPN, see our Connect Mac to CU VPN article.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.