Skip to main content

Cornell University

Install CU VPN for Mac

Install the Cisco AnyConnect software to connect to Cornell's VPN service. You must have administrative privileges to install the software.

This article applies to: CU VPN

Enter the following:

  1. Connect to The SSL VPN Service Login dialog box will open.
  2. Enter the following:
    • In the Group box, select Two-Step_Login. This is required for all VPNs as of July 15, 2021.
    • In the User Name box, enter your Cornell NetID or GuestID.
      Note: If you are connecting to a departmental VPN, enter your NetID and the name of the departmental group, for example, pqs665@departmental_group_name.
    • In the Password box, enter your NetID password.
    • In the DUO Passcode (push/SMS/phone) box, type one of the following options to complete Two-Step Login:
  3. A Downloads page will appear after a successful login. It may take a few seconds to a few minutes to collect information about your system.
  4. If you see two tabs labeled Download and Automatic Provisioning, select Download. (It's okay if you don't see these tabs.)
  5. Click Download for macOS.
  6. Navigate to your default downloads folder and double-click the anyconnect dmg file, then double-click the anyconnect pkg file.
    You may be asked to enter an administrative password for your computer.

    There two ways to get the DMG, which will change the next step on Install.

    If you download via (headend), you will get a DMG (webdeploy) that does not need to select the Installation Type. 
    CIsco AnyConnect pkg panel

    If you download the Cisco installers (out-of-band) from – you’ll need to select the tools as below.
    Cisco AnyConnect unpkg panel
  7. Follow the on-screen instructions.
    If asked, on the Installation Type screen, make sure VPN is selected and everything else is not selected.

    Webdeploy panel (skips the selection):
    Cisco Install AnyConnect Panel
    Cisco panel (from download):
    CIsco Custom Installz
  8. If installing on macOS 10.13 (High Sierra) or higher, you may see System Extension Blocked alert. If you see this alert, follow the lettered steps below. Otherwise, continue with step 9 below.
    1. Click Open Preferences (or Open Security Preferences). The System Preferences - Security & Privacy panel will open.
    2. Unlock the Panel clicking on the lock icon in the lower left corner.
      Cisco Security Privacy Window
    3. Next to System software from developer “Cisco” was blocked from loading click Allow.
    4. A Pop-up “Cisco AnyConnect Socket Filter” Would Like to Filter Network Content – click Allow.
      Cisco AnyConnect Socket Filter panel
    5. Close the Security & Privacy Panel.
    6. Click OK or Dismiss on the Extension Blocked dialog box.
  9. Close the installer.
For information about connecting using the CU VPN, see our Connect Mac to CU VPN article.


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.