VPN Desktop Application


The Cisco AnyConnect Secure Client provides valid Tufts users with secure remote access to the Tufts network. From a desktop or laptop computer, the VPN allows full access to all Tufts network resources, such as Q: and R: drives and restricted Web pages, and provides users with an experience very similar to the one they enjoy while on campus. The pages give more information about the Cisco AnyConnect Secure Client desktop application.

  1. Visit the Tufts Box folder that contains the Cisco Secure Client executable files that are required for installation of the application. Tufts VPN client downloads folder in Box


  2. Find the file that you require for your computer.
    • If you are on an Apple computer, you will want the file that contains "Mac" in the file name. (Note: The file name ends with .pkg and the file type is Disk Image.)
    • If you are on a Windows computer, you will want the file that contains "Windows" in the file name. (Note: The file name ends with .exe and the file type is Application.)
  3. Click on the More Options button for that file. 
  4. Click on Download.
  5. Find the executable file that was downloaded to your computer.
  6. Double-click on the file to open it and follow the steps in the installer to complete the installation. During this process you may be asked to enter your administrator credentials. If you are on a Tufts computer and do not have administrator rights, contact the Tufts Technology Service Desk at (617) 627-3376 for assistance.Secure Client installation window



Notes for Mac Users

Note #1

  • If you are on a Mac, you may get a warning that the file comes from an "unidentified developer". Click OK.Warning about unidentified developer


  • Open your System Preferences and select Security & Privacy.Accessing the Security and Privacy settings


  • The bottom portion of the Security & Privacy window will have a message about the installation file being blocked. Click Open Anyway.Opening the Cisco AnyConnect installation file


  • A window will appear asking you to confirm that you want to open the file. Click Open.Confirming that you want to open the Cisco AnyConnect installation file


Note #2

  • When installing the Secure Client, you may get a notification about a required action! Follow the directions to give Secure Client the necessary access to operate correctly. Go into your System Settings > General > Login items, and make sure the toggle for "Cisco Secure Client - AnyConnect VPN Service" is ON!required action dialog box during install



Note: The directions below are for general VPN usage available for all Tufts users with Duo 2FA-enabled (two-factor authentication) accounts.

  1. Locate the Cisco AnyConnect Secure Client application on your computer. 
    • On a PC go to Start > Programs. Locate and open the Cisco folder. 
    • On a Mac go to the Applications folder and select the Cisco folder. 
  2. Double click on the Cisco AnyConnect Secure Client application to open it. 
  3. In the window that appears, do one of the following:
    • For a direct connection to the general Tufts VPN profile (available to all Tufts users) - In the VPN server field, enter “vpn.tufts.edu/duo” and click Connect. Proceed directly to Step 5.entering vpn.tufts.edu/duo into server field
    • To be presented with a dropdown list of additional VPN profiles (Note: Access via these profiles requires special privileges.) - In the VPN server field, enter “vpn.tufts.edu” and click Connect. Proceed to Step 4.entering vpn.tufts.edu into server field
  4. If you entered “vpn.tufts.edu” in the previous step, a Group dropdown menu will be available in the login screen. The majority of users should select “Tufts-DUO-Authentication” for general VPN usage. The other profiles require special privileges to access.Group options
  5. In the Username field, enter your Tufts username (eg. jjumbo01).
  6. To complete the Password field, pick one of the options below. What you pick will determine how you will be asked to complete two-factor authentication – Push (Default), Call, or Hardware Token Passcode. Note that the default behavior will be a push to the Duo Mobile application on your mobile device if you simply put in your password, but you can choose an alternate Duo authentication method via Duo's Append Mode. The steps are described in detail below.
    • To authenticate via Duo Push (default)
      • Enter your Tufts password.
      • Click OK.
      • You will receive a push notification on the Duo mobile app on your smartphone. Click Approve to complete the login process.entering password
    • To authenticate via Duo Call
      • Enter your Tufts password and the word “phone” separated by a comma. (i.e. TuftsPassword,phone). If you have multiple phone numbers registered with Duo, you can have Duo call your second registered number by entering “phone2”, etc.
      • Click OK.
      • You will receive a phone call at the number you have registered with Duo. When prompted, press any key to verify your login.entering password and the word "phone" separated by a comma and no spaces
    • To authenticate via Hardware Token Passcode
      • Press the button on your hardware token to generate a new passcode.
      • In the Password field, enter your Tufts password and the passcode on your hardware token separated by a comma. (i.e. TuftsPassword,728292).
      • Click OK.entering password and passcode separated by a comma and no spaces

Once your login has been verified, you will be able to use the VPN. An icon will appear in your status bar on a PC or the menu bar on a Mac indicating that you now have a secure link to the Tufts network.

VPN icon showing connected status

Remember to disconnect at the end of every session to ensure that you do not have a secure link open for another user to access. 

One of the benefits of connecting to the VPN portal a secure remote access connection to the Tufts network with full access to all Tufts network resources, such as Q: and R: drives.  Click this link to locate instructions on how to map to and access network drives on both a PC and a Mac.

A Note on Working Directly off of a Network Drive

It is possible, while using the VPN, to work on documents directly through a network drive, but it is not advised. Connection issues may corrupt open network documents. Additionally, if the document is on a shared drive, working directly on the network copy keeps others from being able to view or copy the file. To avoid any issues, best practice is to work off of a local copy (a file copied from a network drive to your local computer). While using the VPN, locate your document and save it to your local computer. Once you have completed your work, you can copy it back to the network drive.

  1. Click on the VPN icon on your status bar (PC) or menu bar (Mac).
  2. Select Disconnect.Disconnecting from VPN on PC and Mac