Skip to content Skip to site navigation Skip to service navigation

Remote Access VPN

A private connection to Stanford's network to access restricted services

With Cisco ending support of AnyConnect on March 31, 2024, Stanford is transitioning to an updated client with a new name: Cisco Secure Client.  The upgrade experience will vary depending on the AnyConnect version you're using. Refer to this IT Community article to learn more.

Use Stanford's remote access virtual private network (VPN) to create a private encrypted connection over the Internet between a single host and Stanford's private network, SUNet. 

Stanford's VPN allows you to connect to Stanford's network as if you were on campus, making access to restricted services possible. There are two types of VPN available:

  • Default Stanford (split-tunnel) allows access to anything at stanford.edu via the VPN connection but non-Stanford traffic flows normally on an unencrypted internet connection.
  • Full Traffic (non-split-tunnel) encrypts all internet traffic from your computer but may inadvertently block you from using resources on your local network, such as a networked printer at home.

Features

  • When using VPN, your off-campus computer is dynamically assigned a Stanford IP address to connect back to Stanford's network.
  • A Stanford IP address allows you access to Stanford's computing resources and certain campus services (e.g., departmental file and print servers).
  • Cisco Secure Client Start Before Logon

Designed for

Faculty, staff, and students

Requirements

  • An active SUNet ID
  • Windows 8 SP1 and later
  • Mac OS X 11 and later*
  • iOS 10 or later
  • Android OS 6.0 or later

*Note for macOS Big Sur (11)When you log in to the Cisco Secure Client VPN, you may be prompted to upgrade to a new version of software. If you choose to upgrade, you'll see a System Extension Blocked alert directing you to go to System Preferences > Security & Privacy to allow the extension. The approval field is only present in the Security & Privacy preferences pane for 30 minutes after the alert. If the extension is not approved with in 30 minutes the software will not function correctly.

Data security

VPN Data Security

Get started

Select your operating system to see the VPN configuration instructions for your device:

Note: if you are experiencing DNS issues, you can *temporarily* configure your VPN client to connect to the Stanford VPN directly via IP address: 171.66.1.252

*If you require support with your Linux system & VPN connectivity, please contact your local IT group.

Learn more

Do I need VPN to access Stanford systems remotely?

Many commonly used Stanford applications and services are available directly from the Internet without the use of VPN. While VPN does encrypt your data in transit, nearly all of the web-based applications you access already default to secure https communication, and are therefore already encrypted.

Examples of commonly used Stanford services which do not require VPN:

  • Microsoft 365
  • Zoom
  • WebEx
  • Axess
  • Oracle Financials
  • Cisco Jabber
  • Slack
  • Google Drive
  • G Suite

University IT (UIT) recommends that you do not enable your VPN connection unless the server or application that you are trying to access requires a VPN connection. Using VPN adds unnecessary additional overhead, which may degrade the user experience while connected, especially for video conferencing, streaming services, or applications.

How can I tell if I need to use VPN?

Many secure servers within the Stanford University network do require the use of VPN. There is no published list of these servers, but it is easy to quickly determine whether the server/system you are attempting to connect to requires VPN with this simple test: try performing daily duties without the VPN enabled. If you cannot access a service, enable the VPN and try again.

I need to enable VPN. Do I use the split-tunnel or full-tunnel profile?

If you do require a VPN connection, UIT recommends that you use the split-tunnel profile rather than full-tunnel. The split-tunnel profile enables the Internet-bound traffic to flow directly outbound via your home ISP, without first going to the Stanford VPN, and then route to the Internet. This also ensures better performance overall. Please remember that when using the full-tunnel profile, all traffic from your system routes first through the Stanford VPN and then out to the Internet.

How do I access restricted library journals from off-campus?

Stanford University Libraries (SUL) updated the method by which authorized community members access restricted journals from off-campus.

Rather than using Stanford's VPN (Virtual Private Network), SUL wants community members to use its EZProxy service: https://web.archive.org/web/20230426033350/https://library.stanford.edu/using/connecting-e-resources/connect-campus-faq 

See also

Last modified March 15, 2024