2factor VPN - Service Description

The Office of Campus Information Security (OCIS) provides a higher-security VPN service called 2factor VPN which is intended for users who need to remotely access sensitive or secure data.

This document relates to the 2factor (OCIS) VPN service which is provided by the Office of Cybersecurity for users who need VPN access for interacting with highly sensitive data. It should not be confused with the more general WiscVPN service, which is available to all UW-Madison students, faculty, and staff with a valid NetID.


Because of the need for greater security when accessing certain kinds of secure information, the Office of Campus Information Security (OCIS) has established 2factor VPN, a higher-security VPN service for remote access. This service is intended to provide additional security (beyond what is available in WiscVPN) using the following measures:

  • Authentication is certificate-based instead of being secured by NetID and password exclusively
  • Users will connect using Cisco's Cisco AnyConnect SSL client instead of the current WiscVPN IPsec client
  • All IP assignments are static (instead of dynamic)
  • Includes intrusion detection and protection

Support Conditions

The 2factor VPN service is intended primarily for DoIT staff and HRS project staff and is not currently available campus-wide. In order to access the 2factor VPN service, you must be added as an eligible user. Note that the WiscVPN service will continue to be available for those users who are not eligible for OCIS VPN access.

Those who are eligible to use the 2factor VPN service will first need to obtain a personal digital certificate in order to access the service. This is the same certificate used for digitally signing email (sometimes called PKI), and so some users may already have this certificate.

Users will also need to download and install the Cisco AnyConnect VPN client in order to access the 2factor VPN service. This client is available for Windows (both 32-bit and 64-bit versions) as well as Mac OS X (both Intel and PowerPC) and Linux.

For the downloading and installing Cisco AnyConnect VPN please see: 2factor VPN (Win) - Installing AnyConnect VPN client on Windows


The 2factor VPN service should be available 24 hours a day, 7 days a week. However, the service does have a regularly scheduled maintenance window on Sunday mornings from 9:00 AM to 11:00 AM. During this time, users may have trouble connecting to the 2factor VPN.

Keywords:virtual private network office of campus information security secure wireless sensitive data protecting protection 2factor VPN ipsec   Doc ID:9988
Owner:Leah S.Group:DoIT Help Desk
Created:2009-05-20 19:00 CDTUpdated:2016-02-05 11:26 CDT
Sites:DoIT Help Desk, DoIT Tech Store
Feedback:  1   0