VPN help

Expand All

Details of how to connect to the VPN are available on our VPN Service page.

After connecting to the VPN you use your computer as normal, but your internet connection will be identified as coming from the University and your internet traffic will route across University servers.

Some online resources can only be accessed by devices connected to the University's network or VPN.

Most services do not require you to use a VPN, but commonly restricted services are:

  • HR Self-Service
  • Secure web pages
  • Departmental network drives

You may not be able to use the VPN service where:

  • your internet service provider blocks the use of a VPN.
  • you are not using the Cisco Secure Client - AnyConnect VPN application.
  • you cannot install the Cisco VPN application on your device.
  • the Cisco VPN software is not available for your device.
  • your Cisco VPN application is not up to date.
  • you do not sign in using your sign-on (SSO) details.

The VPN service was updated in April 2023 to use your single sign-on (SSO) password. You must now provide your SSO username in the format abcd1234@ox.ac.uk and your SSO password when connecting.

We are not aware of a way for the AnyConnect VPN application to remember your username or password.

To replace the password used for the VPN you must update your SSO password.

Most VPN applications are not compatible with the University VPN service as they do not support multi-factor authentication (MFA).

Cisco AnyConnect and Cisco Secure Client are currently the only supported VPN applications, any others could stop working without notice.

The Cisco AnyConnect socket filter is installed along with the VPN on macOS devices and has a role in monitoring, routing and filtering network traffic on the VPN connections.

The socket filter runs all the time, but does not do anything when the VPN is not connected.  If required, it can be removed if you delete the application "Cisco AnyConnect Socket Filter.app" then reboot.

Operating system Version check
Windows Open Cisco Secure Client / AnyConnect, select  , then check the version number is the same or higher than on our VPN download page
macOS Open Cisco Secure Client / AnyConnect, check that the version number listed in the bottom-right of its window matches our VPN download page
Linux Open Cisco Secure Client / AnyConnect, select  , then check the version number is the same or higher than on our VPN download page
iOS Check your device's app store to update Cisco Secure Client / AnyConnect
Android Check your device's app store to update Cisco Secure Client / AnyConnect


If you encounter issues connecting to printers and other devices on your local network whilst using the VPN:


  1. In Cisco Secure Client / AnyConnect, select the cog icon  
  2. Select the Preferences tab
  3. Ensure Allow local (LAN) access when using VPN (if configured) is ticked

By default your network traffic is sent through the VPN while connected, with the following exceptions:

  • High volume Microsoft traffic, such as Teams, to allow the service to have greater capacity.
  • Local network traffic, so you can connect to devices such as printers and home assistants.

If you are concerned about the security of your network, you should instead connect to vpn.ox.ac.uk/tunnel-all to make all network traffic to go through the VPN tunnel.  You will still be able to connect to printers and other devices on your local network.

The VPN application requires an SSL tunnel and optionally a DTLS tunnel.

  • SSL: TCP port 443
  • DTLS: UDP port 443

The VPN application contacts the servers in the IP range

The VPN application is given an IP address from the private IP range or

The private addresses are mapped by dynamic PAT to a public IP address in the IP range

Further information regarding the Cisco VPN client  is available to University IT Support Staff (ITSS), with specific articles on:

  • Split Tunnelling Profiles and Local LAN Access
  • Customising the Cisco VPN Client
  • Automatic updates with the Cisco VPN Client
  • AnyConnect Socket Filter on macOS
  • Configuring the Cisco VPN Client Installer for macOS

Cisco also provide release notes and a troubleshooting guide for the Cisco Secure Client.


Get support

If you cannot find the solution you need here then we have other ways to get IT support

Get IT support