Quick Start Instructions

  1. Launch the Cisco AnyConnect Secure Mobility Client software if you've previously downloaded the client, otherwise install it via our self service software options for Mac and Windows or visit vpn.broadinstitute.org in Chrome to download. If you plan to connect through the VPN from your mobile or tablet device, download Cisco AnyConnect app and follow these steps.
  2. Connect to vpn.broadinstitute.org.


  3. Log in with:
    • Group: Duo-Split-Tunnel-VPN
    • Username: Broad username.
    • Password: Broad password.
    • Second Password: Two-factor authentication method via Duo (push, sms, phone, or 6-digit passcode).


  4. Click accept to finish connecting.


General Information

The Broad Institute computing network is protected by a firewall and to access internal resources from a remote location or over the public internet the Broad Virtual Private Network (VPN) must be used. This requires the user to authenticate using their Broad username and password in order to make a connection.

Our VPN is the Cisco AnyConnect Secure Mobility Client. Cisco AnyConnect is a Web-based VPN which works with current versions of Chrome, Firefox, and Safari. It is designed to operate on Windows 10, Mac OS X version 10.13 or later, plus Red Hat Enterprise 6 and Ubuntu 11.0 and later distributions of Linux. This client can be automatically downloaded and installed onto your computer when connecting, and it configures itself. No manual configuration is necessary


Usage Instructions

The preferred method of connecting to the VPN is via the Duo-Split-Tunnel-VPN. This will route traffic destined for Broad on-prem resources over the VPN tunnel, while other traffic will route over your default connection. This keeps traffic such as Netflix or VOIP phone calls from congesting the Broad VPN. Please use this method unless directed otherwise.

The other option is to route ALL traffic over the VPN using Z-Duo-Broad-NonSplit-VPN. This will allow access to resources which require a Broad IP address, such as journal websites or cloud projects with restricted firewall rules. It is extremely important that you do not use any high bandwidth applications while connected to Z-Duo-Broad-NonSplit-VPN, such as streaming services (Netflix, Hulu, Spotify, etc) and data transfer (scp, gsutil, rsync, etc).


Acceptable Use Policy

Usage of the VPN is governed by the Broad Acceptable Use Policy. VPN sessions which compromise the availability of the VPN service, including excessive bandwidth usage, will be terminated without notice. BITS will attempt to provide clarification and instruction for any VPN session terminated.


General Installation Instructions

Installation of AnyConnect VPN on Windows and Mac OS X operating systems is pretty straightforward.

If you have trouble getting the client installed, detailed instructions for Windows and Mac OS X systems are available here.


Specific Instructions by Operating System


While the AnyConnect Mobility VPN is officially supported on several Linux distributions (namely Red Hat Enterprise 6 and Ubuntu 11.0 and later), Cisco provides rather limited instructions for its installation and troubleshooting. Doing a web search for AnyConnect and Linux will return various pages with examples from the Open Source community which can be additionally helpful. BITS support and assistance with Linux installations is currently very limited.

Another VPN alternative is an Open Source client that usually works quite well called - OpenConnect. The exact commands to install it on each version of Linux differ, but in most cases you can find them by searching online. After OpenConnect is installed, you can create a new OpenConnect VPN connection and supply the gateway: vpn.broadinstitute.org ,using your Broad username and password to connect. Additional information on OpenConnect can be found in our knowledge base.


VPN Not Necessary on the Broad-Internal wireless network

If you are using a "Broad Owned" computer, you should be able to connect to and use our Broad-Internal Wireless Network when on site at any of our buildings. This network is exclusively for Broad employees and their systems. When connected to Broad-Internal you are already "Inside" the network so VPN is NOT necessary. We encourage all employees to use this internal network whenever needed. Additional information about this internal wireless network can be found here: Broad-Internal

However if you are using your own personal laptop etc., you still need to use the VPN in order to access internal resources. In this case you would first connect to our "public" wireless network just called Broad.