Remote Access

A resource for employees to connect remotely using Azure Virtual Desktop (AVD), Cisco AnyConnect VPN (also referred to as RESCUE) or the Citrix Access Gateway (CAG).

silver iMac with keyboard and trackpad inside room

How can an employee connect remotely?

VA offers staff and contractors three ways to connect remotely.

yourIT Service Portal

If you are a VA staff member having problems connecting, please contact the  IT help desk. You can either call 855-673-4357 (711 for TTY-based Telecommunications Relay Service) or visit the yourIT Service Portal (VA network access required).

Azure Virtual Desktop (AVD)

Azure Virtual Desktop (AVD) is designed for users with non-VA-issued Windows 10, Windows 11, macOS, iPadOS, or iOS devices. This is the preferred option for users needing access to a standardized VA desktop (PIV or eToken required).

Learn more about AVD

Citrix Access Gateway (CAG)

CAG is great for both personally owned or government-issued devices. It now allows access to Microsoft OneDrive and Microsoft’s New Teams, and enables access to some clinical and specialty business applications not available in AVD.

Visit the RA Portal for more information

Quick Start Guides (network access required)
 Windows MacOS | Government Furnished iOS

Access CAG

Cisco AnyConnect VPN (Rescue)

The Cisco AnyConnect VPN client is for government-issued laptops, desktops, and mobile devices only. It is not a virtual desktop, but rather a direct VPN connection to the VA network and the primary method of connectivity for government-issued devices

Visit the RA Portal for more information

RA Portal Quick Start Guide
(network access required)

VA Telework

  • Telework is governed by VA Handbook 5011/26/31 Part II Chapter 4. Employees working with their supervisor would need to determine telework suitability and eligibility to telework.  Once determined telework eligible the employee would need to fill out VA Form 0740 Telework Agreement (Intranet access required, PDF), the Telework Notification Letter – Employee Eligible to Telework, and you will need to complete Talent Management System (TMS) training as follows:

    • All managers must complete TMS Course VA1366994 — Telework Training Module for Managers.
    • All employees requesting telework must complete
      • TMS Course VA1367006—Telework training module for employees
      • TMS Course VA10176—VA Privacy and Information Security Awareness and Rules of Behavior
      • TMS Course VA10203 Privacy and HIPAA Training

    Additional information on telework can be found Office of Human Resources Management Telework webpage (only available while on VA’s internal network) and OPM’s Telework website.

    VA Remote Access

    VA Handbook 6500  identifies the compliance requirements for VA remote access users.

    VA supports remote access with two different applications 1. Citrix Access Gateway (CAG) and 2. CISCO RESCUE VPN Client.   The Citrix Access Gateway is designed for users that do not have VA Government Furnished Equipment (GFE) – CAG is a good option to allow users access to general applications such as email and chat.  The CISCO RESCUE VPN Client is only for use on VA Government Furnished Equipment (GFE) and is installed on all GFE laptops.   Users would still need to request remote access and have their remote access accounts enabled for use with either CAG or RESCUE.

    You may request remote access by visiting the Remote Access Self Service Portal ( only available while on VA’s internal network).

    Please note the Self-Service Portal is only accessible from within the VA network, it is not externally accessible. If you require technical support, please reference the FAQs and other supporting documentation found at https://raportal.vpn.va.gov or contact the Enterprise Service Desk (855) 673-4357.

    Software, supporting documentation, FAQs and general information are hosted at the VA’s Remote Access Information and Media Portal. Please ensure you have Transport Layer Security (TLS) 1.1 enabled on your web browser before attempting to access this site. To enable TLS within Internet Explorer: Select ‘Tools’, then ‘Internet Options’, then the ‘Advanced’ tab. Enable the checkbox for ‘Use TLS 1.1’ (found towards the end of the list).

    How do users or facilities request equipment if they require VPN access?

    1. Click the “Your IT” Icon on your desktop or go to YourIT Services ( only available while on the VA’s internal network)
    2. Click “Make a Request”
    3. Click “Computer Services,” under categories
    4. Click on “OIT Equipment and Software”
    5. Complete all required fields.
    6. Tag request for COVID in “Justification,” field

    If you do not require VPN, use the CAG process.

  • Citrix Access Gateway (CAG)

    What is CAG?

    CAG stands for Citrix Access Gateway and its purpose is to provide remote access from a personal PC (non-GFE equipment).  The Citrix Access Gateway provides access to a virtual desktop and basic applications like email and Teams as well as the most used applications by VA end users.  The current CAG URL is https://citrixaccess.va.gov.

    How do I access CAG?

    Additional software and instructions to connect to VA CAG are available on the Remote Access Portal. Once connected to CAG, if you do not see the applications you require to effectively perform your remote access duties, please contact the Enterprise Service Desk (ESD).

    CAG requires 2 Factor Authentication (2FA) by default for all users. The methods supported include PIV, CAC, and MobilePASS. If you need a temporary exemption from using 2 Factor Authentication, please contact the Enterprise Service Desk.

    Enterprise Service Desk (ESD)

  • Cisco AnyConnect VPN (RESCUE)

    What is Rescue GFE Virtual Private Network (VPN) and how do I get it?

    This is designed and recommended to be the sole VPN solution for Government Furnished Equipment (GFE) devices. RESCUE GFE provides a security posture check and ensures VA data is encrypted from the end device into the VA trusted network. Prior to the device connecting and being allowed onto the VA trusted network the system is checked for multiple security baselines.

    Once the system has been determined to have met the requirements an encrypted Security socket Layer (SSL) VPN tunnel from the endpoint to the VA network is established. The user has access to all allocated resources just the same as if they were sitting inside of the VA network. This software is installed on all GFE laptops prior to being provided to the user. Currently RESCUE GFE supports Windows 7, Windows 8, Windows 10 and MAC OSX.

    Can I get a VA Router to support GFE VPN?

    No, OIT does not have routers to issue to end users in support of end user’s remote access connections. You do not need a VA router in order to access the VA network. You will need Internet access and the Cisco RESCUE Client which is already installed on your GFE in order to access the VA Network.

    How do I change the VPN gateway?

    By default, Cisco AnyConnect automatically selects VPN servers available to it. There are occasions when that does not work. The instructions below display how users can address VPN disconnects, especially as more users connect remotely over the coming weeks.

    1. Start Cisco AnyConnect VPN
    2. If Automatic is selected in the client, click on the gear in the lower left
    3. In the VPN tab of the setting screen, uncheck Enable automatic server selection. Close the settings.
    4. You now should have the flexibility of selecting the VPN gateway of your choice

    VPN software updates as described previously

    • VPN will stay connected for 23 hours at which time you will be disconnected. Keep this in mind and reconnect to prevent work interruptions.
    • VPN users should stay connected for continuous security patching and updates.

    Additional troubleshooting tips

    • If you encounter a certificate error, verify that you have a valid PIV card by checking the expiration date
    • Try restarting your computer

  • Visit the RA Portal for the latest information on smart card reader support.

PIV Exemptions

Using the yourIT Self Service, you can now initiate your own 24-hour PIV exemption!

What is Employee Self-Service?

  • A method to access the self-service options of the yourIT Service Portal from outside of the VA network.
  • It is available from any internet-connected device.
  • It is designed to return you to full operations as fast as possible.

What services are currently available?

  • PIV cardholders (almost all employees) can initiate an immediate 24-hour PIV Exemption, for situations such as accidentally leaving your PIV at home.
  • VA Network Account Password Reset is available for those who use a password to access their VA account due to mission-specific requirements.

Who do I contact with questions?

If you need assistance using Employee Self-Service, call the ESD at (855) 673-4357.

Go to the yourIT Self Service Portal

Tips for telework

    Optimize your WiFi

    • Place your router in a central area of your home and elevate it off the floor in an upright position.
    • Make sure there are no obstructions around the router, and it’s not near items that may interfere with the WiFi signal, including walls, furniture, metal surfaces, Bluetooth devices, other electronic equipment (e.g., TVs and computers), appliances (e.g., refrigerators and microwaves).
    • Check to see if different locations in your house offer better connectivity. If you are connecting via a wireless network and your preferred location has a poor connection, consider purchasing a wireless extender to increase the signal for that area.
    • Avoid using unsecured WiFi networks
      • Secure your home WiFi networks with a password.
      • VA WiFi and hotspots (often provided by VA OIT as Verizon MiFi devices) are approved WiFi connections.
    • Check to see what the highest-level security setting your router and devices will support. If they support WPA2, use that, since it is superior to the WEP protocol. If they do not support it, use WPA, not WEP, since WEP is less secure and can reduce internet speeds.
    • If wireless connectivity continues to be problematic and your router provides the ability to connect an ethernet cable, you may want to consider this.

    Your internet service

    • Your internet company or cable provider allocates a finite block of capacity to each of its customers. As more and more people start to work from home in your neighborhood, overall speeds may decrease. Expect decreased speeds during peak usage times.
    • There are various services available to test your internet speeds, and often your internet service provider or cable company will have these tools on their website. If you find that your speeds are slower than you expect, you need to contact your internet service provider.
    • Check your provider’s website to see whether there are any local internet outages in your area. If there are, the problem is one beyond your device or connection.

    While Connected to the VA Network (AVD, CAG, or VPN)

    • Maintain relationships with team members and managers through agency-approved tools, such as Webex, Teams, or Slack. Share calendars with team members.
    • Make sure your availability status in Teams or Slack is accurate. If you can’t be disturbed, change your status, but don’t use it to be avoided.
    • Be mindful of different time zones and working times — respect free and busy times, even if you are working when others are not.
    • When participating in meetings, find a quiet space and join the meeting from somewhere free of loud background noise. When not speaking, remember to mute your phone to minimize background noise.
    • Avoid using video features while connected.

    Other tips

    • Take regular breaks throughout the day. Teleworking can tempt you to work through breaks and lunch, but this isn’t a good practice long term. Your mind and your body need to take breaks to stay productive.
    • Spend time with your friends and family.
    • Communicate often. Email, instant messages, and phone are all available to you to communicate. Without being face-to-face, a lot can get lost in translation, so reach out often.
    • Make sure you get enough sleep. It’s tempting to stay up late when you’re working from home. Getting enough rest is essential for your health and for your productivity at work.
    • Web browsers store data from websites that you visit to make revisiting them quicker in the future, and if it gets too large, it can slow your computer down. To clear the cache or change the caching behavior, go to settings or use the help system. Note: If using a GFE or CAG, some browser settings are not available.
    • You should have antivirus software installed on your personal computers. Most internet service providers make it available for free to help protect their networks.
    • Back up your files and data regularly.
    person typing on MacBook Pro on brown wooden table during daytime photo
    boy in blue sweater using ipad
    man and girl sitting on brown dock near boat and two white ducks during daytime

Close

US Department of Veterans Affairs

Your feedback matters

Is this website or content helpful? Please let us know. This is anonymous and not stored. Please do not provide personal information — it will not be acted upon. Use Ask VA for questions related to services and benefits. If you or someone you know is in crisis, do not use this form, but connect with the Veterans Crisis Line — Call 988 and press 1 or visit VeteransCrisisLine.net.

Close

We’re here anytime, day or night - 24/7

If you are a Veteran in crisis or concerned about one, connect with our caring, qualified responders for confidential help. Many of them are Veterans themselves.

Get more resources at VeteransCrisisLine.net.