Mount Sinai VPN, officially accessed at msvpn.mountsinai.org, is the secure remote access gateway for MSSM employees, Icahn School of Medicine faculty, nurses, residents, and affiliated students.
Whether you need to log in from home, connect via MSVPN on a mobile device, or troubleshoot a failed mssm vpn login, this guide walks you through every step.
Unlike generic VPN tutorials, this guide is specific to Mount Sinai Health System’s Symantec VIP-based authentication, the Cisco AnyConnect client used on desktop, and the SSL web portal fallback for devices that cannot install the client software.
We will explain Mount Sinai VPN access, from setup to troubleshooting. It addresses common issues such as login problems and connection timeouts. By the end, you will know how to connect securely, resolve basic issues yourself, and maintain the safety of healthcare data.
| Quick Answer: How to Log In to Mount Sinai VPN 1. Open the Cisco AnyConnect client (or go to msvpn.mountsinai.org in your browser) 2. Enter server: msvpn.mountsinai.org 3. Username: your Mount Sinai Network ID4. Password: your network password 5. VIP Security Code: 6-digit code from the Symantec VIP Access app 6. Click Connect / Logon |
Table of Contents
What is Mount Sinai VPN (MSVPN)?
Mount Sinai VPN, commonly referred to as MSVPN or Sinai VPN, is a Virtual Private Network service operated by the Icahn School of Medicine at Mount Sinai (MSSM) IT Security team. It encrypts your internet connection and tunnels it through Mount Sinai’s internal network, giving you secure remote access to clinical systems, Epic EHR, email, research databases, and HR portals, exactly as if you were sitting at a workstation inside the hospital.
The VPN is built on Cisco AnyConnect technology and uses Symantec VIP Access for two-factor authentication (2FA). Data in transit is encrypted end-to-end, ensuring HIPAA compliance for any patient information accessed remotely.
What MSVPN Gives You Access To
- Epic electronic health records (remote access Mount Sinai)
- Mount Sinai webmail and Outlook
- Meditech HIS and clinical databases
- MSSM research portals and library resources
- HR systems and employee self-service
- Internal intranet and departmental file shares
2. Who Can Use Sinai VPN? Eligibility & Access
Access to vpn mssm is restricted to authorized individuals with an active Mount Sinai Network ID. Eligible users include:
- Full-time and part-time MSSM employees
- Icahn School of Medicine faculty and staff (icahn vpn users)
- Residents, fellows, and medical students with active network accounts
- Authorized contractors and affiliated researchers
If you do not yet have access, contact the Mount Sinai IT Helpdesk to initiate onboarding. New users must complete mandatory information security training before VPN credentials are provisioned.
3. Mount Sinai VPN Login: Step-by-Step

The primary login method uses the Cisco AnyConnect Secure Mobility Client. Before you begin, make sure you have:
- Your Mount Sinai Network ID and network password
- The Symantec VIP Access app is installed on your smartphone.
- Cisco AnyConnect is installed on your computer (see setup sections below)
Desktop Login Process (Windows & Mac)
- Launch Cisco AnyConnect from your Applications folder (Mac) or Start Menu (Windows).
- In the server address field, type: msvpn.mountsinai.org, then click Connect.
- Enter your Mount Sinai Network ID in the Username field.
- Enter your network password in the Password field.
- Open the Symantec VIP Access app on your phone and note the current 6-digit security code.
- Enter that code in the Second Password / VIP Security Code field.
- Click OK or Connect. A green padlock icon in your system tray confirms a successful connection.
Tip: The VIP security code rotates every 30 seconds. If it changes while you are typing, wait for the next cycle and enter the fresh code.
Verifying Your Connection
After connecting, test access by opening Mount Sinai webmail or navigating to an internal resource such as the employee intranet. If pages load correctly, your mount sinai vpn login was successful. You can also confirm by checking your IP address, it should resolve to a Mount Sinai network range.
4. How to Set Up MSVPN on Windows
System requirements: Windows 10 or Windows 11. Administrator privileges are required for installation.
Step 1: Download Cisco AnyConnect
Obtain the installer exclusively from Mount Sinai IT Services (via the employee portal or IT helpdesk). Do not download from third-party sources; unofficial builds may be outdated or contain malware.
Step 2: Run the Installer
- Right-click the downloaded .exe file and select Run as Administrator.
- Accept the End User License Agreement.
- Choose the default installation path unless IT documentation specifies otherwise.
- Accept any User Account Control (UAC) prompts; these are required to install network adapters.
- Wait for the installation to complete, then restart your computer if prompted.
Step 3: Configure and Connect
On first launch, you may need to add the server address manually. Click the gear icon, select Preferences, and add msvpn.mountsinai.org to the server list. Then follow the desktop login steps above.
Windows-Specific Issues
- Windows Defender or third-party antivirus: Add Cisco AnyConnect to the exclusion list if connection attempts are blocked.
- Windows Updates: If VPN stops working after a Windows update, reinstall AnyConnect or contact IT for the latest compatible version.
- Network adapter errors: Update network drivers via Device Manager and, if issues persist, uninstall and reinstall the VPN client.
5. How to Set Up Mount Sinai VPN on Mac
System requirements: macOS 10.15 Catalina or later recommended.
Installation Steps
- Download the Cisco AnyConnect .pkg or .dmg installer from Mount Sinai IT.
- Double-click to open the installer and follow the on-screen prompts.
- Approve the installation in System Preferences > Privacy & Security if macOS flags the developer.
- Grant permission when macOS asks to add VPN configurations, this is required for the tunnel to function.
- Once installed, open Cisco AnyConnect from the Applications folder or the menu bar.
Mac-Specific Notes
- Keychain conflicts: If the VPN repeatedly asks for your password despite saving it, open Keychain Access and remove duplicate or expired msvpn entries.
- macOS Ventura / Sonoma: System Extensions from Cisco AnyConnect must be approved in System Preferences > Privacy & Security > General.
- After major macOS upgrades, recheck that the VPN extension is still approved, as updates can revoke permissions.
6. Mount Sinai VPN on Mobile: iOS & Android
Mobile access to MSVPN Mount Sinai is supported through the official Cisco AnyConnect app available on both platforms.
iOS (iPhone / iPad)
- Download Cisco Secure Client (formerly AnyConnect) from the App Store.
- Open the app and tap Add VPN Connection.
- Enter msvpn.mountsinai.org as the server address.
- Save the connection and tap it to connect.
- Enter your Network ID, password, and Symantec VIP code when prompted.
Android
The process is identical, download Cisco Secure Client from the Google Play Store and follow the same configuration steps. Note that Android’s battery optimization features can terminate background VPN connections; disable battery optimization for the AnyConnect app to maintain a stable connection.
Mobile Tips
- Keep your phone’s date and time set to Automatic. VIP security codes are time-sensitive and will fail if your device clock is off.
- Use Wi-Fi over cellular for VPN connections when accessing large files like medical imaging.
- If your VPN disconnects when switching from Wi-Fi to cellular, reconnect manually or enable the Always-On VPN option if your IT policy permits it.
7. msvpn.mountsinai.org – Web Browser Login (SSL VPN)
If you cannot install Cisco AnyConnect on your device, for example, on a shared workstation, a Chromebook, or a locked-down corporate machine, you can use the SSL VPN web portal at msvpn.mountsinai.org directly in your browser.
How to Use the Web Portal
- Open a modern browser (Chrome, Edge, or Firefox recommended).
- Navigate to https://msvpn.mountsinai.org.
- Enter your Network ID and password.
- Enter your Symantec VIP security code.
- Click Logon. You will land on a portal page with links to approved internal resources, including webmail and clinical apps.
Important: The web portal does not give full network-level VPN access. It provides browser-based access to specific published resources. For full tunnel access, required to connect to internal applications like Meditech, you need the Cisco AnyConnect client installed.
8. Common MSSM VPN Login Errors & How to Fix Them

The following table covers the most frequently reported issues for mssm vpn login, msvpn login, and msh vpn connections, based on common IT helpdesk patterns.
| Error | Most Likely Cause | Fix |
| Authentication Failed | Wrong Network ID or password; Caps Lock on | Re-enter credentials carefully; reset password via IT portal |
| VIP Code Rejected | Device clock out of sync; code expired | Set phone time to Automatic; wait for next code cycle |
| Account Locked | Multiple failed login attempts | Wait 30 min or call IT Helpdesk to unlock |
| Connection Timeout | Firewall blocking VPN ports; server busy | Check router firewall; try alternate server or web portal |
| DNS Resolution Failure | DNS cache stale; wrong DNS settings | ipconfig /flushdns (Win) or sudo dscacheutil -flushcache (Mac) |
| Certificate Error | Expired cert; system clock wrong | Sync system clock; reinstall AnyConnect or contact IT |
| Slow Speeds | High server load; bandwidth-heavy background apps | Close unnecessary apps; connect to nearest available server |
| Intermittent Drops | Power management sleeping network adapter | Disable power management for network adapter in Device Manager |
Authentication Errors in Detail
“Authentication failed” repeated errors are the most common mount sinai vpn login issue. The top causes are:
- Typing your email address instead of your Network ID (use your ID number, not name@mountsinai.org)
- Password expired. Mount Sinai requires password changes every 90 days.
- VIP Access app not linked to your account, contact IT to re-provision your token
After three to five failed attempts, your account will be temporarily locked. Do not keep retrying, wait 30 minutes, or call the IT Helpdesk.
Connection Timeout & Firewall Issues
If you get a timeout connecting to msvpn.mountsinai.org, your home router or corporate firewall may be blocking VPN traffic. Cisco AnyConnect uses:
- UDP 443 and TCP 443 for DTLS/TLS traffic
- UDP 4500 and 500 for IKEv2
Ensure these ports are open in your router’s firewall. If you are on a corporate network, contact your local IT team, they may need to whitelist the Mount Sinai VPN server.
9. Mount Sinai Remote Access: Epic, Webmail & Clinical Systems
Once connected via sinai vpn, you have the same access to systems as an on-campus user. Here is how to reach the most common resources for Mount Sinai remote access:
Accessing Epic Remotely
Epic EHR is the primary clinical system for patient records. With an active VPN connection, open Epic Hyperspace from your installed client or via the Citrix portal link provided on the VPN landing page. For Mount Sinai remote epic access specifically, confirm with your department IT liaison that your Epic role includes remote access permissions, as some functions are restricted to on-site use.
Mount Sinai Webmail
Webmail (Outlook Web App) is accessible both with and without the VPN through https://webmail.mountsinai.org. However, if your organization has restricted OWA to internal networks only, you will need the VPN active first. After VPN login, click the Webmail link on the portal page or navigate directly to the webmail URL.
Other Clinical and Administrative Systems
- Meditech HIS: Accessible via the full Cisco AnyConnect tunnel (not the browser-only SSL portal)
- PeopleSoft / HR Portal: Accessible via web portal or full tunnel
- Library databases and PubMed: No VPN required, but VPN may be needed for licensed journal access
- Citrix Virtual Apps: Mount Sinai also offers a Citrix-based virtual desktop that can serve as an alternative remote access method.
10. Advanced Settings: Split Tunneling, DNS & Protocols
Split Tunneling
Split tunneling routes only Mount Sinai-bound traffic through the encrypted VPN tunnel while sending general internet traffic through your regular connection. This reduces load on hospital servers and speeds up non-clinical browsing. Whether split tunneling is enabled on your account depends on IT policy; it is not a setting you can change yourself, as it is configured server-side.
DNS Configuration
When connected, Cisco AnyConnect automatically pushes Mount Sinai DNS servers to your device, ensuring internal hostnames like intranet.mountsinai.org resolve correctly. If you experience DNS failures while the VPN is active, try:
- Flushing your DNS cache (see error table above)
- Disconnecting and reconnecting to AnyConnect
- Contact IT if the issue persists; your DNS push policy may need updating.
Protocol Selection
Cisco AnyConnect negotiates the best available protocol automatically. In most cases, it uses DTLS (Datagram TLS over UDP 443) for speed. On restrictive networks, it falls back to TLS over TCP 443. You do not need to change this manually.
11. Security Best Practices for MSVPN Users

You are accessing HIPAA-protected patient data remotely. These practices are not optional; they are your professional and legal responsibility.
Password & Credential Security
- Use a unique, complex password (minimum 12 characters, mix of letters, numbers, symbols) that you do not reuse on other accounts.
- Never share your Network ID or password with colleagues, even during handoffs or coverage situations.
- Use a reputable password manager to generate and store your credentials securely.
- Change your password every 90 days as required by Mount Sinai IT policy.
- If you suspect your credentials are compromised, change your password immediately and notify IT Security.
Multi-Factor Authentication (MFA)
The Symantec VIP Access 2FA requirement is your primary defense against unauthorized access. Keep the VIP Access app on a device only you control, your personal smartphone, not a shared tablet or work device used by multiple people. If you get a new phone, re-provision your VIP token with IT before your old device is wiped.
Network Safety
- Avoid accessing Mount Sinai clinical systems on public Wi-Fi, even with VPN active, as coffee shops, airports, and hotel networks introduce additional risk vectors.
- Use a wired Ethernet connection for stable, secure VPN access when working with large datasets or time-sensitive clinical applications.
- Log out of the VPN when your session ends. Do not leave it connected unattended.
- Keep Cisco AnyConnect and your operating system fully updated.
Frequently Asked Questions
1. What is the MSVPN server address?
The Mount Sinai VPN server address is msvpn.mountsinai.org. Enter this in the Cisco AnyConnect server field or use it to navigate directly in your browser for the SSL web portal.
2. What is the difference between msvpn.mountsinai.org and msvpn mountsinai org?
They refer to the same server; msvpn.mountsinai.org is the full domain name. Both msvpn.mountsinai.org and msvpn.mountsinai.org in a browser will resolve to the same login portal.
3. Who is eligible for VPN MSSM access?
Active MSSM employees, Icahn School of Medicine faculty, residents, fellows, students, and authorized contractors. Contact the IT Helpdesk to request access if you do not already have it.
4. How do I fix a failed MSSM VPN login?
Verify your Network ID (not email address), confirm Caps Lock is off, check that your password has not expired, and ensure your phone’s clock is set to Automatic for accurate VIP codes. If the account is locked, wait 30 minutes or call IT.
5. Can I use Sinai vpn from outside the United States?
International VPN usage may be restricted or require special IT approval depending on your destination country. Contact Mount Sinai IT Security before traveling internationally if you need VPN access abroad.
6. How many devices can I use for Mount Sinai VPN simultaneously?
Most user accounts allow one or two simultaneous connections. If you need more concurrent connections for legitimate work reasons, contact your department’s IT liaison.
7. What do I do if the Symantec VIP code keeps failing?
Ensure your mobile device’s time zone and clock are set to Automatic (not manual). VIP codes are time-based; even a 30-second clock discrepancy causes failures. If the issue persists after syncing, contact IT to re-provision your VIP token.
8. Is there a web portal for Mount Sinai remote access without installing software?
Yes, visit https://msvpn.mountsinai.org in any modern browser to use the SSL VPN portal. This grants browser-based access to approved resources without installing Cisco AnyConnect, but does not provide full network tunnel access.
9. How do I access Mount Sinai’s remote Epic access?
Connect to the VPN first via Cisco AnyConnect, then open Epic Hyperspace from your installed client or through the Citrix link on the VPN landing page. Ensure your Epic account has remote access permissions. Confirm with your department IT contact if you cannot see patient records remotely.
10. What is the IT Helpdesk contact for VPN issues?
Contact details are maintained on the Mount Sinai intranet and the employee portal. Reach out via phone, email ticket, or live chat. Have your Network ID, device type, operating system version, and a description of any error messages ready before calling to speed up resolution.
Conclusion
Mount Sinai VPN (MSVPN) is a critical tool for every MSSM employee, Icahn School of Medicine faculty member, and affiliated healthcare professional who needs secure remote access. The login process through msvpn.mountsinai.org is straightforward once Cisco AnyConnect is properly installed and your Symantec VIP Access token is active.
Whether you are resolving a failed mssm vpn login, setting up sinai vpn on a new device, or configuring Mount Sinai remote access for Epic, this guide has covered every step. Follow the security best practices outlined above and keep your credentials, software, and authentication app updated to ensure uninterrupted, HIPAA-compliant remote access to Mount Sinai Health System resources.
For ongoing issues, the Mount Sinai IT Helpdesk remains your primary resource. Bookmark msvpn.mountsinai.org for direct access to the VPN portal.



