A resource for employees to connect remotely using Azure Virtual Desktop (AVD), Cisco AnyConnect VPN (also referred to as RESCUE) or the Citrix Access Gateway (CAG).
VA offers staff and contractors three ways to connect remotely.
yourIT Service Portal
If you are a VA staff member having problems connecting, please contact the IT help desk. You can either call 855-673-4357 (711 for TTY-based Telecommunications Relay Service) or visit the yourIT Service Portal (VA network access required).
Azure Virtual Desktop (AVD) is designed for users with non-VA-issued Windows 10, Windows 11, macOS, iPadOS, or iOS devices. This is the preferred option for users needing access to a standardized VA desktop (PIV or eToken required).
CAG is great for both personally owned or government-issued devices. It now allows access to Microsoft OneDrive and Microsoft’s New Teams, and enables access to some clinical and specialty business applications not available in AVD.
Visit the RA Portal for more information
Quick Start Guides (network access required)
Windows | MacOS | Government Furnished iOS
The Cisco AnyConnect VPN client is for government-issued laptops, desktops, and mobile devices only. It is not a virtual desktop, but rather a direct VPN connection to the VA network and the primary method of connectivity for government-issued devices
Visit the RA Portal for more information
RA Portal Quick Start Guide
(network access required)
Additional information on telework can be found Office of Human Resources Management Telework webpage ( only available while on VA’s internal network) and OPM’s Telework website.
VA Handbook 6500 identifies the compliance requirements for VA remote access users.
VA supports remote access with two different applications 1. Citrix Access Gateway (CAG) and 2. CISCO RESCUE VPN Client. The Citrix Access Gateway is designed for users that do not have VA Government Furnished Equipment (GFE) – CAG is a good option to allow users access to general applications such as email and chat. The CISCO RESCUE VPN Client is only for use on VA Government Furnished Equipment (GFE) and is installed on all GFE laptops. Users would still need to request remote access and have their remote access accounts enabled for use with either CAG or RESCUE.
You may request remote access by visiting the Remote Access Self Service Portal ( only available while on VA’s internal network).
Please note the Self-Service Portal is only accessible from within the VA network, it is not externally accessible. If you require technical support, please reference the FAQs and other supporting documentation found at https://raportal.vpn.va.gov or contact the Enterprise Service Desk (855) 673-4357.
Software, supporting documentation, FAQs and general information are hosted at the VA’s Remote Access Information and Media Portal. Please ensure you have Transport Layer Security (TLS) 1.1 enabled on your web browser before attempting to access this site. To enable TLS within Internet Explorer: Select ‘Tools’, then ‘Internet Options’, then the ‘Advanced’ tab. Enable the checkbox for ‘Use TLS 1.1’ (found towards the end of the list).
If you do not require VPN, use the CAG process.
Citrix Access GatewayCAG stands for Citrix Access Gateway and its purpose is to provide remote access from a personal PC (non-GFE equipment). The Citrix Access Gateway provides access to a virtual desktop and basic applications like email and Teams as well as the most used applications by VA end users. The current CAG URL is https://citrixaccess.va.gov.
Additional software and instructions to connect to VA CAG are available on the Remote Access Portal. Once connected to CAG, if you do not see the applications you require to effectively perform your remote access duties, please contact the Enterprise Service Desk (ESD). CAG requires 2 Factor Authentication (2FA) by default for all users. The methods supported include PIV, CAC, and MobilePASS. If you need a temporary exemption from using 2 Factor Authentication, please contact the Enterprise Service Desk.
This is designed and recommended to be the sole VPN solution for Government Furnished Equipment (GFE) devices. RESCUE GFE provides a security posture check and ensures VA data is encrypted from the end device into the VA trusted network. Prior to the device connecting and being allowed onto the VA trusted network the system is checked for multiple security baselines. Once the system has been determined to have met the requirements an encrypted Security socket Layer (SSL) VPN tunnel from the endpoint to the VA network is established. The user has access to all allocated resources just the same as if they were sitting inside of the VA network. This software is installed on all GFE laptops prior to being provided to the user. Currently RESCUE GFE supports Windows 7, Windows 8, Windows 10 and MAC OSX.
No, OIT does not have routers to issue to end users in support of end user’s remote access connections. You do not need a VA router in order to access the VA network. You will need Internet access and the Cisco RESCUE Client which is already installed on your GFE in order to access the VA Network.
