Automation of Cisco AnyConnect VPN Client

Looks like you have to first create a profile, using the template file in
"C:\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect VPN Client\Profile\AnyConnectProfile.tmpl". Copy the file, and edit in the appropriate connection information. Then call the VPNUI with CONNECT <profile name> USER <user> PWD <password>.

Qlemo, thanks for the feedback. I don't have that file/folder structure as per your posting. I've also searched for the file "AnyConnectProfile.tmpl" and cannot find it.

Do you have a vpncli.exe in C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client ?

Yes, I have that file.

And if I run that file it opens command prompt where I can enter IP address, Username and Password and then it connects. But I want to automate this process.

As I can see now, vpncli only supports providing of the target IP, no credentials. We would have to use AutoIt or VBScript or alike to emulate sending keys for username and password with that.

Try if you can locate a profile.xml file in C:\Users\«Username»\AppData\Roaming\Cisco\Cisco AnyConnect VPN Client. That's the one which should be used by default.

That folder structure and file does not exist on my computer. I've also search for the file and it found a file, but it applies to another program  (BitDefender).

Then I'm out of ideas, sorry. Don't know the AnyConnect Client good enough (we only work with the classic IPSec one).

Looks like its doable:
look at:
http://www.joshuasjohnson.com/how-to-script-a-login-for-a-cisco-vpn-client/

You create a batchfile and either put it in autostart folder (startmenu/program/autostart)
or reference it in the registry.

Regards Marten

You should use the Cisco Anyconnect Profile Editor to create a default profile to be used, Docs here: http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac02asaconfig.html

You store the two resulting files in %AllUsersProfile%\Cisco\Cisco AnyConnect...\Profile directory.

Something like AnyConnectProfile.xml and AnyConnectProfile.xsd you can also push this profile out via the Cisco appliance.

The problem is that I don't have the Cisco Anyconnect Profile Editor. The client that we work for sent us a link to download the Cisco Anyconnect VPN Client to connect to their network. I suspect we have a limited version without the Profile Editor. The embedded image shows the folder/file structure on my computer.

Did you look at my proposal?

If that's the case than you could copy the preferences.xml to preferences_global.xml, see locations here:
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac01intro.html#wp1072793

matrixnz - The link you provided opens "Introduction to the AnyConnect Secure Mobility Client" but, I don't understand what you are suggesting. Can you please elaborate a bit more.

0
down vote
i have used below shell script for automating login of Cisco Anyconnect application for 4.3.0.1095

This script is tested with "Cisco AnyConnect Secure Mobility Client version 3.0.5080"

Please change following variables

IP address or host name of cisco vpn

[string]$CiscoVPNHost = "192.168.2.123" [string]$Login = "loginid" [string]$Password = "password"

Please check if file exists on following paths

[string]$vpncliAbsolutePath = 'C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe' [string]$vpnuiAbsolutePath = 'C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe'

****************************************************************************

**** Please do not modify code below unless you know what you are doing ****

****************************************************************************

Add-Type -AssemblyName System.Windows.Forms -ErrorAction Stop

Set foreground window function

This function is called in VPNConnect

Add-Type @' using System; using System.Runtime.InteropServices; public class Win { [DllImport("user32.dll")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetForegroundWindow(IntPtr hWnd); } '@ -ErrorAction Stop

quickly start VPN

This function is called later in the code

Function VPNConnect() { Start-Process -FilePath $vpncliAbsolutePath -ArgumentList "connect $CiscoVPNHost" $counter = 0; $h = 0; while($counter++ -lt 1000 -and $h -eq 0) { sleep -m 10 $h = (Get-Process vpncli).MainWindowHandle } #if it takes more than 10 seconds then display message if($h -eq 0){echo "Could not start VPNUI it takes too long."} else{[void] [Win]::SetForegroundWindow($h)} }

Terminate all vpnui processes.

Get-Process | ForEach-Object {if($.ProcessName.ToLower() -eq "vpnui") {$Id = $.Id; Stop-Process $Id; echo "Process vpnui with id: $Id was stopped"}}

Terminate all vpncli processes.

Get-Process | ForEach-Object {if($.ProcessName.ToLower() -eq "vpncli") {$Id = $.Id; Stop-Process $Id; echo "Process vpncli with id: $Id was stopped"}}

Disconnect from VPN

echo "Trying to terminate remaining vpn connections" start-Process -FilePath $vpncliAbsolutePath -ArgumentList 'disconnect' -wait

Connect to VPN

echo "Connecting to VPN address '$CiscoVPNHost' as user '$Login'." VPNConnect

Write login and password

Start vpnui

start-sleep 10 start-Process -FilePath $vpnuiAbsolutePath

Wait for keydown

echo "Press any key to continue ..." try{$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")} catch{"Cisco AnyConnect Secure Mobility Client"}

I am getting below error on running the above shell script.

error: Login denied. Your environment does not meet the access criteria de fined by your administrator.
Please help me resolve the issue...