Elmo Erasmus
asked on
Automation of Cisco AnyConnect VPN Client
When you start Cisco AnyConnect VPN Client manually, you need to insert IP address, Username and Password. I’m trying to use a SSIS (SQL Server Integration Services) task to automate starting the Cisco AnyConnect VPN Client and for that I need the correct Arguments. See attached file.
Automation-of-Cisco-AnyConnect-V.zip
Automation-of-Cisco-AnyConnect-V.zip
ASKER
Qlemo, thanks for the feedback. I don't have that file/folder structure as per your posting. I've also searched for the file "AnyConnectProfile.tmpl" and cannot find it.
Do you have a vpncli.exe in C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client ?
ASKER
Yes, I have that file.
ASKER
And if I run that file it opens command prompt where I can enter IP address, Username and Password and then it connects. But I want to automate this process.
As I can see now, vpncli only supports providing of the target IP, no credentials. We would have to use AutoIt or VBScript or alike to emulate sending keys for username and password with that.
Try if you can locate a profile.xml file in C:\Users\«Username»\AppDat a\Roaming\ Cisco\Cisc o AnyConnect VPN Client. That's the one which should be used by default.
Try if you can locate a profile.xml file in C:\Users\«Username»\AppDat
ASKER
That folder structure and file does not exist on my computer. I've also search for the file and it found a file, but it applies to another program (BitDefender).
Then I'm out of ideas, sorry. Don't know the AnyConnect Client good enough (we only work with the classic IPSec one).
Looks like its doable:
look at:
http://www.joshuasjohnson.com/how-to-script-a-login-for-a-cisco-vpn-client/
You create a batchfile and either put it in autostart folder (startmenu/program/autosta rt)
or reference it in the registry.
Regards Marten
look at:
http://www.joshuasjohnson.com/how-to-script-a-login-for-a-cisco-vpn-client/
You create a batchfile and either put it in autostart folder (startmenu/program/autosta
or reference it in the registry.
Regards Marten
You should use the Cisco Anyconnect Profile Editor to create a default profile to be used, Docs here: http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac02asaconfig.html
You store the two resulting files in %AllUsersProfile%\Cisco\Ci sco AnyConnect...\Profile directory.
Something like AnyConnectProfile.xml and AnyConnectProfile.xsd you can also push this profile out via the Cisco appliance.
You store the two resulting files in %AllUsersProfile%\Cisco\Ci
Something like AnyConnectProfile.xml and AnyConnectProfile.xsd you can also push this profile out via the Cisco appliance.
ASKER
The problem is that I don't have the Cisco Anyconnect Profile Editor. The client that we work for sent us a link to download the Cisco Anyconnect VPN Client to connect to their network. I suspect we have a limited version without the Profile Editor. The embedded image shows the folder/file structure on my computer.
Did you look at my proposal?
If that's the case than you could copy the preferences.xml to preferences_global.xml, see locations here:
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac01intro.html#wp1072793
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac01intro.html#wp1072793
ASKER
matrixnz - The link you provided opens "Introduction to the AnyConnect Secure Mobility Client" but, I don't understand what you are suggesting. Can you please elaborate a bit more.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
0
down vote
i have used below shell script for automating login of Cisco Anyconnect application for 4.3.0.1095
This script is tested with "Cisco AnyConnect Secure Mobility Client version 3.0.5080"
Please change following variables
IP address or host name of cisco vpn
[string]$CiscoVPNHost = "192.168.2.123" [string]$Login = "loginid" [string]$Password = "password"
Please check if file exists on following paths
[string]$vpncliAbsolutePat h = 'C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe' [string]$vpnuiAbsolutePath = 'C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe'
************************** ********** ********** ********** ********** **********
**** Please do not modify code below unless you know what you are doing ****
************************** ********** ********** ********** ********** **********
Add-Type -AssemblyName System.Windows.Forms -ErrorAction Stop
Set foreground window function
This function is called in VPNConnect
Add-Type @' using System; using System.Runtime.InteropServ ices; public class Win { [DllImport("user32.dll")] [return: MarshalAs(UnmanagedType.Bo ol)] public static extern bool SetForegroundWindow(IntPtr hWnd); } '@ -ErrorAction Stop
quickly start VPN
This function is called later in the code
Function VPNConnect() { Start-Process -FilePath $vpncliAbsolutePath -ArgumentList "connect $CiscoVPNHost" $counter = 0; $h = 0; while($counter++ -lt 1000 -and $h -eq 0) { sleep -m 10 $h = (Get-Process vpncli).MainWindowHandle } #if it takes more than 10 seconds then display message if($h -eq 0){echo "Could not start VPNUI it takes too long."} else{[void] [Win]::SetForegroundWindow ($h)} }
Terminate all vpnui processes.
Get-Process | ForEach-Object {if($.ProcessName.ToLower( ) -eq "vpnui") {$Id = $.Id; Stop-Process $Id; echo "Process vpnui with id: $Id was stopped"}}
Terminate all vpncli processes.
Get-Process | ForEach-Object {if($.ProcessName.ToLower( ) -eq "vpncli") {$Id = $.Id; Stop-Process $Id; echo "Process vpncli with id: $Id was stopped"}}
Disconnect from VPN
echo "Trying to terminate remaining vpn connections" start-Process -FilePath $vpncliAbsolutePath -ArgumentList 'disconnect' -wait
Connect to VPN
echo "Connecting to VPN address '$CiscoVPNHost' as user '$Login'." VPNConnect
Write login and password
Start vpnui
start-sleep 10 start-Process -FilePath $vpnuiAbsolutePath
Wait for keydown
echo "Press any key to continue ..." try{$x = $host.UI.RawUI.ReadKey("No Echo,Inclu deKeyDown" )} catch{"Cisco AnyConnect Secure Mobility Client"}
I am getting below error on running the above shell script.
error: Login denied. Your environment does not meet the access criteria de fined by your administrator.
Please help me resolve the issue...
down vote
i have used below shell script for automating login of Cisco Anyconnect application for 4.3.0.1095
This script is tested with "Cisco AnyConnect Secure Mobility Client version 3.0.5080"
Please change following variables
IP address or host name of cisco vpn
[string]$CiscoVPNHost = "192.168.2.123" [string]$Login = "loginid" [string]$Password = "password"
Please check if file exists on following paths
[string]$vpncliAbsolutePat
**************************
**** Please do not modify code below unless you know what you are doing ****
**************************
Add-Type -AssemblyName System.Windows.Forms -ErrorAction Stop
Set foreground window function
This function is called in VPNConnect
Add-Type @' using System; using System.Runtime.InteropServ
quickly start VPN
This function is called later in the code
Function VPNConnect() { Start-Process -FilePath $vpncliAbsolutePath -ArgumentList "connect $CiscoVPNHost" $counter = 0; $h = 0; while($counter++ -lt 1000 -and $h -eq 0) { sleep -m 10 $h = (Get-Process vpncli).MainWindowHandle } #if it takes more than 10 seconds then display message if($h -eq 0){echo "Could not start VPNUI it takes too long."} else{[void] [Win]::SetForegroundWindow
Terminate all vpnui processes.
Get-Process | ForEach-Object {if($.ProcessName.ToLower(
Terminate all vpncli processes.
Get-Process | ForEach-Object {if($.ProcessName.ToLower(
Disconnect from VPN
echo "Trying to terminate remaining vpn connections" start-Process -FilePath $vpncliAbsolutePath -ArgumentList 'disconnect' -wait
Connect to VPN
echo "Connecting to VPN address '$CiscoVPNHost' as user '$Login'." VPNConnect
Write login and password
Start vpnui
start-sleep 10 start-Process -FilePath $vpnuiAbsolutePath
Wait for keydown
echo "Press any key to continue ..." try{$x = $host.UI.RawUI.ReadKey("No
I am getting below error on running the above shell script.
error: Login denied. Your environment does not meet the access criteria de fined by your administrator.
Please help me resolve the issue...
"C:\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect VPN Client\Profile\AnyConnectP