Cisco VPN Client Logon Automation

The user logon process can not be automated unless you use certificates.  

Quote from cisco's FAQ:
Q. Can the VPN Client automatically login/authenticate to the security appliance using the Windows credentials, thus not requiring user interaction?
A. No this is not supported. We recommend you use digital certificates for authenticating the VPN session without the need for enduser interaction.

Reference: https://supportforums.cisco.com/docs/DOC-1296;jsessionid=FF0B0AB145E4705F5F94777835BB846B.node0#Q_Can_the_VPN_Client_automatically_loginauthenticate_to_the_security_appliance_using_the_Windows_credentials_thus_not_requiring_user_interaction

 

The profile is a .pif file located in c:\program files\cisco\cisco vpn\profiles (I think... doing this from memory).

The easiest way is to set up a profile using the Cisco client, then copy the PIF, open it in notepad, edit it and save it.

Easy cheesy.

Just checked.  On Windows 7 x64, the path is

C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles

And it's PCF not PIF (my bad).

[main]
Description=Sample for EE
Host=1.2.3.4
AuthType=1
GroupName=username
GroupPwd=
enc_GroupPwd=1CD9D5B81D267CDAA691A85425A335BDC6D2812FA0B0688674B02F5736AE9E760CD4BADB8D36626FBE42FAEC6A205B6362AD46FA4F3C56DD
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPPhonebook=
ISPCommand=
Username=
SaveUserPassword=0
UserPassword=
enc_UserPassword=
NTDomain=
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=0
EnableNat=1
TunnelingMode=0
TcpTunnelingPort=10000
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
SendCertChain=0
PeerTimeout=90
EnableLocalLAN=0

hi,
 the command would be


You have entered an unrecognized command.
Usage:
 vpnclient connect <profile> [user <username>] [eraseuserpwd | pwd <password>]
                             [nocertpwd] [cliauth] [stdin] [sd]
 vpnclient disconnect
 vpnclient stat [reset] [traffic] [tunnel] [route] [firewall] [repeat]
 vpnclient notify
 vpnclient verify [autoinitconfig]
 vpnclient suspendfw
 vpnclient resumefw

in your batch script just use



vpnclient connect <profile>  [user <username>]  [pwd <password>]

hope that helps :D

>in your batch script just use...

<sarcasm>Great job copying information in his original question...  brilliant...</sarcasm>

dear PPPreacher,
 i haven't sleep for days trying to troubleshoot something, sorry as english is not my first language. i think he's asking how to get his profile,username & password entered.


<sarcasm>i know you have a very good english and briiliant....</sarcasm>

Hello.
@ yuliang11...I think you're on the right track...this is what I've found on other sites, but am not sure how to write the command into the .bat file.

I've tried the following, but it's not recognizing the 2nd part as a command.  I think there is something I need to enter first, but am not sure what....

cmd.exe /c "C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe"
vpnclient connect <profile>  [user <username>]  [pwd <password>]

The error message states...
'vpnclient' is not recognized as an internal or external command.

Don't worry about the cmd.exe /c
Just the c:\... part...

Thanks.  I think I'm getting there...I think I've got the username/password formatted incorrectly...
When I enter the profile, username, & password, do i completely get rid of the <> and []

Yes.

I'm still getting an error...
Do I enter the username/pw info on the same line as the path to run the vpnclient.exe?
No matter whether I enter on the same line or the next line, I get an "unrecognized command" error.
It seems to be running the vpnclient.exe, but is not liking what I'm trying to enter for the username/pw

I tried running in dos, entering the path to vpnclient.exe and then entering the username/password line at the next command prompt, but am getting the same error.

C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe" connect "c:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\SAMPLE.pcf" user USERNAME pwd PASSWORD

This is not that hard to set up.

I agree that it shouldn't be that hard to set up.  Thanks for being patient with me.
I used your setup and added the sample.pcf, username, and password.
I'm still getting an error...
The profile specified could not be read, however I know I've got the path and name correct.

It's probably because you don't have permissions to that directory.  Try putting the PCF in a common location that you have full rights to.

I'm still getting the same error.  Here's the entire screen with my personal info changed...

C:\Users\Work\Desktop>"C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe" connect "C:\Users\Work\Desktop\Test.pcf" user SAMPLEUSER pwd SAMPLEPWD
Cisco Systems VPN Client Version 5.0.07.0240
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.0.6002 Service Pack 2
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\

The profile specified could not be read..

I agree that it shouldn't be that hard to set up.  Thanks for being patient with me.
I used your setup and added the sample.pcf, username, and password.
I'm still getting an error...
The profile specified could not be read, however I know I've got the path and name correct.



1) I think u should create the profile from the VPNclient instead of editing it from the notepad.

RPPreacher:
C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe" connect "c:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\SAMPLE.pcf" user USERNAME pwd PASSWORD



<sarcasm>Great job copying information from my answer..  brilliant...</sarcasm>

hi lcros,

1) Create the profile from VPN gui, make sure it's working first before using the command line.

2) To make sure there are no OS issues, i suggest you so install VPN-client on another computer with full administrator rights t.


the batch script worked like a charm here ;)

I'm still not able to get this to work...I have no problems connecting using the VPN gui, but can't connect using the script.  
Do you have any other suggestions?  Where do you have the .pcf stored?
When I connect with the GUI, I am prompted to enter the user authentication, which pre-fills the username, but I need to manually enter the password.  Does this mean I should be entering another username and password in the script as well?

When I connect with the GUI, I am prompted to enter the user authentication, which pre-fills the username, but I need to manually enter the password.

1) this is right

Does this mean I should be entering another username and password in the script as well?

2) this should work


i'm wondering if your script is right, could you send a version /hash out password as password
to me to verify ? or you can paste it in here

Thanks, yuilang11.
Here's my script with the username and password dummied up...

"C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe" connect "C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\Her_LNC.pcf" user VPN2 pwd Her

The only way I got that working is by entering the password in the GUI, write-protect the PCF file afterwards, and use vpnclient without password supplied on commandline. As soon as I provide the password with vpnclient, the connection cannot be established. I'm only providing the profile name (stored in the PCF), not the PCF itself.

Hello.  I still need help with this...am just waiting for someone who can help me.  I need to be out of my office for the next few days, but would really appreciate any assistance that can be provided.

Hello.  I still need help with this...am just waiting for someone who can help me.  I need to be out of my office for the next few days, but would really appreciate any assistance that can be provided.

Whether the asker returns or not, this question (my answer) has still PAQ value. One of the alternatives I've shown will fit in the current environment for sure, and all of them are helping other seekers.