lcros
asked on
Cisco VPN Client Logon Automation
Hello.
I am attempting to auotmate the Cisco VPN logon process through a .bat file.
I know I should be running the C:\Program Files\Cisco Systems\VPN Client>vpnclient.exe, and have written the script as:
cmd.exe /c "C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe"
But I am not sure what I need to do to get the profile, username, password as well as the additional user authentication password entered.
Any help would be greatly apprectiated.
Thank you.
I am attempting to auotmate the Cisco VPN logon process through a .bat file.
I know I should be running the C:\Program Files\Cisco Systems\VPN Client>vpnclient.exe, and have written the script as:
cmd.exe /c "C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe"
But I am not sure what I need to do to get the profile, username, password as well as the additional user authentication password entered.
Any help would be greatly apprectiated.
Thank you.
The profile is a .pif file located in c:\program files\cisco\cisco vpn\profiles (I think... doing this from memory).
The easiest way is to set up a profile using the Cisco client, then copy the PIF, open it in notepad, edit it and save it.
Easy cheesy.
The easiest way is to set up a profile using the Cisco client, then copy the PIF, open it in notepad, edit it and save it.
Easy cheesy.
Just checked. On Windows 7 x64, the path is
C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles
And it's PCF not PIF (my bad).
[main]
Description=Sample for EE
Host=1.2.3.4
AuthType=1
GroupName=username
GroupPwd=
enc_GroupPwd=1CD9D5B81D267 CDAA691A85 425A335BDC 6D2812FA0B 0688674B02 F5736AE9E7 60CD4BADB8 D36626FBE4 2FAEC6A205 B6362AD46F A4F3C56DD
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPPhonebook=
ISPCommand=
Username=
SaveUserPassword=0
UserPassword=
enc_UserPassword=
NTDomain=
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=0
EnableNat=1
TunnelingMode=0
TcpTunnelingPort=10000
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000 0000000000 0000000000 0
SendCertChain=0
PeerTimeout=90
EnableLocalLAN=0
C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles
And it's PCF not PIF (my bad).
[main]
Description=Sample for EE
Host=1.2.3.4
AuthType=1
GroupName=username
GroupPwd=
enc_GroupPwd=1CD9D5B81D267
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPPhonebook=
ISPCommand=
Username=
SaveUserPassword=0
UserPassword=
enc_UserPassword=
NTDomain=
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=0
EnableNat=1
TunnelingMode=0
TcpTunnelingPort=10000
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000
SendCertChain=0
PeerTimeout=90
EnableLocalLAN=0
hi,
the command would be
You have entered an unrecognized command.
Usage:
vpnclient connect <profile> [user <username>] [eraseuserpwd | pwd <password>]
[nocertpwd] [cliauth] [stdin] [sd]
vpnclient disconnect
vpnclient stat [reset] [traffic] [tunnel] [route] [firewall] [repeat]
vpnclient notify
vpnclient verify [autoinitconfig]
vpnclient suspendfw
vpnclient resumefw
the command would be
You have entered an unrecognized command.
Usage:
vpnclient connect <profile> [user <username>] [eraseuserpwd | pwd <password>]
[nocertpwd] [cliauth] [stdin] [sd]
vpnclient disconnect
vpnclient stat [reset] [traffic] [tunnel] [route] [firewall] [repeat]
vpnclient notify
vpnclient verify [autoinitconfig]
vpnclient suspendfw
vpnclient resumefw
in your batch script just use
vpnclient connect <profile> [user <username>] [pwd <password>]
hope that helps :D
vpnclient connect <profile> [user <username>] [pwd <password>]
hope that helps :D
>in your batch script just use...
<sarcasm>Great job copying information in his original question... brilliant...</sarcasm>
<sarcasm>Great job copying information in his original question... brilliant...</sarcasm>
dear PPPreacher,
i haven't sleep for days trying to troubleshoot something, sorry as english is not my first language. i think he's asking how to get his profile,username & password entered.
<sarcasm>i know you have a very good english and briiliant....</sarcasm>
i haven't sleep for days trying to troubleshoot something, sorry as english is not my first language. i think he's asking how to get his profile,username & password entered.
<sarcasm>i know you have a very good english and briiliant....</sarcasm>
ASKER
Hello.
@ yuliang11...I think you're on the right track...this is what I've found on other sites, but am not sure how to write the command into the .bat file.
I've tried the following, but it's not recognizing the 2nd part as a command. I think there is something I need to enter first, but am not sure what....
cmd.exe /c "C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe"
vpnclient connect <profile> [user <username>] [pwd <password>]
The error message states...
'vpnclient' is not recognized as an internal or external command.
@ yuliang11...I think you're on the right track...this is what I've found on other sites, but am not sure how to write the command into the .bat file.
I've tried the following, but it's not recognizing the 2nd part as a command. I think there is something I need to enter first, but am not sure what....
cmd.exe /c "C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe"
vpnclient connect <profile> [user <username>] [pwd <password>]
The error message states...
'vpnclient' is not recognized as an internal or external command.
Don't worry about the cmd.exe /c
Just the c:\... part...
Just the c:\... part...
ASKER
Thanks. I think I'm getting there...I think I've got the username/password formatted incorrectly...
When I enter the profile, username, & password, do i completely get rid of the <> and []
When I enter the profile, username, & password, do i completely get rid of the <> and []
Yes.
ASKER
I'm still getting an error...
Do I enter the username/pw info on the same line as the path to run the vpnclient.exe?
No matter whether I enter on the same line or the next line, I get an "unrecognized command" error.
It seems to be running the vpnclient.exe, but is not liking what I'm trying to enter for the username/pw
I tried running in dos, entering the path to vpnclient.exe and then entering the username/password line at the next command prompt, but am getting the same error.
Do I enter the username/pw info on the same line as the path to run the vpnclient.exe?
No matter whether I enter on the same line or the next line, I get an "unrecognized command" error.
It seems to be running the vpnclient.exe, but is not liking what I'm trying to enter for the username/pw
I tried running in dos, entering the path to vpnclient.exe and then entering the username/password line at the next command prompt, but am getting the same error.
C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe" connect "c:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\SAMPLE.pcf " user USERNAME pwd PASSWORD
This is not that hard to set up.
This is not that hard to set up.
ASKER
I agree that it shouldn't be that hard to set up. Thanks for being patient with me.
I used your setup and added the sample.pcf, username, and password.
I'm still getting an error...
The profile specified could not be read, however I know I've got the path and name correct.
I used your setup and added the sample.pcf, username, and password.
I'm still getting an error...
The profile specified could not be read, however I know I've got the path and name correct.
It's probably because you don't have permissions to that directory. Try putting the PCF in a common location that you have full rights to.
ASKER
I'm still getting the same error. Here's the entire screen with my personal info changed...
C:\Users\Work\Desktop>"C:\ Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe" connect "C:\Users\Work\Desktop\Tes t.pcf" user SAMPLEUSER pwd SAMPLEPWD
Cisco Systems VPN Client Version 5.0.07.0240
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.0.6002 Service Pack 2
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
The profile specified could not be read..
C:\Users\Work\Desktop>"C:\
Cisco Systems VPN Client Version 5.0.07.0240
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.0.6002 Service Pack 2
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
The profile specified could not be read..
I agree that it shouldn't be that hard to set up. Thanks for being patient with me.
I used your setup and added the sample.pcf, username, and password.
I'm still getting an error...
The profile specified could not be read, however I know I've got the path and name correct.
1) I think u should create the profile from the VPNclient instead of editing it from the notepad.
I used your setup and added the sample.pcf, username, and password.
I'm still getting an error...
The profile specified could not be read, however I know I've got the path and name correct.
1) I think u should create the profile from the VPNclient instead of editing it from the notepad.
RPPreacher:
C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe" connect "c:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\SAMPLE.pcf " user USERNAME pwd PASSWORD
<sarcasm>Great job copying information from my answer.. brilliant...</sarcasm>
C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe" connect "c:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\SAMPLE.pcf
<sarcasm>Great job copying information from my answer.. brilliant...</sarcasm>
hi lcros,
1) Create the profile from VPN gui, make sure it's working first before using the command line.
2) To make sure there are no OS issues, i suggest you so install VPN-client on another computer with full administrator rights t.
the batch script worked like a charm here ;)
1) Create the profile from VPN gui, make sure it's working first before using the command line.
2) To make sure there are no OS issues, i suggest you so install VPN-client on another computer with full administrator rights t.
the batch script worked like a charm here ;)
ASKER
I'm still not able to get this to work...I have no problems connecting using the VPN gui, but can't connect using the script.
Do you have any other suggestions? Where do you have the .pcf stored?
When I connect with the GUI, I am prompted to enter the user authentication, which pre-fills the username, but I need to manually enter the password. Does this mean I should be entering another username and password in the script as well?
Do you have any other suggestions? Where do you have the .pcf stored?
When I connect with the GUI, I am prompted to enter the user authentication, which pre-fills the username, but I need to manually enter the password. Does this mean I should be entering another username and password in the script as well?
When I connect with the GUI, I am prompted to enter the user authentication, which pre-fills the username, but I need to manually enter the password.
1) this is right
Does this mean I should be entering another username and password in the script as well?
2) this should work
i'm wondering if your script is right, could you send a version /hash out password as password
to me to verify ? or you can paste it in here
ASKER
Thanks, yuilang11.
Here's my script with the username and password dummied up...
"C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe" connect "C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\Her_LNC.pc f" user VPN2 pwd Her
Here's my script with the username and password dummied up...
"C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.exe" connect "C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\Her_LNC.pc
The only way I got that working is by entering the password in the GUI, write-protect the PCF file afterwards, and use vpnclient without password supplied on commandline. As soon as I provide the password with vpnclient, the connection cannot be established. I'm only providing the profile name (stored in the PCF), not the PCF itself.
ASKER
Hello. I still need help with this...am just waiting for someone who can help me. I need to be out of my office for the next few days, but would really appreciate any assistance that can be provided.
ASKER
Hello. I still need help with this...am just waiting for someone who can help me. I need to be out of my office for the next few days, but would really appreciate any assistance that can be provided.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Whether the asker returns or not, this question (my answer) has still PAQ value. One of the alternatives I've shown will fit in the current environment for sure, and all of them are helping other seekers.
Quote from cisco's FAQ:
Q. Can the VPN Client automatically login/authenticate to the security appliance using the Windows credentials, thus not requiring user interaction?
A. No this is not supported. We recommend you use digital certificates for authenticating the VPN session without the need for enduser interaction.
Reference: https://supportforums.cisco.com/docs/DOC-1296;jsessionid=FF0B0AB145E4705F5F94777835BB846B.node0#Q_Can_the_VPN_Client_automatically_loginauthenticate_to_the_security_appliance_using_the_Windows_credentials_thus_not_requiring_user_interaction