Solved

Auto-import pfc profile for Cisco VPN clients

Posted on 2011-03-16
7
1,109 Views
Last Modified: 2012-05-11
Hello,

We have a bunch of users with laptops running cisco VPN clients. We have made chamges to the profile and need to  deploy the new pfc file profile to the users and set it as default. What is the best way to do that with minimum user interaction? Perhaps a script that imports the pfc and sets it as default can be run at startup? IAll I really need is a batch file that the user starts and it installs the new profile and sets it as default.

Cheers!

0
Comment
Question by:rookie_b
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 4

Expert Comment

by:Allvirtual
ID: 35148257
Interesting question. First I suppose you mean pcf file. Never mind. There may be an elegant solution. How many clients/VPN users do you have?
Are you concerned about manual import by the users? Or do you wish to control the remote user clients software, configuration, licensing, etc? Just trying to find out the scope of your project.
0
 

Author Comment

by:rookie_b
ID: 35150050
Yes, it is pcf, sorry...The aim is to have as little user involvement as possible, everything elsde is secondary. We have about 50 users and I am not worried about licensing.

Most machines will not be on the domain before the change, so cannot push anything through policy, and after the change they will not be able to connect using the old profiles at all, so cannot use autoupdate or something like that. The only way to send  the new profile to the users would be to email them the files, or perhaps post it online. It would be nice if they just click on a link and it is all done.

At this point we have a not so elegant soloution - a folder that contains the pcf, vpnclient.ini, and a .bat file is zipped and emailed to the user. They unzip it, run the bat file and that imports the new profile and replaces the vpnclient.ini file that has the new default connection setting.
0
 
LVL 4

Expert Comment

by:Allvirtual
ID: 35150171
May I suggest the NCP Enterprise Client? This is a managed solution. The way it works is that you have the clients/users install a default generic configuration. So you provide the users with a download link of the client. Once they install the client they will connect to your VPN Cisco gateway. Then the client will contact the Management Server and obtain it's final user-specific configuration. After that you will be able to manage/control the client software, configuration, firewall settings on the clients, etc. A lot of control and functionality. Also they have Friendly Network Detection. Check it out:
http://www.ncp-e.com/en/products/central-managed-vpn-solution.html
This is a great solution!
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:rookie_b
ID: 35160390
Thank you for your suggestion, it looks interesting. But we already have the Cisco VPN, which is managed, as long as they can establish connection. However, their existing settings no longer work and cannot connect. We need to deliver the pcf adn vpnclient.ini to their laptops with as little user interaction as possible.
0
 
LVL 4

Expert Comment

by:Allvirtual
ID: 35160503
Cisco VPN does not have a Management Solution. I guess you don't quite understand the Management aspect. Cisco DOES NOT have VPN management period. And the NCP Management Server and Clients work with Cisco VPN. So the NCP Management solution sounds right for you. Since you just deploy an Init Profile to all your users and once they connect the client profile is provisioned from the NCP Management Server via the Cisco gateway. This is NCP's competitive edge. Something nobody else can do. It sounded like the right approach for you to me. Other then that your only option is to do what everybody else does handle it manually one client at a time - sort of stupid. If Cisco had a Management solution then you should be able to do what you are asking for as NCP can do it 8)
0
 

Author Comment

by:rookie_b
ID: 35176556
Well, the cisco concentrator provides some management functionality, including updating/upgrading clients when thy connect, however it is too late for that, since clients will not be able to connect using their existing configuration. Thank you for your advice, but we would prefer to avoid the implications of an infrastructure upgrade at this point.
0
 
LVL 4

Accepted Solution

by:
Allvirtual earned 500 total points
ID: 35180184
Understood. However you do not need an infrastructure upgrade in terms of the VPN Concentrator. All you need is the NCP Management Server software which will run inside the network and the NCP VPN client. Then you create an Init Profile the users can download from the Internet and Import into the client - 1-click operation, easy. Then they can connect to the Cisco VPN and will get their final profile from the Management Server. Simple and elegant.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question