• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9867
  • Last Modified:

Automation of Cisco AnyConnect VPN Client

When you start Cisco AnyConnect VPN Client manually, you need to insert IP address, Username and Password.  I’m trying to use a SSIS (SQL Server Integration Services) task to automate starting the Cisco AnyConnect VPN Client  and for that I need the correct Arguments. See attached file.
Automation-of-Cisco-AnyConnect-V.zip
0
cErasmus
Asked:
cErasmus
  • 6
  • 4
  • 3
  • +2
1 Solution
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Looks like you have to first create a profile, using the template file in
"C:\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect VPN Client\Profile\AnyConnectProfile.tmpl". Copy the file, and edit in the appropriate connection information. Then call the VPNUI with CONNECT <profile name> USER <user> PWD <password>.
0
 
cErasmusAuthor Commented:
Qlemo, thanks for the feedback. I don't have that file/folder structure as per your posting. I've also searched for the file "AnyConnectProfile.tmpl" and cannot find it.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Do you have a vpncli.exe in C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client ?
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
cErasmusAuthor Commented:
Yes, I have that file.
0
 
cErasmusAuthor Commented:
And if I run that file it opens command prompt where I can enter IP address, Username and Password and then it connects. But I want to automate this process.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
As I can see now, vpncli only supports providing of the target IP, no credentials. We would have to use AutoIt or VBScript or alike to emulate sending keys for username and password with that.

Try if you can locate a profile.xml file in C:\Users\«Username»\AppData\Roaming\Cisco\Cisco AnyConnect VPN Client. That's the one which should be used by default.
0
 
cErasmusAuthor Commented:
That folder structure and file does not exist on my computer. I've also search for the file and it found a file, but it applies to another program  (BitDefender).
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Then I'm out of ideas, sorry. Don't know the AnyConnect Client good enough (we only work with the classic IPSec one).
0
 
Marten RuneSQL Expert/Infrastructure ArchitectCommented:
Looks like its doable:
look at:
http://www.joshuasjohnson.com/how-to-script-a-login-for-a-cisco-vpn-client/

You create a batchfile and either put it in autostart folder (startmenu/program/autostart)
or reference it in the registry.

Regards Marten
0
 
matrixnzCommented:
You should use the Cisco Anyconnect Profile Editor to create a default profile to be used, Docs here: http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac02asaconfig.html

You store the two resulting files in %AllUsersProfile%\Cisco\Cisco AnyConnect...\Profile directory.

Something like AnyConnectProfile.xml and AnyConnectProfile.xsd you can also push this profile out via the Cisco appliance.
0
 
cErasmusAuthor Commented:
The problem is that I don't have the Cisco Anyconnect Profile Editor. The client that we work for sent us a link to download the Cisco Anyconnect VPN Client to connect to their network. I suspect we have a limited version without the Profile Editor. The embedded image shows the folder/file structure on my computer.

Folder/File Structure after insallation of Cisco VPN Client
0
 
Marten RuneSQL Expert/Infrastructure ArchitectCommented:
Did you look at my proposal?
0
 
matrixnzCommented:
If that's the case than you could copy the preferences.xml to preferences_global.xml, see locations here:
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac01intro.html#wp1072793
0
 
cErasmusAuthor Commented:
matrixnz - The link you provided opens "Introduction to the AnyConnect Secure Mobility Client" but, I don't understand what you are suggesting. Can you please elaborate a bit more.
0
 
matrixnzCommented:
Basically if you configure the AnyConnect Cisco Client for yourself for example, this will create a %LocalAppData%\Cisco\Cisco AnyConnect VPN Client\preferences.xml.  You then just copy this file to %AllUsersProfile%\Cisco\Cisco AnyConnect VPN Client\preferences_global.xml.  Now if you delete %LocalAppData%\Cisco\Cisco AnyConnect VPN Client\preferences.xml, close the AnyConnect VPN Client and than re-open it, it should create the new preferences.xml from your preferences_global.xml file.
0
 
rajesh yadavCommented:
0
down vote
i have used below shell script for automating login of Cisco Anyconnect application for 4.3.0.1095

This script is tested with "Cisco AnyConnect Secure Mobility Client version 3.0.5080"

Please change following variables

IP address or host name of cisco vpn

[string]$CiscoVPNHost = "192.168.2.123" [string]$Login = "loginid" [string]$Password = "password"

Please check if file exists on following paths

[string]$vpncliAbsolutePath = 'C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe' [string]$vpnuiAbsolutePath = 'C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe'

****************************************************************************

**** Please do not modify code below unless you know what you are doing ****

****************************************************************************

Add-Type -AssemblyName System.Windows.Forms -ErrorAction Stop

Set foreground window function

This function is called in VPNConnect

Add-Type @' using System; using System.Runtime.InteropServices; public class Win { [DllImport("user32.dll")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetForegroundWindow(IntPtr hWnd); } '@ -ErrorAction Stop

quickly start VPN

This function is called later in the code

Function VPNConnect() { Start-Process -FilePath $vpncliAbsolutePath -ArgumentList "connect $CiscoVPNHost" $counter = 0; $h = 0; while($counter++ -lt 1000 -and $h -eq 0) { sleep -m 10 $h = (Get-Process vpncli).MainWindowHandle } #if it takes more than 10 seconds then display message if($h -eq 0){echo "Could not start VPNUI it takes too long."} else{[void] [Win]::SetForegroundWindow($h)} }

Terminate all vpnui processes.

Get-Process | ForEach-Object {if($.ProcessName.ToLower() -eq "vpnui") {$Id = $.Id; Stop-Process $Id; echo "Process vpnui with id: $Id was stopped"}}

Terminate all vpncli processes.

Get-Process | ForEach-Object {if($.ProcessName.ToLower() -eq "vpncli") {$Id = $.Id; Stop-Process $Id; echo "Process vpncli with id: $Id was stopped"}}

Disconnect from VPN

echo "Trying to terminate remaining vpn connections" start-Process -FilePath $vpncliAbsolutePath -ArgumentList 'disconnect' -wait

Connect to VPN

echo "Connecting to VPN address '$CiscoVPNHost' as user '$Login'." VPNConnect

Write login and password

Start vpnui

start-sleep 10 start-Process -FilePath $vpnuiAbsolutePath

Wait for keydown

echo "Press any key to continue ..." try{$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")} catch{"Cisco AnyConnect Secure Mobility Client"}

I am getting below error on running the above shell script.

error: Login denied. Your environment does not meet the access criteria de fined by your administrator.
Please help me resolve the issue...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 6
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now