NOTE: Before installing the Cisco AnyConnect VPN Client you will need Admin rights to your machine. You may have to arrange this through your relevant local IT support.
Cisco AnyConnect command line interface Resources. Apache-2.0 License Releases 4. V0.4 Latest Jan 28, 2021 + 3 releases Packages 0. Works fine as long as I have one (1) Cisco Anyconnect profile stored. But when you have many profiles at same client (and want to use them via shortcuts using this script) it gets stuck. Then it only work if the FIRST entry in the list is passed as parameters, not for the 2nd or higher entry.
In the event that your client is not installed automatically, the screen below will appear. Just click on the link within the window to start the installation process.
Feb 05, 2020 Use Windows installer properties to modify AnyConnect installation behavior. These properties can be used in: Command-Line Parameters—One or more properties are passed as parameters on the command-line installer, msiexec. This method is for predeployment; it is not supported by web deployment. Anyconnect-win-3.1.00495-web-deploy-k9.exe /qn. This tells the program to install quietly without GUI. Combine this with the psexec utility, and you can use this command to install the client on a remote computer. Psexec -c computername anyconnect-win-3.1.00495-web-deploy-k9.exe /qn. It only takes a few seconds to install the client. This is a short guide on how to connect to your VPN Server using Cisco AnyConnect Application from Command Line interface. If you don’t have love for command line interfaces, I recommend you connect from Desktop AnyConnect application as shown in our previous AnyConnect installation guide.
Next, either click save to save the AnyConnect client locally to a temp folder or install immediately by clicking run.
When the AnyConnect client is installed, to connect for the first time enter campusvpn.warwick.ac.uk in the connect to box, followed by your username and password then click Connect.
If you use WebLaunch to start AnyConnect on a Mac and the Java installer fails, a dialog box presents a Manual Install link. Proceed as follows:
1. Click on the circled link within the Manual Installation window below.
(The Mac OS link details may vary depending on your Mac OS)
(A dialog box presents the option to save the vpnsetup.sh file.)
2. Save the vpnsetup.sh file on the Mac.
3. Open a Terminal window and use the CD command to navigate to the directory containing the file saved.
4. Enter the following command: sudo /bin/sh vpnsetup.sh
(The vpnsetup script starts the AnyConnect installation)
5. Following the installation, choose Applications > Cisco > Cisco AnyConnect VPN Client to initiate an AnyConnect session.
Note: You may need to enter campusvpn.warwick.ac.uk in the connect to box, followed by your username and password then click Connect.
Note: Version 17.04 is End Of Life.
Step 1 Enter the following command to install the 64-bit library:
Step 2 Download the 64-bit version of Firefox from http://www.mozilla.com and install it on /usr/local/firefox.
The client looks in this directory first for the NSS crypto libraries it needs.
Step 3 Enter the following command to extract the Firefox installation to the directory indicated:
Step 4 Run Firefox at least once as the user who will use AnyConnect.
Doing so creates the .mozilla/firefox profile in the user's home directory, which is required by
AnyConnect for interacting with the Firefox certificate store.
Step 5 Install the AnyConnect client in standalone mode.
Step 6 Launch your web browser and go https://vpn.warwick.ac.uk
Step 7 Launch Gnome-Terminal (in the GNOME Menu under Applications -> Accessories -> Terminal) and navigate to where you saved the file and run it. If you don't know where it was saved it's probably in a directory called Downloads.
You can then launch the client using the icon 'Cisco AnyConnect VPN Client' in the GNOME menu under Applications -> Internet.
When you run the client for the first time you may have to enter vpn.warwick.ac.uk in the 'Connect to:' field.
If you want to launch the Cisco VPN client from the command line you can do so with
Tested with GNOME desktop environment on Fedora 26 and CentOS 7.4.
Note: The OpenConnect client is unsupported by Cisco, and is for use as an alternative to the Cisco AnyConnect client for Linux users.
1] Install these two packages: NetworkManager-openconnect NetworkManager-openconnect-gnome
2] Run this command as a regular user
To connect to the VPN you can use this command
or use the GNOME System Menu
This chapter explains how to use the VPN Client command-line interface (CLI) to connect to a Cisco VPN device, generate statistical reports, and disconnect from the device. You can create your own script files that use the CLI commands to perform routine tasks, such as connect to a corporate server, run reports, and then disconnect from the server.
This section lists each command, its syntax, and gives an example. It is organized by task.
To get a list of all VPN Client commands, go to the directory that contains the VPN Client software, and enter the vpnclient
command at the command-line prompt:
C:Program FilesCisco SystemsVPN Client>vpnclient
Copyright (C) 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on WinNT
Usage:
vpnclient connect <profile> [user <username>][eraseuserpwd | pwd <password>]
vpnclient disconnect
vpnclient stat [reset] [traffic] [tunnel] [route] [firewall] [repeat]
vpnclient verify [autoinitconfig]
To start a connection, enter the following command:
vpnclient connect
<profile> [user <username>][eraseuserpwd | pwd <password>]
Table 4-1 lists the command options you can use with the vpnclient connect command, includes the task that each option performs, and gives an example of each option.
Definition | ||
---|---|---|
profile | Name of the connection entry (.pcf file), that you have previously configured. Required. | If the filename contains spaces, enclose it in double quotes on the command line. Example: vpnclient connect 'to work' |
user | Specifies a username for authentication; with the pwd option, suppresses the username prompt in authentication dialog. Optional. | Updates the username in the .pcf file with this name. However, if the name supplied is not valid, the VPN Client displays the authentication dialog on a subsequent request. Example: vpnclient connect user robron pwd siltango toVPN |
eraseuserpwd | Erases the user password saved on the Client PC thereby forcing the VPN Client to prompt for a password. | You might have configured a connection with Saved Password to suppress a password prompt when connecting using a batch file. You can then use the eraseuserpwd to return to the more secure state of requiring password input from the console when connecting. Example: vpnclient connect eraseuserpwd toVPN |
pwd | Specifies a password for authentication; with the user option on the command line, suppresses the password prompt in authentication dialog. | If the password supplied is not valid, the VPN Client displays the authentication dialog on a subsequent request. After encrypting and using the password for the connection, the VPN Dialer clears the password in the .pcf file. Using this option on the command line compromises security and is not recommended. Example: vpnclient connect user robron pwd siltango toVPN |
nocertpwd | Suppresses prompting for a certificate password. | Example: vpnclient connect nocertpwd toVPN |
notrayicon | Suppresses display of the dialer icon in the Windows system tray (lower right corner of your screen). | This parameter lets you suppress prompting when the connection is disconnected using the Example: vpnclient connect notrayicon toVPN |
sd | Silent disconnect. Suppresses connection terminating messages, such as 'Your IPSec connection has been terminated.' | You can use this parameter to improve the automatic connection process. If you use this parameter, you cannot use the notrayicon parameter. Unlike the notrayicon, the sd option adds the lock icon to the system tray, which provides access to statistics and connection parameters. Example: vpnclientconnect sd towork |
When you connect using the vpnclient connect
command, the connection icon (lock) displays in the system tray in the lower right corner of your screen. In this case, when you then use the vpnclient disconnect
command to disconnect from the VPN device, the VPN Client displays the message:
Your IPSec connection has been terminated [OK].
You must then click OK
to continue.
However, if you include the notrayicon
argument in your command-line string, no icon appears in the system tray. When you disconnect, the above message does not occur. Also the 'Disconnect VPN connection when logging off' feature is not in effect (see first Note).
Note When you use the notrayicon option either directly on the command line or in a batch file, make sure that you issue a vpnclient disconnect command before logging off or your VPN connection remains active.
Note If you click on the VPN Dialer option in the Cisco System VPN Client list of applications, after you have used the notrayicon on the command line, the lock icon appears on the system tray.
Example 4-1 vpnclient connect Command
This section shows an example of the vpnclient connect command that connects you to the Documentation Server using the profile name 'Docserver.'
C:Program FilesCisco SystemsVPN Clientvpnclient connect Docserver
Copyright <C> 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on WinNT
Initializing the IPSec link.
Authenticating user.
At this point, the VPN Client displays an authentication dialog box that prompts for your username and password.
Figure 4-1 Authenticating a User
After you enter your name and password, authentication succeeds, and the command continues executing.
Negotiating security policies.
Your link is secure.
Example 4-2 vpnclient connect Command Using Parameters
The following command connects to the remote network without user interaction. Notice that the password appears on the command line in clear text.
C:Program FilesCisco SystemsVPN Clientvpnclient connect Docserver user ronrob pwd silvertango
Copyright <C> 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on: 4.0.1381
Initializing the IPSec link.
Authenticating user.
Negotiating security policies.
Your link is secure.
When you connect using the notrayicon option, you can display a notification using the vpnclient notify command:
Example 4-3 vpnclient notify Command
The following session shows how to use the vpnclient notify command to display a notification from a network administrator.
C:Program FilesCisco SystemsVPN Clientvpnclient connect notrayicon Docserver
Copyright <C> 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on: 4.0.1381
Initializing the IPSec link.
Authenticating user.
Negotiating security policies.
Your link is secure.
C:Program FilesCisco SystemsVpn Clientvpnclient notify
Copyright <C> 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on: 4.0.1381
Notification:
Your network administrator has placed an update of the Cisco Systems VPN Client at the following location:
To display your configuration for auto initiation, enter the following command:
vpnclient verify autoinitconfig
Note If the mask in the output display does not match the value in the profile, then the mask is invalid. An invalid mask is displayed as 255.255.255.255
Example 4-4 vpnclient verify Command
The following command shows your auto initiation configuration for three access points.
c:Program FilesCisco SystemsVPN Client>vpnclient verify autoinitconfig
Copyright <C> 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on: 4.0.1381
Auto-initiation Configuration Information.
Retry Interval: 2
Mask: 255.0.0.0
List Entry 1: Network: 20.20.20.20
Connection Entry: 'SalesB'
Mask: 255.0.0.0
To disconnect from your session, enter the following command:
vpnclient disconnect
Example 4-5 vpnclient disconnect Command
The following command disconnects you from your secure connection.
C:Program FilesCisco SystemsVPN Clientvpnclient disconnect
Copyright <C> 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on: 4.0.1381
Disconnecting the IPSEC link.
To generate status information about your connection, enter the following command:
vpnclient stat [reset] [traffic] [tunnel] [route] [firewall] [repeat]
When entered without any of the optional parameters, the vpnclient stat
command displays all status information. The following parameters are optional:
| Restarts all connection counts from zero. SA stats are not reset. |
| Displays a summary of bytes in and out, packets encrypted and decrypted, packets bypassed, and packets discarded. |
| Displays IPSec tunneling information. |
| Displays configured routes. |
firewall | Identifies the type of filewall in use and displays information generated by the firewall configuration. |
| Provides a continuous display, refreshing it every few seconds. To end the display, press <ctrl-C>. |
The following examples show sample output from the vpnclient stat
command. For more information on statistical output, see VPN Client User Guide for Windows.
Example 4-6 vpnclient stat Command
Following is an example of the information that the vpnclient stat command displays.
Example 4-7 vpnclient stat reset Command
The vpnclient stat reset command resets all connection counters.
Example 4-8 vpnclient stat traffic Command
Here is a sample of the information that the vpnclient stat traffic command generates.
Example 4-9 vpnclient stat tunnel Command
To display only tunneling information, use the vpnclient stat tunnel command. Here is a sample.
Example 4-10 vpnclient stat route Command
The vpclient stat route command displays information similar to the following display.
Example 4-11 vpnclient stat firewall Command
The vpnclient stat firewall command displays information similar to the following display.
This section lists the error levels (return codes) that you can receive when using the VPN Client command-line interface.
Message | ||
---|---|---|
200 | SUCCESS_START | The VPN Client connection started successfully. |
201 | The VPN Client connection has ended. | |
202 | SUCCESS_STAT | The VPN Client has generated statistical information successfully. |
203 | The enumppp command has succeeded. This command lists phone book entries when connecting to the Internet via dial-up. | |
1 | ERR_UNKNOWN | An unidentifiable error has occurred during command-line parsing. |
2 | Command is missing from command-line input. | |
3 | ERR_BAD_COMMAND | There is an error in the command entered; check spelling. |
4 | The command-line input is missing required parameter(s). | |
5 | ERR_BAD_PARAMS | The parameter(s) in the command input are incorrect; check spelling. |
6 | The command-line input contains too many parameters. | |
7 | ERR_NO_PARAMS_NEEDED | The command entered does not require parameters. |
8 | Interprocess communication error occurred attaching to the generic interface. | |
9 | ERR_DETACH_FAILED | Interprocess communication error occurred detaching from the generic interface. |
10 | The VPN Client failed to read the profile. | |
11 | ERR_PWD_MISMATCHED | Reserved |
12 | The password contains too many characters. The group password limit is 32 characters; the certificate password limit is 255 characters. | |
13 | ERR_TOO_MANY_TRIES | Attempts to enter a valid password have exceed the amount allowed. The limit is three times. |
14 | The connection attempt has failed; unable to connect. | |
15 | ERR_STOP_FAILED | The disconnect action has failed; unable to disconnect. |
16 | The attempt to display connection status has failed. | |
17 | ERR_ENUM_FAILED | Unable to list phonebook entries. |
18 | A serious interprocess communication error has occurred. | |
19 | ERR_SET_HANDLER_FAILED | Set console control handler failed. |
20 | Attempt to clean up after a user break failed. | |
21 | ERR_OUT_OF_MEMORY | Out of memory. Memory allocation failed. |
22 | Internal display error. | |
23 | ERR_UNEXPECTED_CALLBACK | In communicating with the Connection Manager, an unexpected callback (response) occurred. |
24 | User quit at a banner requesting 'continue?' | |
25 | ERR_GUI_RUNNING | Cannot use the command-line interface when connected through the graphical interface dialer application. |
26 | The attempt to set the working directory has failed. This is the directory where the program files reside. | |
27 | ERR_NOT_CONNECTED | Attempt to display status has failed because there is no connection in effect. |
28 | The group name configured for the connection is too long. The limit is 128 characters. | |
29 | ERR_BAD_GROUP_PWD | The group password configured for the connection is too long. The limit is 32 characters. |
30 | The authentication type configured for the connection is invalid. | |
31 | RESERVED_01 | Reserved. |
32 | Reserved. | |
33 | ERR_COMMUNICATION_TIMED_OUT | Interprocess communication timed out. |
34 | Failed to launch a third-party dialer. | |
35 | ERR_DAEMON_NOT_RUNNING (CVPND.EXE)—Non-Windows only | Connection needs to be established for command to execute. |
36 | ERR_DAEMON_ALREADY_RUNNING (CVPND.EXE)—Non-Windows only | Command cannot work because connection is already established. |
Here is an example of a DOS batch file (.bat) that uses CLI commands to connect to the corporate office from a branch office, run an application, and then disconnect from the corporate site.
rem assume you have generated a report in the middle of the night that needs
vpnclient connect sd myprofile
rem check return code from vpnclient call....
rem if okay continue and copy report
copy report.xls mycorpserverdirectoryovernight_reports /v
rem now disconnect the VPN connection
echo Spreadsheet uploaded
:failed
:end
Posted: Mon Apr 18 08:21:38 PDT 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.