NOTE: Before installing the Cisco AnyConnect VPN Client you will need Admin rights to your machine. You may have to arrange this through your relevant local IT support.

Cisco AnyConnect command line interface Resources. Apache-2.0 License Releases 4. V0.4 Latest Jan 28, 2021 + 3 releases Packages 0. Works fine as long as I have one (1) Cisco Anyconnect profile stored. But when you have many profiles at same client (and want to use them via shortcuts using this script) it gets stuck. Then it only work if the FIRST entry in the list is passed as parameters, not for the 2nd or higher entry.

Show Anyconnect Sessions Command Line

Anyconnect

In the event that your client is not installed automatically, the screen below will appear. Just click on the link within the window to start the installation process.

Feb 05, 2020 Use Windows installer properties to modify AnyConnect installation behavior. These properties can be used in: Command-Line Parameters—One or more properties are passed as parameters on the command-line installer, msiexec. This method is for predeployment; it is not supported by web deployment. Anyconnect-win-3.1.00495-web-deploy-k9.exe /qn. This tells the program to install quietly without GUI. Combine this with the psexec utility, and you can use this command to install the client on a remote computer. Psexec -c computername anyconnect-win-3.1.00495-web-deploy-k9.exe /qn. It only takes a few seconds to install the client. This is a short guide on how to connect to your VPN Server using Cisco AnyConnect Application from Command Line interface. If you don’t have love for command line interfaces, I recommend you connect from Desktop AnyConnect application as shown in our previous AnyConnect installation guide.

Next, either click save to save the AnyConnect client locally to a temp folder or install immediately by clicking run.

When the AnyConnect client is installed, to connect for the first time enter campusvpn.warwick.ac.uk in the connect to box, followed by your username and password then click Connect.

Using the Manual Install Option on Mac OS if the Java Installer Fails

If you use WebLaunch to start AnyConnect on a Mac and the Java installer fails, a dialog box presents a Manual Install link. Proceed as follows:

1. Click on the circled link within the Manual Installation window below.

(The Mac OS link details may vary depending on your Mac OS)

(A dialog box presents the option to save the vpnsetup.sh file.)

2. Save the vpnsetup.sh file on the Mac.

3. Open a Terminal window and use the CD command to navigate to the directory containing the file saved.

4. Enter the following command: sudo /bin/sh vpnsetup.sh
(The vpnsetup script starts the AnyConnect installation)

5. Following the installation, choose Applications > Cisco > Cisco AnyConnect VPN Client to initiate an AnyConnect session.

Note: You may need to enter campusvpn.warwick.ac.uk in the connect to box, followed by your username and password then click Connect.

Manual Installation for Ubuntu Linux 14.04, 16.04 (LTS) - 64-bit only

Note: Version 17.04 is End Of Life.

Step 1 Enter the following command to install the 64-bit library:

Step 2 Download the 64-bit version of Firefox from http://www.mozilla.com and install it on /usr/local/firefox.
The client looks in this directory first for the NSS crypto libraries it needs.

Step 3 Enter the following command to extract the Firefox installation to the directory indicated:

Step 4 Run Firefox at least once as the user who will use AnyConnect.

Doing so creates the .mozilla/firefox profile in the user's home directory, which is required by
AnyConnect for interacting with the Firefox certificate store.

Step 5 Install the AnyConnect client in standalone mode.

Step 6 Launch your web browser and go https://vpn.warwick.ac.uk

  • Log in with your IT Services username and password.
  • The Java Applet will run and try and install the client automatically, which will fail. However, you will be offered a link to download the client for manual installation.
  • Download the file which is called vpnsetup.sh

Step 7 Launch Gnome-Terminal (in the GNOME Menu under Applications -> Accessories -> Terminal) and navigate to where you saved the file and run it. If you don't know where it was saved it's probably in a directory called Downloads.

You can then launch the client using the icon 'Cisco AnyConnect VPN Client' in the GNOME menu under Applications -> Internet.
When you run the client for the first time you may have to enter vpn.warwick.ac.uk in the 'Connect to:' field.

If you want to launch the Cisco VPN client from the command line you can do so with

Connecting to the campus VPN using OpenConnect client on Linux.

Tested with GNOME desktop environment on Fedora 26 and CentOS 7.4.

Note: The OpenConnect client is unsupported by Cisco, and is for use as an alternative to the Cisco AnyConnect client for Linux users.

1] Install these two packages: NetworkManager-openconnect NetworkManager-openconnect-gnome

2] Run this command as a regular user

To connect to the VPN you can use this command

or use the GNOME System Menu

Uninstalling the AnyConnect client

Command Line Windows 10

Windows:

  1. Open the Control Panel.
  2. Open Programs and then Programs and Features (Windows 7 & Vista) or Add/Remove Programs (Windows XP).
  3. Find the entry for Cisco AnyConnect VPN Client, select it and then click on the Uninstall button (Windows 7 & Visa) or Remove button (Winows XP) to uninstalled it.

Mac OSX:

  1. Open the Applications folder and then the Cisco folder.
  2. Double click on Uninstall AnyConnect to start the uninstall process.
  3. Follow the prompts to uninstall
Anyconnect

Linux:

  1. Uninstalling the client
  2. The client comes with an uninstallation script
  3. However it doesn't actually uninstall everything properly, it removes files but leaves behind directories. You can clean up what it leaves behind by deleting the directory /opt/cisco/
  4. The per-user configuration is stored in your home directory in a file called .anyconnect


Table Of Contents


Using the VPN Client Command-Line Interface

This chapter explains how to use the VPN Client command-line interface (CLI) to connect to a Cisco VPN device, generate statistical reports, and disconnect from the device. You can create your own script files that use the CLI commands to perform routine tasks, such as connect to a corporate server, run reports, and then disconnect from the server.

CLI Commands

This section lists each command, its syntax, and gives an example. It is organized by task.

Displaying a List of VPN Client Commands

To get a list of all VPN Client commands, go to the directory that contains the VPN Client software, and enter the vpnclient command at the command-line prompt:

C:Program FilesCisco SystemsVPN Client>vpnclient
Copyright (C) 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on WinNT
Usage:
vpnclient connect <profile> [user <username>][eraseuserpwd | pwd <password>]
vpnclient disconnect
vpnclient stat [reset] [traffic] [tunnel] [route] [firewall] [repeat]
vpnclient verify [autoinitconfig]

Starting a Connection—vpnclient connect

To start a connection, enter the following command:

vpnclient connect <profile> [user <username>][eraseuserpwd | pwd <password>]

Table 4-1 lists the command options you can use with the vpnclient connect command, includes the task that each option performs, and gives an example of each option.

Table 4-1 Command Line Options

Definition

profile

Name of the connection entry (.pcf file), that you have previously configured. Required.

If the filename contains spaces, enclose it in double quotes on the command line.

Example: vpnclient connect 'to work'

user

Specifies a username for authentication; with the pwd option, suppresses the username prompt in authentication dialog. Optional.

Updates the username in the .pcf file with this name. However, if the name supplied is not valid, the VPN Client displays the authentication dialog on a subsequent request.

Example: vpnclient connect user robron pwd siltango toVPN

eraseuserpwd

Erases the user password saved on the Client PC thereby forcing the VPN Client to prompt for a password.
Optional.

You might have configured a connection with Saved Password to suppress a password prompt when connecting using a batch file. You can then use the eraseuserpwd to return to the more secure state of requiring password input from the console when connecting.

Example: vpnclient connect eraseuserpwd toVPN

pwd

Specifies a password for authentication; with the user option on the command line, suppresses the password prompt in authentication dialog.
Optional.

If the password supplied is not valid, the VPN Client displays the authentication dialog on a subsequent request. After encrypting and using the password for the connection, the VPN Dialer clears the password in the .pcf file. Using this option on the command line compromises security and is not recommended.

Example: vpnclient connect user robron pwd siltango toVPN

nocertpwd

Suppresses prompting for a certificate password.
Optional.

Example: vpnclient connect nocertpwd toVPN

notrayicon

Suppresses display of the dialer icon in the Windows system tray (lower right corner of your screen).
Optional.

This parameter lets you suppress prompting when the connection is disconnected using the vpnclient disconnect command (see ' Note on Notrayicon Parameter'). If you use this parameter, you cannot use the sd parameter.

Example: vpnclient connect notrayicon toVPN

sd

Silent disconnect. Suppresses connection terminating messages, such as 'Your IPSec connection has been terminated.'
Optional.

You can use this parameter to improve the automatic connection process. If you use this parameter, you cannot use the notrayicon parameter. Unlike the notrayicon, the sd option adds the lock icon to the system tray, which provides access to statistics and connection parameters.

Example: vpnclientconnect sd towork


Note on Notrayicon Parameter

When you connect using the vpnclient connect command, the connection icon (lock) displays in the system tray in the lower right corner of your screen. In this case, when you then use the vpnclient disconnect command to disconnect from the VPN device, the VPN Client displays the message:

Your IPSec connection has been terminated [OK].

You must then click OK to continue.

However, if you include the notrayicon argument in your command-line string, no icon appears in the system tray. When you disconnect, the above message does not occur. Also the 'Disconnect VPN connection when logging off' feature is not in effect (see first Note).

Note When you use the notrayicon option either directly on the command line or in a batch file, make sure that you issue a vpnclient disconnect command before logging off or your VPN connection remains active.

Note If you click on the VPN Dialer option in the Cisco System VPN Client list of applications, after you have used the notrayicon on the command line, the lock icon appears on the system tray.

Example 4-1 vpnclient connect Command

This section shows an example of the vpnclient connect command that connects you to the Documentation Server using the profile name 'Docserver.'

C:Program FilesCisco SystemsVPN Clientvpnclient connect Docserver

Uninstall Cisco Anyconnect Command Line

Copyright <C> 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on WinNT
Initializing the IPSec link.
Authenticating user.

At this point, the VPN Client displays an authentication dialog box that prompts for your username and password.

Figure 4-1 Authenticating a User

Cisco anyconnect command line connect

After you enter your name and password, authentication succeeds, and the command continues executing.

Negotiating security policies.
Your link is secure.

Example 4-2 vpnclient connect Command Using Parameters

The following command connects to the remote network without user interaction. Notice that the password appears on the command line in clear text.

C:Program FilesCisco SystemsVPN Clientvpnclient connect Docserver user ronrob pwd silvertango
Copyright <C> 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on: 4.0.1381
Initializing the IPSec link.
Authenticating user.
Negotiating security policies.
Your link is secure.

Displaying a Notification—vpnclient notify

When you connect using the notrayicon option, you can display a notification using the vpnclient notify command:

Example 4-3 vpnclient notify Command

The following session shows how to use the vpnclient notify command to display a notification from a network administrator.

C:Program FilesCisco SystemsVPN Clientvpnclient connect notrayicon Docserver
Copyright <C> 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on: 4.0.1381
Initializing the IPSec link.
Authenticating user.
Negotiating security policies.
Your link is secure.
C:Program FilesCisco SystemsVpn Clientvpnclient notify
Copyright <C> 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on: 4.0.1381
Notification:
Cisco Anyconnect Command Line
Your network administrator has placed an update of the Cisco Systems VPN Client at the following location:

Displaying an Automatic VPN Initiation Configuration

To display your configuration for auto initiation, enter the following command:

vpnclient verify autoinitconfig

Note If the mask in the output display does not match the value in the profile, then the mask is invalid. An invalid mask is displayed as 255.255.255.255

Example 4-4 vpnclient verify Command

The following command shows your auto initiation configuration for three access points.

c:Program FilesCisco SystemsVPN Client>vpnclient verify autoinitconfig
Copyright <C> 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on: 4.0.1381
Auto-initiation Configuration Information.
Retry Interval: 2
Mask: 255.0.0.0
List Entry 1: Network: 20.20.20.20
Connection Entry: 'SalesB'
Mask: 255.0.0.0

Ending a Connection—vpnclient disconnect

To disconnect from your session, enter the following command:

vpnclient disconnect

Example 4-5 vpnclient disconnect Command

The following command disconnects you from your secure connection.

C:Program FilesCisco SystemsVPN Clientvpnclient disconnect
Copyright <C> 1998-2002 Cisco Systems, Inc. All Rights Reserved.
Running on: 4.0.1381
Disconnecting the IPSEC link.

Displaying Information About Your Connection—vpnclient stat

To generate status information about your connection, enter the following command:

vpnclient stat [reset] [traffic] [tunnel] [route] [firewall] [repeat]

When entered without any of the optional parameters, the vpnclient stat command displays all status information. The following parameters are optional:

reset

Restarts all connection counts from zero. SA stats are not reset.

traffic

Displays a summary of bytes in and out, packets encrypted and decrypted, packets bypassed, and packets discarded.

tunnel

Displays IPSec tunneling information.

route

Displays configured routes.

firewall

Identifies the type of filewall in use and displays information generated by the firewall configuration.

repeat

Provides a continuous display, refreshing it every few seconds. To end the display, press <ctrl-C>.


The following examples show sample output from the vpnclient stat command. For more information on statistical output, see VPN Client User Guide for Windows.

Example 4-6 vpnclient stat Command

Following is an example of the information that the vpnclient stat command displays.

Example 4-7 vpnclient stat reset Command

The vpnclient stat reset command resets all connection counters.

Example 4-8 vpnclient stat traffic Command

Here is a sample of the information that the vpnclient stat traffic command generates.

Example 4-9 vpnclient stat tunnel Command

To display only tunneling information, use the vpnclient stat tunnel command. Here is a sample.

Example 4-10 vpnclient stat route Command

The vpclient stat route command displays information similar to the following display.

Example 4-11 vpnclient stat firewall Command

The vpnclient stat firewall command displays information similar to the following display.

Return Codes

This section lists the error levels (return codes) that you can receive when using the VPN Client command-line interface.

Message

200

SUCCESS_START

The VPN Client connection started successfully.

201

The VPN Client connection has ended.

202

SUCCESS_STAT

The VPN Client has generated statistical information successfully.

203

The enumppp command has succeeded. This command lists phone book entries when connecting to the Internet via dial-up.

1

ERR_UNKNOWN

An unidentifiable error has occurred during command-line parsing.

2

Command is missing from command-line input.

3

ERR_BAD_COMMAND

There is an error in the command entered; check spelling.

4

The command-line input is missing required parameter(s).

5

ERR_BAD_PARAMS

The parameter(s) in the command input are incorrect; check spelling.

6

The command-line input contains too many parameters.

7

ERR_NO_PARAMS_NEEDED

The command entered does not require parameters.

8

Interprocess communication error occurred attaching to the generic interface.

9

ERR_DETACH_FAILED

Interprocess communication error occurred detaching from the generic interface.

10

The VPN Client failed to read the profile.

11

ERR_PWD_MISMATCHED

Reserved

12

The password contains too many characters. The group password limit is 32 characters; the certificate password limit is 255 characters.

13

ERR_TOO_MANY_TRIES

Attempts to enter a valid password have exceed the amount allowed. The limit is three times.

14

The connection attempt has failed; unable to connect.

15

ERR_STOP_FAILED

The disconnect action has failed; unable to disconnect.

16

The attempt to display connection status has failed.

17

ERR_ENUM_FAILED

Unable to list phonebook entries.

18

A serious interprocess communication error has occurred.

19

ERR_SET_HANDLER_FAILED

Set console control handler failed.

20

Attempt to clean up after a user break failed.

21

ERR_OUT_OF_MEMORY

Out of memory. Memory allocation failed.

22

Internal display error.

23

ERR_UNEXPECTED_CALLBACK

In communicating with the Connection Manager, an unexpected callback (response) occurred.

24

User quit at a banner requesting 'continue?'

25

ERR_GUI_RUNNING

Cannot use the command-line interface when connected through the graphical interface dialer application.

26

The attempt to set the working directory has failed. This is the directory where the program files reside.

27

ERR_NOT_CONNECTED

Attempt to display status has failed because there is no connection in effect.

28

The group name configured for the connection is too long. The limit is 128 characters.

29

ERR_BAD_GROUP_PWD

The group password configured for the connection is too long. The limit is 32 characters.

30

The authentication type configured for the connection is invalid.

31

RESERVED_01

Reserved.

32

Reserved.

33

ERR_COMMUNICATION_TIMED_OUT

Interprocess communication timed out.

34

Failed to launch a third-party dialer.

35

ERR_DAEMON_NOT_RUNNING (CVPND.EXE)—Non-Windows only

Connection needs to be established for command to execute.

36

ERR_DAEMON_ALREADY_RUNNING (CVPND.EXE)—Non-Windows only

Command cannot work because connection is already established.


Application Example

Here is an example of a DOS batch file (.bat) that uses CLI commands to connect to the corporate office from a branch office, run an application, and then disconnect from the corporate site.

rem assume you have generated a report in the middle of the night that needs


vpnclient connect sd myprofile
rem check return code from vpnclient call....
rem if okay continue and copy report
copy report.xls mycorpserverdirectoryovernight_reports /v
rem now disconnect the VPN connection

Command Line Interface

echo Spreadsheet uploaded

Cisco Anyconnect Command Line Username Password

:failed

Cisco Anyconnect Cli

:end


Posted: Mon Apr 18 08:21:38 PDT 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.


Cisco Anyconnect Command Line Linux