Re: Create BAT to run VPN Connection

PibeDeOro · ‎12-30-2019

Hi all,

I will need your help in order to create a VPN Connection .BAT script.

I am able to connect manually through Anyconnect to a predefined connection.
But I would like to setup it with a batch.

I use the V.4.7.04056

I tried to find some information related to this, but it didn't worked.

Are you able to provide me some information related to this?

Thank you for the help.

Rob Ingram · ‎12-30-2019

Hi,

You can use the command vpncli.exe from the CLI to connect or disconnect to an AnyConnect VPN.

The file is located:- "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\" type vpncli.exe -h for usage details. More information here.

HTH

PibeDeOro · ‎12-31-2019

Hi,

Thank you for the answers and help,

I am now able to connect manually through the VPNCLI.exe CMD.
See below result.

VPN> connect 195.xxx.xxx.xxx
>> contacting host (195.xxx.xxx.xxx) for login information...
>> notice: Contacting 195.xxx.xxx.xxx.
AnyConnect cannot verify server: 195.xxx.xxx.xxx
- Certificate does not match the server name.
Connecting to this server may result in a severe security compromise!

Most users do not connect to untrusted servers unless the reason for the error condition is known.

Connect Anyway? [y/n]: y

>> Please enter your username and password.
Group: ABC

Username: [12345] 12345
Password: qwerty

However, I would like to create a BAT file.

I tried to setup it following the link provided and information found on my own.

It do not work for now. See below result.

VPN> connect -s < "C:\Test\Connect.txt"
>> contacting host (-s) for login information...
>> notice: Contacting -s.
>> warning: Connection attempt has failed.
>> warning: Unable to contact -s.
>> error: The VPN connection failed due to unsuccessful domain name resolution.
>> state: Disconnected
>> notice: Ready to connect.

See script in "Connect.txt" file:

connect 195.65.104.2

I do not understand why I get this error message.
The manual connection is working correctly.

Could you please help me to understand it?

Thank you for the help.

Rob Ingram · ‎12-31-2019

You need to connect to the FQDN which is defined in the common name field of your certificate, not the IP address, this is why you are receiving the certificate error. Alternatively add the IP address to the SAN field in your certificate, that would require re-issuing the certificate though.

PibeDeOro · ‎12-31-2019

Hi RJI,

Thank you for the reply.

I get the FQDN (CN) from the certificate provided.See below.

However, when I do the test, I still having the same situation.

VPN> connect internal-XXXXX-XX
>> contacting host (internal-XXXXX-XX) for login information...
>> notice: Contacting internal-XXXXX-XX
>> warning: Connection attempt has failed.
>> warning: Unable to contact internal-XXXXX-XX.
>> error: The VPN connection failed due to unsuccessful domain name resolution.
>> state: Disconnected

Are you able to explain why I get this error message?

Thank you.

Rob Ingram · ‎12-31-2019

Is that the actual FQDN your AnyConnect clients use to connect to the VPN when remote/offsite? Or is that certificate assigned to the internal interface of the ASA?
If you do an nslookup of that hostname does it resolve?

balaji.bandi · ‎12-30-2019

If it is windows 10 Laptop

Try below documetn and script :

https://gerrywilliams.net/2018/04/ps-autolaunch-cisco-anyconnect-vpn/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help