06-16-2012 01:01 AM - edited 02-21-2020 06:08 PM
Dear Cisco AnyConnect VPN developers/users. I have a need to fully automate the connect and disconnect of the Cisco AnyConnect VPN client for my business and am looking for someone who can answer/help solve what it seems no one else in the world can...
I run a remote monitoring service that monitors (primarily) SQL Servers. Every single one (~20) of my clients (except one) run ipsec VPNs that I can connect/disconnect to/from in a fully automated way using a command line interface (CLI). The VPN clients I use for those include SonicWall, Windows VPN, Shrewsoft, and the "regulare" ipsec Cisco VPN client.
I have one client, however, that is using SSL VPN and I guess I must use the Cisco AnyConnect VPN client to connect to their VPN. It seems that Cisco never imagined (seriously?) that someone might want to fully automate the use of the AnyConnect SSL VPN?! Don't they realize that even a sysadmin might want to run some simple remote automated monitoring of their system that alerts if issues exist?
After hours of searching and trying every google article I can find, I still cannot get the AnyConnect to be fully automated. Every solution posted either doesn't work or requires inputting the password. I also don't see any method for a graceful disconnect. I've seen one or two complex solution posts that would require me to be a c# or .net developer so those I can't use.
Does anyone one how to do this? Are there other SSL VPNs with CLIs that I can use as an AnyConnect substitue? I'm at a loss for words that Cisco didn't provide an adequate CLI for this tool :-(
Thank you,
Jason Gerrish
06-16-2012 11:11 AM
Have you thought about and is it an option to use certifcate-only authentication for that particular connection? I haven't done it personally but it seems if that were all pre-configured you could then use:
vpncli connect
and the connection should authenticate based on your local authentication certificate.
06-29-2012 03:28 PM
Hello Marvin. I'm not quite sure how to do that. Do you have any links or instructions that would help me give that a try? Would I still be able to use AnyConnect for other connections too? I do need to connect to at least 2 different AnyConnect VPNs.
Thank you,
Jason
06-29-2012 03:45 PM
Your customer who administers the ASA would have to set your up for certificate only authentication. Instructions for this are located here.
Ideally, and to make it as automated as possible, you would have a device certificate on your remote access client. You would share a copy of that with your customers who would put it on their ASAs and reference it in the profiles they assign to you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide