Refer to the Creating a Global Profile section of Preconfiguring the VPN Client for Remote Users for more information on how to create or use a global profile. In order to create or edit the vpnclient.ini file to activate auto initiation on a VPN Client, you should gather this information. Refer to the Creating a Global Profile section of Preconfiguring the VPN Client for Remote Users for more information on how to create or use a global profile. In order to create or edit the vpnclient.ini file to activate auto initiation on a VPN Client, you should gather this information.
Detects that the PC has an IP address defined as a requirement for auto initiation. Establishes a VPN tunnel to the VPN Concentrator defined for its network, prompts you to authenticate, and allows you network access Although auto initiation was designed for wireless environments, you can use it in any networking environment. Auto initiation provides a generic way for the VPN Client to auto initiate a connection whether the VPN Client PC is based on specific networks or not.
Resolution In order to configure auto initiation for users on the network, you add parameters to the global profile (vpnclient.ini) of the VPN Client. Refer to the section of for more information on how to create or use a global profile. In order to create or edit the vpnclient.ini file to activate auto initiation on a VPN Client, you should gather this information:. The connect flag, if present, indicates the action to take if there is a match.
![Cisco Vpn Client Batch File Cisco Vpn Client Batch File](/uploads/1/2/5/5/125510572/970890903.jpg)
If the Connect parameter is set to 1, the VPN Client should auto initiate; if 0, the VPN Client should not auto initiate. The default setting is 1. This parameter is optional. You can use it to exclude certain network ranges from auto initiation. For example, you can address a situation where Mobile IP and VPN software clients co-exist on client PCs and you want the VPN Client to auto initiate when not on a corporate subnet. Refer to this example of vpnclient.ini File for Auto Initiation: A sales manager travels among three locations, for example, Chicago, Denver, and Laramie, within a corporation, attends sales meetings, and wants to securely and easily initiate a wireless connection at these locations. The vpnclient.ini contains the entries shown in this example.
The connection entry named in each network section points to the profile of the individual(.pcf) for that on-site wireless LAN network. Main AutoInitiationEnable=1 AutoInitiationRetryInterval=3 AutoInitiationList=ChicagoWLAN,DenverWLAN,LaramieWLAN ChicagoWLAN Network=110.110.110.0 Mask=255.255.255.0 ConnectionEntry=Chicago (points to a connection profile named chicago.pcf) DenverWLAN Network=220.220.220.0 Mask=255.255.255.0 ConnectionEntry=Denver (points to a connection profile named denver.pcf) LaramieWLAN Network=221.221.221.0 Mask=255.255.255.0 ConnectionEntry=Laramie (points to a connection profile named laramie.pcf).
This is a really tough thing to do with Windows 7. Previously, with WinXP the VPN client would automatically integrate with the Windows GINA to allow pre-authentication with the VPN host server. Due to UAC and Windows system protection, this is no longer possible. Now you must logon with cached credentials and launch the CiscoVPN client manually. I had to install a Citrix DNE update and create several scripts to get this scenario to work properly and I will discuss each of these as follows: I had to setup the appropriate config/connection file for the Cisco VPN client. This wasn't too hard as we just used our previous config file from WinXP.
We noticed that after installing the Cisco VPN Client, we could not connect to our network. It was very puzzling. After searching on the web A LOT, I came across an article that mentioned installing the Citrix DNE Update to make the Cisco VPN Client work correctly. Why would you need a 3rd party utility? Regardless, it worked like a charm.
I had figure out a way to launch our Logon Script. This is normally launched via Group Policy as an elevated process (admin token) to allow the script to make system changes as necessary and to properly query key system components. The VPN software has feature which allows a program to be launched at the time of connection. However, I found that this launches the program immediately upon hitting the Connect button, prior to the VPN actually connecting and securing the channel and before any domain authentication had occurred. This method wouldn't work at all because the Logon Script would not be available via the DCs or if I had a local copy of the Logon Script on the PC, it would not be able to communicate with the DCs prior to the VPN connection being established. I had to find another way.
I came up with a 'VPN Logon Script' that I assigned to launch at the time of connection. The VPN Logon Script waits for the 3 things to happen and won't proceed until those 3 things have been validated.
They are: Does the HomeShare Exist: servername sharename (obtained from AD query) Does the DC Exist: DCName SYSVOL Does our common DFS Share exist: domain sharename Until these items are able to be verified, the VPN Logon Script waits in the background for up to 90 seconds. When they are available, it executes a local copy of the (normal) Logon Script, kicks off a pre-defined Scheduled Task that maps network drives for the user (runs as the interactive - non-elevated user), and copies some specific shortcuts to the Start Menu. The VPN Client didn't work well with this script however, so I had to devise something different.
The connection was not always available or sometimes wouldn't connect quick enough or sometimes the executable would not launch. It was very unpredictable. I needed a way to determine when the connection was established, so I monitored the system and found that a routing table (routechanges.txt) is created when the connection becomes established. So I wrote a batch file that automatically launches from the VPN client: @Echo OFF Echo 1. Enter your credentials into the logon prompt. Click 'OK' Echo. Set Counter=0:StartTimer ping 1.1.1.1 -n 1 -w 5000 nul Set /A Counter+=1 If%Counter%15 GOTO:ErrMsg If Not Exist 'C: Program Files (x86) Cisco Systems VPN Client routechanges.txt' GOTO:StartTimer:LogonScript Start 'VPN Logon Script' 'C: Program Files (x86) Cisco Systems VPN Client VPNLogonScript.exe' Echo%DATE%%TIME% Logon Script Launched!'
C: Program Files (x86) Cisco Systems VPN Client VPNLogonScript.log' GOTO:EOF:ErrMsg Echo%DATE%%TIME% The connection failed.