C:/ProgramData/Cisco/Cisco Anyconnect Secure Mobility Client. You can open a file named ' AnyConnectLocalPolicy.xml '. When you open it you should have FIPS as false. It will then lunch the Anyconnect Command Line Interface and type the variables in connecting the user to the VPN. If the login fails the login it will notify the user with a popup and restart the script. Next it will re-map a share drive using the saved credentials. This will allow multiple users to utilize this script on one computer.
| This article refers to the Cisco AnyConnect VPN. If you're looking for information on the Prisma Access VPN Beta that uses the GobalConnect app, see: Prisma Access VPN Landing Page. If you're not sure which service you're using, see: How do I know if I'm using the Cisco AnyConnect VPN or the Prisma Access VPN? |
On this page:
Overview
Cisco's AnyConnect Secure Mobility Client is a Virtual Private Network (VPN) client that works on a wide variety of operating systems and hardware configurations. For more information about VPNs, see: Virtual Private Network at MIT. The new Cisco AnyConnect Secure Mobility Client and service will work under Mac OS X, Windows, and Linux. There are also device-specific versions for many common mobile devices such as iPad, iPhone or Android phones.
Note: You must have an active connection to the Internet and an MIT Duo enabled device before proceeding.
Install the Client for Your Platform and Connect to vpn.mit.edu/duo
Cisco Anyconnect Secure Mobility Client Command Line Login
Please use the following documentation for Windows, Mac OS, Linux, or mobile device in order to install and run the Cisco AnyConnect VPN client:
- Mac OS X:Install and Run the Cisco AnyConnect client for VPN connectivity on Mac OS X including Duo
- Windows:Install and Run Cisco's AnyConnect client for VPN connectivity on Windows including Duo
- Linux:How can I connect to the MIT VPN via Linux with duo?
- Mobile Devices: Device specific solutions linked from [archive:Mobile Device Support]
- What should I enter for the Cisco AnyConnect Secure Mobility Client VPN prompt (including Duo)?
See Also
Introduction
This document describes the custom installation process for Anyconnect with the use of the MAC command line.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Anyconnect
- MacOS x 10.14.6
Components Used
The information used in the document is based on this software:
Cisco Anyconnect Secure Mobility Client Command Line Tutorial
MacOS X 10.14.6
Anyconnect 4.8 MR2
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Background Information
There are 2 deployment types for Anyconnect, one is a weddeploy based installation which is automatically installed by a Cisco Firewall or Router, and a pre-deploy installation, which requires user intervention.
In this scenario, the pre-deploy installation is customized on MAC endpoints to only instal the selected modules.
Method 1
Step 1. Convert the .dmg Package
Convert the .dmg package from a read-only state to read-write, with the use of Disk Utility or hdiutil as shown in the image.
hdiutil convert anyconnect-macos-4.8.02045-predeploy-k9.dmg -format UDRW -o anyconnect-macos-4.8.02045-predeploy-k9-rw.dmg
Step 2. Run the Converted File
Run the converted file anyconnect-macos-4.8.02045-predeploy-k9-rw.dmg in order to initiate the installation process.
Step 3. Generate the Installer XML File
This example is intended to send all the installer options to a text file called vpn_install_choices.xml, which is located in the Downloads folder. For example:
Step 4. Extract the Install Options
The code presented, is an XML code extracted from the vpn_install_choises.xml file, it contains the necessary code to custom install all the Anyconnect modules:
Step 5. Save the Code with the Required Modules
Save the new code (overwrite the original file vpn_install_choices.xml) and modify it to either skip (0) or install (1) the modules.
For this example, VPN, web security, AMP, DART, posture, ISE posture and Umbrella modules are set to 1 in the integer value, in order to get installed.
The integer value for the NVM module is set to 0, in order to be skipped by the installation package.
Step 6. Locate the Install Choices File
The vpn_install_choices.xml file is now available in the /Volumes/AnyConnect 4.8.02045/ directory, as shown in the image.
Step 7. Install Anyconnect via Command Line
Install the Anyconnect client, based on the XML vpn_install_choices.xml file. As shown in the image:
Cisco Anyconnect Secure Mobility Client Command Line Download
Method 2
Step 1. Convert the .dmg Package
Convert the dmg package from a read-only state to read-write, with the use of Disk Utility or hdiutil as shown in the image.
Step 2. Convert the Installation Package
Convert the .pkg file into .zip as shown in the image.
Step 3. Extract the .zip File
Step 4. Install the Desired Modules
You can now install module by module, the VPN module must be installed first with the core-vpn-webdeploy-k9.dmg as shown in the image.
Verify
In order to verify the Anyconnect installation and the selected modules, in the Anyconnect application, navigate to the Apple's Menu Bar > Cisco Anyconnect Secure Mobility Client and select About Cisco AnyConnect as shown in the image.
Confirm the Installed Modules section as shown in the image.