Cisco Anyconnect Command Line

  



Introduction

This document describes the custom installation process for Anyconnect with the use of the MAC command line.

Prerequisites

Requirements

This chapter explains how to use the VPN Client command-line interface (CLI) to connect to a Cisco VPN device, generate statistical reports, and disconnect from the device. You can create your own script files that use the CLI commands to perform routine tasks, such as connect to a corporate server, run reports, and then disconnect from the server. Connect using anyconnect from command lineHelpful? Please support me on Patreon: thanks & praise to God, and with.

Cisco Anyconnect Command Line

Cisco recommends that you have knowledge of these topics:

  • Anyconnect
  • MacOS x 10.14.6

Components Used

The information used in the document is based on this software:

  • MacOS X 10.14.6

  • Anyconnect 4.8 MR2

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Background Information

There are 2 deployment types for Anyconnect, one is a weddeploy based installation which is automatically installed by a Cisco Firewall or Router, and a pre-deploy installation, which requires user intervention.

In this scenario, the pre-deploy installation is customized on MAC endpoints to only instal the selected modules.

Method 1

Uninstall Cisco Anyconnect Command Line

Step 1. Convert the .dmg Package

Convert the .dmg package from a read-only state to read-write, with the use of Disk Utility or hdiutil as shown in the image.

hdiutil convert anyconnect-macos-4.8.02045-predeploy-k9.dmg -format UDRW -o anyconnect-macos-4.8.02045-predeploy-k9-rw.dmg

Cisco Anyconnect Command Line Interface

Step 2. Run the Converted File

Run the converted file anyconnect-macos-4.8.02045-predeploy-k9-rw.dmg in order to initiate the installation process.

Cisco Vpn Command Line

Step 3. Generate the Installer XML File

This example is intended to send all the installer options to a text file called vpn_install_choices.xml, which is located in the Downloads folder. For example:

Step 4. Extract the Install Options

Cisco Anyconnect Command Line Username Password

The code presented, is an XML code extracted from the vpn_install_choises.xml file, it contains the necessary code to custom install all the Anyconnect modules:

Step 5. Save the Code with the Required Modules

File

Save the new code (overwrite the original file vpn_install_choices.xml) and modify it to either skip (0) or install (1) the modules.

For this example, VPN, web security, AMP, DART, posture, ISE posture and Umbrella modules are set to 1 in the integer value, in order to get installed.

The integer value for the NVM module is set to 0, in order to be skipped by the installation package.

Step 6. Locate the Install Choices File

The vpn_install_choices.xml file is now available in the /Volumes/AnyConnect 4.8.02045/ directory, as shown in the image.

Step 7. Install Anyconnect via Command Line

Install the Anyconnect client, based on the XML vpn_install_choices.xml file. As shown in the image:

Method 2

Step 1. Convert the .dmg Package

Convert the dmg package from a read-only state to read-write, with the use of Disk Utility or hdiutil as shown in the image.

Step 2. Convert the Installation Package

Cisco Anyconnect Command Line

Convert the .pkg file into .zip as shown in the image.

Step 3. Extract the .zip File

Step 4. Install the Desired Modules

You can now install module by module, the VPN module must be installed first with the core-vpn-webdeploy-k9.dmg as shown in the image.

Verify

Command

In order to verify the Anyconnect installation and the selected modules, in the Anyconnect application, navigate to the Apple's Menu Bar > Cisco Anyconnect Secure Mobility Client and select About Cisco AnyConnect as shown in the image.

Confirm the Installed Modules section as shown in the image.

Learn how to check VPN connection status on your Windows system from command prompt. Netsh command is used to find connection status of different networks, including the VPN.

Run the below command to find the VPN status

An example run on my Windows 7 computer when I am connected to VPN.

I use Cisco AnyConnect to VPN connect, and the netsh command shows that it’s connected currently!

Even if you use a different VPN client, you should have a corresponding network adapter added into your network connections list. Run the above command and figure out your VPN connection and know it’s connection status.