Automating Cisco AnyConnect Secure Mobility Client on Mac OS X

Do you hate having to manually enter the password in order to connect to a Cisco VPN? Well, I do. And I have found that instead of relying on the Cisco AnyConnect Security Mobility Client GUI application, one can use the command-line counterpart to automate VPN login.

Provided that you can log into your VPN using the graphical client, you can automate VPN login by using the following shell script:

cat > start_vpn.sh
#!/bin/bash
/opt/cisco/anyconnect/bin/vpn -s << EOF
connect https://your.cisco.vpn.hostname/vpn_name
here_goes_your_username
here_goes_your_passwordy
EOF
^D
# chmod +x start_vpn.sh

To connect:

# ./start_vpn.sh
Cisco AnyConnect Secure Mobility Client (version 3.1.05152) .

Copyright (c) 2004 - 2013 Cisco Systems, Inc.  All Rights Reserved.


  >> state: Disconnected
  >> state: Disconnected
  >> notice: Ready to connect.
  >> registered with local VPN subsystem.
  >> contacting host (https://your.cisco.vpn.hostname/vpn_name) for login information...
  >> notice: Contacting https://your.cisco.vpn.hostname/vpn_name.

  >> notice: Please respond to banner.

Welcome to VPN.

  >> state: Connecting
  >> notice: Establishing VPN session...
  >> notice: Checking for profile updates...
  >> notice: Checking for product updates...
  >> notice: Checking for customization updates...
  >> notice: Performing any required updates...
  >> state: Connecting
  >> notice: Establishing VPN session...
  >> notice: Establishing VPN - Initiating connection...
  >> notice: Establishing VPN - Examining system...
  >> notice: Establishing VPN - Activating VPN adapter...
  >> notice: Establishing VPN - Configuring system...
  >> notice: Establishing VPN...
  >> state: Connected
VPN> goodbye...
  >> note: VPN Connection is still active.

To disconnect:

# /opt/cisco/anyconnect/bin/vpn/disconnect

Cisco AnyConnect Web security module (acwebsecagent) in Mac OS X

The Cisco AnyConnect Client on Mac OS X seems to install two components: the VPN client and a Web security module. Based on my experience, the Web security module is always running (as a process named acwebsecagent)¬†and consuming network bandwidth. If you don’t need the Web security module, you can uninstall it by running:

To uninstall the Web security module, just run:

sudo /opt/cisco/anyconnect/bin/websecurity_uninstall.sh

Credit for this: No to Cisco Web Security

Resetting Cisco IOS configuration

You can use the following Cisco IOS commands to reset the Cisco configuration back to factory defaults:

write erase

This will clear the startup-config and fill it up with factory defaults.

delete flash:vlan.dat

Most Cisco IOS switches keep VLAN configuration data — like VTP protocol data, active VLANs, and so on — in flash memory, in a file called vlan.dat.