|
|
This chapter describes common operations using the command-line interface. You can create your own script files that use the CLI commands to perform routine tasks, such as connect to a corporate server, run reports, and then disconnect from the server.
For more detailed information about using the VPN Client command-line interface, see the Cisco VPN Client Administrator Guide.
To display a list of available VPN Client commands, locate the directory that contains the VPN Client software and enter the vpnclient command at the command line prompt.
The following example shows the command and the information that is displayed:
This section describes how to establish a VPN connection using the vpnclient connect command and optional command parameters.
 |
Note If you are connecting to a VPN device by using Telnet or SSH, check to see if the device allows split tunneling. If it does not, you lose connectivity to your VPN device after making a VPN connection. |
To establish a connection, enter the following command:
The parameters for the vpnclient connect command are described in Table 4-2.
Table 4-1 Parameters for the vpnclient connect Command
| Parameter | Description |
|---|---|
The name of the user profile configured for this connection entry (.pcf file). Enter the profile name without the .pcf file extension. If your profile name contains spaces, enclose it in double quotation marks on the command line. |
|
The username configured for this connection entry. If you use this option with the pwd option, the username prompt is suppressed in the authentication dialog box. |
|
Suppresses the prompt for a certificate password and assumes that the password is blank. If you use this option, you cannot set a password for your certificate. For more information, see the "Certificate Passwords" section. |
|
Note If your user profile is configured with the SaveUserPassword keyword set to the default, the password is saved locally. |
For more information on profiles, see "User Profiles.".
Depending on the parameters that have been configured in your user profile, you are prompted for the following passwords:
If your VPN Client has been configured to use SecurID or RADIUS authentication, you are also prompted for those passwords.
See your administrator for any security information.
When the connection is established, the VPN Client window stays in the foreground to allow the VPN Client to be reauthenticated during a rekey by the VPN device. To send the VPN Client window to the background, press Ctrl-Z and enter the bg command at the command line prompt.
If the VPN device you are connecting to is configured to support rekeying and you send the VPN Client window to the background, the tunnel disconnects when the first rekey occurs.
The VPN Client responds to rekey triggers based on time, not data. If you want VPN Client connections rekeyed, you must configure the concentrator so that the IKE proposal is set to rekey every 1800 seconds and IPSec parameters are set to rekey every 600 seconds.
You can configure the concentrator to send the IP addresses of DNS servers to the VPN Client to use during tunnel sessions.
If the client receives the DNS server settings, it copies the file /etc/resolv.conf to a backup file /etc/resolv.conf.vpnbackup. When the tunnel closes, the original contents of /etc/resolv.conf are restored.
|
Note Refer to the configuration guide for your VPN device for information on DNS server settings. |
This section describes methods for disconnecting the VPN Client.
To disconnect from your session, use one of the following methods:
The following example shows the command that disconnects you from your secure connection and the prompts that appear.
This section describes the VPN Client statistics command vpnclient stat and its optional parameters.
To generate status information about your connection, enter the following command:
If you enter this command without any of the optional parameters, the vpnclient stat command displays all status information. The optional parameters are described in Table 4-2.
Table 4-2 Optional Parameters for the vpnclient stat Command
This section shows examples of output from the different options for the vpnclient stat command.
To reset all connection counters, use the vpnclient stat reset command.
This section provides information on event logging, including how to capture and view logging information.
You must be a system administrator or have access to the global profile (vpnclient.ini) to enable logging.
To enable logging, set EnableLog=1, To disable logging, set EnableLog=0.
The global profile, located in /etc/CiscoSystemsVPNClient/vpnclient.ini, must include the following parameters:
The VPN Client for Linux and Solaris supports log levels from 1 (lowest) to 15 (highest).
For more information about the global profile, refer to the Cisco VPN Client Administrator Guide.
To view logging information, enter the following command:
|
Note If you did not use the default directory /usr/local/bin during installation, you must enter logging commands using your chosen path. |
When you launch the ipseclog application, it appends any previous ipseclog files.
To view logging information in real time, enter the following command after you start the ipseclog:
The ipseclog does not automatically go to the background. To send the ipseclog to the background, press Ctrl-Z and enter the bg on the command line, or enter the ampersand symbol (&) at the end of the view command, as shown in the following example:
If the ipseclog is in the background, you must send it to the foreground before you end the VPN Client application. To send the ipseclog to the foreground, enter fg on the command line.
When the VPN Client receives an auto-update notification from the VPN remote access device, it logs the notification, but takes no further action.
To receive auto-update messages and other notifications from the network administrator, use the vpnclient notify command.
The following example shows the vpnclient notify command and an example of an auto-update notification from the VPN device:
Posted: Thu May 22 04:43:47 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.