Client VPN IPSEC cisco V5 PB 4/02/2009
Le client VPN Cisco V5 permet a un poste client Windows (XP / Vista) une connexion a une passerelle ASA 5500 series en IPSEC via les ports UP 500 et 4500. Il se presente sous forme d'un fichier auto extractible de 11 meg, la dernière version étant : vpnclient-win-msi-5.0.04.0300-k9.exe Une fois l'extraction faite on retrouve les fichiers suivants : elayinst.exe installservice.exe instmsi.exe instmsiw.exe sig.dat vpnclient_fc.mst vpnclient_jp.mst vpnclient_setup.exe vpnclient_setup.ini vpnclient_setup.msi vpnclient_setup.sms 1) Installation du client L'installation du client VPN nécessite - un compte administrateur. - un reboot en fin d'installation. Le package vpnclient_setup.msi permet une installation silencieuse via le service MSI : msiexec.exe /q /log "nom fichier log" /i vpnclient_setup.msi 2) Configuration du client Le client nécessite les paramètres suivants au niveau d'un profile de connexion : Nom du profile (exemple:asa-test) Host : nom NS ou adresse ip de la passerelle VPN. Nom du groupe d'authentification (exemple : IPSEC_CISCO) Password : clé partagée associée au groupe Cette configuration se retrouve au niveau d'un fichier profile (extension PCF) dans le sous répertoire Profiles du produit client (x:\program files\cisco systems\vpn client\profiles). Il suffit donc, une fois le client installé, de copier ce fichier profile (exemple asa-test.pcf) dans le sous répertoire Profiles.
3) utilisation du client VPN dans un fichier de commandes Le client VPN peut être manipulé dans des fichiers de commandes via l'exécutable vpnclient.exe Pour la connexion : vpnclient connect "nom profile de connexion" user «compte utilisateur «pwd «mot de passe» stdin sd Pour la deconnexion : vpnclient disconnect Voir la liste des codes retour de vpnclient.exe en annexe.
Codes retour VPNCLIENT Return Code Message Meaning 200 SUCCESS_START The VPN Client connection started successfully. 201 SUCCESS_STOP The VPN Client connection has ended. 202 SUCCESS_STAT The VPN Client has generated statistical information successfully. 203 SUCCESS_ENUMPP P The enumppp command has succeeded. This command lists phone book entries when connecting to the Internet via dial-up. 1 ERR_UNKNOWN An unidentifiable error has occurred during command-line parsing. 2 ERR_MISSING_CO MMAN 3 ERR_BA_COMMAN Command is missing from command-line input. There is an error in the command entered; check spelling. 4 ERR_MISSING_PA RAMS The command-line input is missing required parameter(s). 5 ERR_BA_PARAMS The parameter(s) in the command input are incorrect; check spelling. 6 ERR_TOO_MANY_P ARAMS 7 ERR_NO_PARAMS_ NEEE 8 ERR_ATTACH_FAI LE 9 ERR_ETACH_FAI LE The command-line input contains too many parameters. The command entered does not require parameters. Interprocess communication error occurred attaching to the generic interface. Interprocess communication error occurred detaching from the generic interface. 10 ERR_NO_PROFILE The VPN Client failed to read the profile. 11 ERR_PW_MISMAT CHE 12 ERR_PW_TOO_LO NG 13 ERR_TOO_MANY_T RIES 14 ERR_START_FAIL E Reserved The password contains too many characters. The group password limit is 128 characters; the certificate password limit is 255 characters. Attempts to enter a valid password have exceed the amount allowed. The limit is three times. The connection attempt has failed; unable to connect. 15 ERR_STOP_FAILE 16 ERR_STAT_FAILE 17 ERR_ENUM_FAILE 18 ERR_COMMUNICAT ION_FAILE The disconnect action has failed; unable to disconnect. The attempt to display connection status has failed. Unable to list phonebook entries. A serious interprocess communication error has occurred. 19 ERR_SET_HANLE R_FAILE 20 ERR_CLEAR_HAN LER_FAILE 21 ERR_OUT_OF_MEM ORY 22 ERR_BA_INTERF ACE 23 ERR_UNEXPECTE _CALLBACK Set console control handler failed. Attempt to clean up after a user break failed. Out of memory. Memory allocation failed. Internal display error. In communicating with the Connection Manager, an unexpected callback (response) occurred. 24 ERR_O_NOT_CON User quit at a banner requesting continue?
TINUE 25 ERR_GUI_RUNNIN G Cannot use the command-line interface when connected through the graphical interface dialer application. 26 ERR_SET_WORK_ IR_FAILE 27 ERR_NOT_CONNEC TE 28 ERR_BA_GROUP_ NAME 29 ERR_BA_GROUP_ PW 30 ERR_BA_AUTHTY PE 31 RESERVE_01 Reserved. 32 RESERVE_02 Reserved. 33 ERR_COMMUNICAT ION_TIME_OUT 34 ERR_BA_3R_PA RTY_IAL 35 ERR_AEMON_NOT _RUNNING (CVPN.EXE) Non-Windows only 36 ERR_AEMON_ALR EAY_RUNNING (CVPN.EXE) Non-Windows only The attempt to set the working directory has failed. This is the directory where the program files reside. Attempt to display status has failed because there is no connection in effect. The group name configured for the connection is too long. The limit is 128 characters. The group password configured for the connection is too long. The limit is 128 characters. The authentication type configured for the connection is invalid. Interprocess communication timed out. Failed to launch a third-party dialer. Connection needs to be established for command to execute. Command cannot work because connection is already established.