Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Running VPN scripts

Status
Not open for further replies.

cepacs

Technical User
Jun 3, 2008
32
US
Is there a way to configure the ASA to run a script when users connect thru VPN? I'd like to do this without having scripts that launch from the client end because we want to make it easy for the users.
 
no, this is a security device. try setting up radius or tacacs that may fit your 'script' needs.

what sort of script are you trying to run?
 
I want to map a drive to the user's home directory on a server. I could make a VB program that they can save on their home PCs and launch after making a VPN connection, but I wish there was a way to say to them "just download and install Cisco AnyConnect" and not have to give them other things to download and more instructions.

I just wish our users only had to make a VPN connection and then have the mappings happen automatically. Some of our users are technically challenged and would have a hard time if it involved more than making the VPN connection.
 
as long as you are running active directory this is no problem. the option you are looking for is called start before logon (SBL). i'm assuming that users connect to your WebVPN portal and have the AnyConnect client automatically download to the PC's?? when you do that and configure the SBL feature an additional piece is downloaded and installed on their machines. it works really slick. follow these instructions on getting it configured:

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
There's only a few of us using the VPN. I downloaded AnyConnect from Cisco and I have given the install file to a few employees on their flash drives.

Looking at SBL, it seems that the client machine must be joined to the domain... is this the case? If so, I wouldn't want our users to be joining their home PCs to our domain.
 
if that's the case then you'll have to have them manually execute the script

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
If you don't want them to join the domain with their home pc's than why are you letting them map a drive to your server? Thats not a good idea from a security perspective.
 
It's not that I don't trust them joining their home PCs to the domain, they only have access to their home directory. The reason I don't want them joining to our domain is because I don't want to be trouble shooting problems with workers' home PCs. I don't want people saying to me, "ever since I put my home PC in the domain, it's been running slow... can you look at it for me?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top