Editing the arcotvpnclient.properties File

Adapter for Cisco IPSec VPN Configuration Guide › Configuring VPN Client › Editing the arcotvpnclient.properties File

Editing the arcotvpnclient.properties File

The arcotvpnclient.properties file specifies:

The default and failover URLs to connect to the AFM server, which is also referred to as Arcot Authentication Proxy (AAP).
The mapping between VPN Profile and AAP.
The network timeout settings to specify the connection timeout and read timeout.
The network proxy server settings.
The Cisco VPN client commands that are used to connect, disconnect, and refresh a connection to the Cisco VPN server.
The connection status messages.
The location of the image files used in the VPN Client user interface.

The following table describes the various parameters of the arcotvpnclient.properties file that you must configure. The table is divided into parts that correspond to various sections in the properties file.

Important! In addition to the parameters described in the following table, the arcotvpnclient.properties file contains other parameters. However, you should not modify them for the VPN integration.

Parameter	Required/ Optional	Description

Cisco VPN Client Profile to AAP URL Mapping This section defines the Cisco VPN server parameters.
aap.profile.serverurl. mapping.Profile_Name	Optional	If your Cisco VPN client configuration supports multiple VPN server connections, you need to specify them in the aap.profile.serverurl.mapping.Profile_Name parameter. The connection details are stored as a VPN Profile at the client end, with each profile representing one VPN server. In the file, uncomment this parameter and specify the mapping. You can create as many profile-to-AAP mapping sections as required. Note: If the profile name contains any white space characters, then the profile mapping can be specified by escaping the white space characters with backslash "\". For example, if the profile name is "profile 1", the profile mapping entry should be specified as:app.profile.serverurl.mapping.profile\ 1= https://Host_IP:Port_Number/arcotafm/vpn/master_vpn.jsp
aap.default.serverurl	Required	This AFM URL is used for the profiles that are not mapped to any AAP. In the file, uncomment the aap.default.serverurl parameter and specify the AFM URL. By default, the URL is in HTTPS format. If the application server is enabled for HTTPS and if its certificate is not trusted by the JRE used by VPN Client, then include that certificate in the trust store of the JRE. For example, if the application server is using a self-signed certificate. Note: You can specify multiple (AAP mapping or URL) using comma as the delimiter, as show in the following example: https://Host:Port_Number/arcotafm/vpn/master_vpn.jsp, https://Host:Port_Number/arcotafm/vpn/master_vpn.jsp
aap.monitoring.jsp	Required	VPN Client sends a request to the JSP file specified in this parameter to check whether AAP is running or not. By default, this parameter is set to arcotauthuiMonitor.jsp file. Note: Do not change the value of this parameter.
Network Timeouts This section defines the connection timeout and read timeout values between VPN Client and AFM.
vpnclient.connection. timeout	Optional	The connection timeout parameteAVCr is used to specify the time interval (in milliseconds) for which VPN Client waits for AFM’s response to a new connection request. If VPN Client receives a valid response from AFM within the specified time frame, the connection is establiAVCshed. Else, VPN Client terminates the connection request. By default, this parameter is set to 30000 milliseconds. If you need to specify a different value, uncomment this parameter and specify the required time interval.
vpnclient.read.timeout	Optional	In case of a successful client-server connection, the VPN Client read timeout parameter specifies the time intervaAVCl (in milliseconds) for which VPN Client waits for AFM’s response to a request sent by VPN Client. If AFM fails to respond back in the specified time frame, the connection to AFM is dropped. By default, this parameter is set to 30000 milliseconds. If you need to specify a different value, uncomment this parameter and specify the required time interval.
SSL-Related Settings This section defines the protocol used for the SSL communication.
vpnclient.sslProtocol. Version	Optional	This parameter specifies which version of SSL should be enabled in VPN Client while communicating with the SSL-enabled servers. The possible values are: SSLv3 TLSv1 SSLv2Hello,SSLv3 SSLv2Hello,TLSv1 SSLv2Hello,TLSv1,SSLv3 TLSv1,SSLv3 Default value: SSLv3
verifyHostName	Optional	This parameter specifies whether the host name in the SSL certificate is verified by the VPN Client application or not. By default, this parameter is set to true, which indicates that the host name in the SSL certificate is verified by the VPN Client application. If this parameter is set to true and there is a mismatch in the host name, then the VPN Client application displays an error message. If you do not want the VPN Client application to verify the host name, set the value of this parameter to false. Note: If verifyHostName is set to true, then ensure that the certificate used by AFM matches the domain where it is installed.
Network Proxy Settings The parameters defined in this section are applicable when the end user accesses your enterprise network using a proxy. CA recommends that you do not edit these parameters manually, as they are configured through the proxy server settings screen of the VPN Client application. For more information about configuring proxy server settings in VPN Client, refer to the section "Configuring VPN Client to Work With a Proxy Server" in the CA VPN Client User Guide.
proxyHost	Optional	The host name of the proxy server.
proxyPort	Optional	The port number of the proxy server. Default value: 80
proxyAuthenticationRequired	Optional	Determines whether end users are required to authenticate with the proxy server. Possible values are true and false. Default value: true
proxyUser	Required	The username that the end user uses to authenticate with the proxy server.
proxyPassword	Required	The password that the end user uses to authenticate with the proxy server. Note: The proxyUser and proxyPassword parameters cannot be configured through the arcotvpnclient.properties file as they are configured through the VPN Client proxy server settings screen. These parameters should never be commented and should be specified in the Base64 format only.
last.used.proxy.setting	Optional	This parameter specifies the last proxy setting used in VPN Client. Possible values are: direct system manual Default value:direct Note: These parameters can also be configured using the VPN Client proxy server settings screen. The parameter configurations made in the arcotvpnclient.properties file can be overridden by changes made subsequently through the VPN Client proxy server settings screen. CA recommends that you configure these parameters by using the VPN Client proxy server settings screen.
Cisco VPN Client Commands This section specifies the Cisco VPN client commands that are used to establish a connection with the VPN server, check the connection status, and disconnect from the VPN server. Additionally, you can specify pre- and post-connection commands, if applicable.
vpnclient.connect.command	Required	This parameter specifies the command to establish a connection with the VPN server. For example, the default value of this parameter is as follows: vpnclient.connect.command={base.vpn.client.directory}\\vpngui.exe -sc -user "#username#" -pwd "#password#" "#profile#" Note: – In the preceding command, the {base.vpn.client.directory} variable and the #profile#, #username#, and #password# parameters are replaced by the VPN Client installer, at the time of installation, with the actual values. – If you want to display an icon of the Cisco VPN client application in the system tray, then you must set the value of systray.display to false and specify the connect command as: vpnclient.connect.command={base.vpn.client.directory}\\vpngui.exe -c -user "#username#" -pwd "#password#" "#profile#" For more information on this feature, see Enabling Automatic Termination of the VPN Client Application.
vpnclient.preconnect. command	Optional	This parameter specifies any command that needs to be run before establishing a connection with the VPN server.
vpnclient.postconnect. command	Optional	This parameter specifies any command that needs to be run after a connection with the VPN server has been established.
vpn.cmd.check.status	Required	This parameter specifies the command to update the connection status. For example, the default value of this parameter is as follows: vpn.cmd.check.status={base.vpn.client.directory}\\vpnclient.exe stat traffic Note: In the preceding command, the {base.vpn.client.directory} variable is replaced by the VPN Client installer, at the time of installation, with the actual value.
vpn.cmd.disconnect	Required	This parameter specifies the command to disconnect an active VPN server connection. The default value of this parameter is as follows: vpn.cmd.disconnect={base.vpn.client.directory}\\vpnclient.exe disconnect Note: In the preceding command, the {base.vpn.client.directory} variable is replaced by the VPN Client installer, at the time of installation, with the actual value.
profile.directory. location	Required	This parameter specifies the location of the Cisco VPN client profiles on the end-user’s system. For example, the default value of this parameter is as follows: profile.directory.location={base.vpn.client.directory}\\Profiles Note: In the preceding command, the {base.vpn.client.directory} variable is replaced by the VPN Client installer, at the time of installation, with the actual value.
line.to.grep.for.notconnected	Required	This parameter specifies messages that are returned by the status check command in case of no active connection. For example, the default value of this parameter is as follows: line.to.grep.for.notconnected=No connections exists; Your VPN connection is not active Note: You can specify multiple messages by separating them with a semicolon (;).
line.to.grep.for.connected	Required	This parameter specifies messages that are returned by the status check command if an active connection is found. For example, the default value of this parameter is as follows: line.to.grep.for.connected=Time connected
VPN Client Images Location This section specifies the location of image files used in the VPN Client user interface. You can replace these default images by specifying the path of the image files that you intend to use.
image.appicon	Required	This parameter specifies the location of the image used in the title bar of the VPN Client user interface. By default, it shows the Arcot logo (appicon.gif).
image.connected	Required	This parameter specifies the location of the image file shown in the status bar for an active connection. By default, it is set to display the Arcot logo with green background color (ArcotTrayIconC.gif).
image.disconnected	Required	This parameter specifies the location of the image file shown in the status bar for an inactive connection. By default, it is set to display the Arcot logo with red background color (ArcotTrayIconDC.gif).