Automatic VPN initiation (auto initiation) provides secure connections within an on-site wireless LAN (WLAN) environment through a VPN Concentrator. When auto initiation is configured on the VPN Client, the VPN Client:
- Becomes active immediately when you start the PC or when the PC becomes active after it is on standby or hibernating
- Detects that the PC has an IP address defined as a requirement for auto initiation
- Establishes a VPN tunnel to the VPN Concentrator defined for its network, prompts you to authenticate, and allows you network access
Although auto initiation was designed for wireless environments, you can use it in any networking environment. Auto initiation provides a generic way for the VPN Client to auto initiate a connection whether the VPN Client PC is based on specific networks or not.
In order to configure auto initiation for users on the network, you add parameters to the global profile (vpnclient.ini) of the VPN Client. Refer to the Creating a Global Profile section of Preconfiguring the VPN Client for Remote Users for more information on how to create or use a global profile.
In order to create or edit the vpnclient.ini file to activate auto initiation on a VPN Client, you should gather this information:
- The network IP addresses for the client network
- The subnet mask for the client network
- The names for all connection entries that users use for their connections
In order to configure auto initiation, you must add these keywords and values in the [Main] section of the vpnclient.ini global profile file:
- AutoInitiationEnable—enables or disables auto initiation. In order to enable auto initiation, enter 1. In order to disable it, enter 0.
- AutoInitiationRetryInterval—specifies the number of minutes to wait before you retry an auto initiation connection. The range is one to 10 minutes or five to 600 seconds. If you do not include this parameter in the file, the default retry interval is one minute.
- AutoInitiationRetryIntervalType—specifies whether the retry AutoInitiationRetryInterval parameter is displayed in minutes or seconds. The default is minutes.
- AutoInitiationList—provides a series of section names, each of which contains a network address, a subnet mask, a connection entry name, and optionally, a connect flag. You can include a maximum of 64 section (network) entries.
- The section name is the name of an entry in the auto initiation list (within brackets).
- The network and subnet mask identify a subnet.
- The connection entry specifies a connection profile (.pcf file) configured for auto initiation.
- The connect flag, if present, indicates the action to take if there is a match. If the Connect parameter is set to 1, the VPN Client should auto initiate; if 0, the VPN Client should not auto initiate. The default setting is 1. This parameter is optional. You can use it to exclude certain network ranges from auto initiation. For example, you can address a situation where Mobile IP and VPN software clients co-exist on client PCs and you want the VPN Client to auto initiate when not on a corporate subnet.
Refer to this example of vpnclient.ini File for Auto Initiation:
A sales manager travels among three locations, for example, Chicago, Denver, and Laramie, within a corporation, attends sales meetings, and wants to securely and easily initiate a wireless connection at these locations. The vpnclient.ini contains the entries shown in this example. The connection entry named in each network section points to the profile of the individual(.pcf) for that on-site wireless LAN network.
ConnectionEntry=Chicago (points to a connection profile named chicago.pcf)
ConnectionEntry=Denver (points to a connection profile named denver.pcf)
ConnectionEntry=Laramie (points to a connection profile named laramie.pcf)