Apple - How do you get a Cisco VPN connection to remember its password?

I guess you are using anyconnect to connect to the Cisco VPN server. AnyConnect can also be used from Terminal. This works on macOS Sierra and AnyConnect 3.1.14018. Create a bash script with the following command:

/opt/cisco/anyconnect/bin/vpn connect your-vpn.server.here -s <.credentials

And put the login details in the file .credentials with the following three lines:

0
your-username
your-password

Don't forget to put reasonable permissions on the files.

From reading your question I get the impression that you're doing everything correctly and the Cisco VPN Server has the option to allow saving of passwords client-side set to disallow.

I know for certain that such a setting exists.

Both answers here as I write this have the right of it, but the existence of the vpn command line means that we can get around this user-hostile design with expect. Thanks go to the previous answerers, GhostLyrics for revealing the existence of the server side option that turns off password saving, and Hans for revealing the vpn command line client.

Create a file that looks like this:

#!/usr/bin/expect --
set timeout 10
set addr ""  # VPN Host
set user ""  # Username
set pass ""  # Password (ensure that special characters are escaped)
set group "" # Group NUMBER shown in connect prompt


spawn /opt/cisco/anyconnect/bin/vpn connect $addr
expect "\r\nGroup:*"
send -- "$group\r"
expect "\r\nUsername:*"
send -- "$user\r"
expect "Password: "
send -- "$pass\r"
expect eof

Fill out the set fields as normal. If your VPN is like mine, you're given a list of "groups" when you run the vpn connect. Run this once by hand, and note which number corresponds to the group you want to connect with. It won't change between runs unless the admins add/remove groups. You can't use the name here, the program expects a number.

Once everything is filled in, chmod +x this script and run it. I am now able to connect to my VPN, hands free!