My university uses Cisco's proprietary VPN protocol and urges its users to use Cisco's proprietary VPN client software. Since I'm a GNU/Linux user, I didn't want to use those clumsy applications that didn't integrate well with my Gnome or KDE desktop. First, I used vpnc on the command line (see details on how to set it up for my university). Then, when NetworkManager became usable and allowed me to configure my VPN connections in a GUI, I used the tool cisco-decrypt (also included in most GNU/Linux distributions' vpnc package) to decrypt the obfuscated group password included in the Cisco VPN connection profile file (*.pcf).
I was so used to the later procedure that I didn't realise that in the meantime, NetworkManager and in particular its KDE variant KNetworkManager has an import option that allows one to set up a new connection profile with a *.pcf file.
During the import, cisco-decrypt is called to unscramble the obfuscated group password. Voilà, the connection profile is almost ready - all that's missing is your username and password.
That's very elegant. But is this feature really that obvious? If not, then you might have ended up here :-)