Re: Cisco anyconnect User authentication and authorization with Cisco ASA using RADIUS server group
I have installed the Anyconnect VPN client on Windows XP. Launched the client and entered the hostname.
Then it displayed me the credentials to be entered along with the group name i.e, profile name (it has automatically picked up the profile name).
But, when i entered the username and password, it displayed me a banner( which is present in the group policy). I accepted it, but it immedialtely throws me a warning saying "VPN establishment capability from a remote desktop is disabled.A VPN connection will not be established". When i googled for this, i got a work around saying
"To get this to work you'll probably want the latest AnyConnect client, and you'll need to modify the AnyConnectProfile.tmpl file. The file can be found on your machine (once the client is installed). It's an XML-based file, and contains a setting called 'WindowsVPNEstablishment'. Modify the setting to say 'AllowRemoteUsers' instead of 'LocalUsersOnly".
But, in my Windows XP Any connect xml profile, i haven't found a setting "WindowsVPNEstablishment".
Below is the content present in the any connect client xml profile. (C:\Documents and Settings\username\Local Settings\ApplicationData\Cisco\Cisco AnyConnect VPN Client\preferences.xml).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...