Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Re: Cisco anyconnect User authentication and authorization with Cisco ASA using RADIUS server group

Andrew,

I have installed the Anyconnect VPN client on Windows XP. Launched the client and entered the hostname.

Then it displayed me the credentials to be entered along with the group name i.e, profile name (it has automatically picked up the profile name).

But, when i entered the username and password, it displayed me a banner( which is present in the group policy). I accepted it, but it immedialtely throws me a warning saying "VPN establishment capability from a remote desktop is disabled.A VPN connection will not be established". When i googled for this, i got a work around saying

"To get this to work you'll probably want the latest AnyConnect client, and  you'll need to modify the AnyConnectProfile.tmpl file. The file can be found on  your machine (once the client is installed). It's an XML-based file, and  contains a setting called 'WindowsVPNEstablishment'. Modify the setting to say  'AllowRemoteUsers' instead of 'LocalUsersOnly".

But, in my Windows XP Any connect xml profile, i haven't found a setting "WindowsVPNEstablishment".

Below is the content present in the any connect client xml profile. (C:\Documents and Settings\username\Local Settings\ApplicationData\Cisco\Cisco AnyConnect VPN Client\preferences.xml).

<?xml version="1.0" encoding="UTF-8"?>

<AnyConnectPreferences>

<DefaultUser>huhaha1</DefaultUser>

<DefaultSecondUser></DefaultSecondUser>

<ClientCertificateThumbprint></ClientCertificateThumbprint>

<ServerCertificateThumbprint>ADE9105877731C23CF697CA9318C812D917B36C2</ServerCertificateThumbprint>

<DefaultHost>10.204.124.71</DefaultHost>

<DefaultGroup>AnyConnect_Client</DefaultGroup>

<ProxyHost></ProxyHost>

<ProxyPort></ProxyPort>

<SDITokenType>none</SDITokenType>

<ControllablePreferences></ControllablePreferences>

</AnyConnectPreferences>

Thanks,

Rahul

Everyone's tags (1)
1 REPLY
New Member

Re: Cisco anyconnect User authentication and authorization with

Hi Rahul,

Please check this guide for more Cisco Anyconnect-related configuration options:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect23/administration/23adminapa.pdf

Search inside for "LocalUsersOnly". You will find the line:

LocalUsersOnly

Use this in your xml profile:

AllowRemoteUsers

Hope this helps,

Emanuel.

2008
Views
0
Helpful
1
Replies