Andrew,

I have installed the Anyconnect VPN client on Windows XP. Launched the client and entered the hostname.

Then it displayed me the credentials to be entered along with the group name i.e, profile name (it has automatically picked up the profile name).

But, when i entered the username and password, it displayed me a banner( which is present in the group policy). I accepted it, but it immedialtely throws me a warning saying "VPN establishment capability from a remote desktop is disabled.A VPN connection will not be established". When i googled for this, i got a work around saying

"To get this to work you'll probably want the latest AnyConnect client, and  you'll need to modify the AnyConnectProfile.tmpl file. The file can be found on  your machine (once the client is installed). It's an XML-based file, and  contains a setting called 'WindowsVPNEstablishment'. Modify the setting to say  'AllowRemoteUsers' instead of 'LocalUsersOnly".

But, in my Windows XP Any connect xml profile, i haven't found a setting "WindowsVPNEstablishment".

Below is the content present in the any connect client xml profile. (C:\Documents and Settings\username\Local Settings\ApplicationData\Cisco\Cisco AnyConnect VPN Client\preferences.xml).

<?xml version="1.0" encoding="UTF-8"?>

<AnyConnectPreferences>

<DefaultUser>huhaha1</DefaultUser>

<DefaultSecondUser></DefaultSecondUser>

<ClientCertificateThumbprint></ClientCertificateThumbprint>

<ServerCertificateThumbprint>ADE9105877731C23CF697CA9318C812D917B36C2</ServerCertificateThumbprint>

<DefaultHost>10.204.124.71</DefaultHost>

<DefaultGroup>AnyConnect_Client</DefaultGroup>

<ProxyHost></ProxyHost>

<ProxyPort></ProxyPort>

<SDITokenType>none</SDITokenType>

<ControllablePreferences></ControllablePreferences>

</AnyConnectPreferences>

Thanks,

Rahul