Cisco AnyConnect Client + Remote Desktop / Virtual Machine

Unanswered Question
Dec 12th, 2009
User Badges:


I'm running a virtual machine with Windows XP x86 on Windows 7 Virtual PC x64 and want to connect to our ASA 5505 VPN using AnyConnect 2.4.202.

I set up a new profile with WindowsVPNEstablishment set to AllowRemoteUsers but when trying to establish the VPN connection I get the following error:

VPN establishment capability from a remote desktop is disabled.  A VPN connection will not be established.

I found this posting, but the link posted to a possible solution does not work.

Also does not respond / timeout.

What may I do?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
busterswt Wed, 12/16/2009 - 20:04
User Badges:
  • Bronze, 100 points or more

You'll likely need to push the modified template from the ASA to the client to get it working properly. I set this up this morning and it worked wonderfully.

Since you've modified the AnyConnectProfile.tmpl with the necessary changes, upload that modified file to the ASA using the CLI or ASDM. A good place is just "disk0:/AnyConnectProfile.tmpl".

In the webvpn config mode, create a new profile using that file:

ciscoasa(config)# webvpn

ciscoasa(config-webvpn)# svc profiles MY-PROFILE disk0:/AnyConnectProfile.tmpl

Next, you'll need to associate this profile on either a per-group or per-user basis, or both:

ciscoasa(config)# username testuser attributes
ciscoasa(config-username-attributes)# webvpn
ciscoasa(config-username-webvpn)# svc profiles value MY-PROFILE

ciscoasa(config)# group-policy my-vpn-group attributes
ciscoasa(config-group-attributes)# webvpn
ciscoasa(config-group-webvpn)# svc profiles value MY-PROFILE

The next time you connect with the AnyConnect VPN client, the new profile should be downloaded and applied immediately. The changes you made to AllowRemoteUsers should allow you to connect via your RDP session without error.

Good luck!



This Discussion

Related Content