Cisco AnyConnect Client + Remote Desktop / Virtual Machine

WALTERGMBH · ‎12-12-2009

Hi,

I'm running a virtual machine with Windows XP x86 on Windows 7 Virtual PC x64 and want to connect to our ASA 5505 VPN using AnyConnect 2.4.202.

I set up a new profile with WindowsVPNEstablishment set to AllowRemoteUsers but when trying to establish the VPN connection I get the following error:

VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established.

I found this posting, but the link posted to a possible solution does not work.

Also http://asapedia.cisco.com/index.php/Launch_anyconnect_within_RDP_session#Solution does not respond / timeout.

What may I do?

Alex

busterswt · ‎12-16-2009

You'll likely need to push the modified template from the ASA to the client to get it working properly. I set this up this morning and it worked wonderfully.

Since you've modified the AnyConnectProfile.tmpl with the necessary changes, upload that modified file to the ASA using the CLI or ASDM. A good place is just "disk0:/AnyConnectProfile.tmpl".

In the webvpn config mode, create a new profile using that file:

ciscoasa(config)# webvpn

ciscoasa(config-webvpn)# svc profiles MY-PROFILE disk0:/AnyConnectProfile.tmpl

Next, you'll need to associate this profile on either a per-group or per-user basis, or both:

ciscoasa(config)# username testuser attributes
ciscoasa(config-username-attributes)# webvpn
ciscoasa(config-username-webvpn)# svc profiles value MY-PROFILE
 
 *OR*

ciscoasa(config)# group-policy my-vpn-group attributes
ciscoasa(config-group-attributes)# webvpn
ciscoasa(config-group-webvpn)# svc profiles value MY-PROFILE

The next time you connect with the AnyConnect VPN client, the new profile should be downloaded and applied immediately. The changes you made to AllowRemoteUsers should allow you to connect via your RDP session without error.

Good luck!

James