We have AnyConnect (ver 3.1.01065) configured on our ASA5520 boxes. VPN is working fine from the desktop, but I also need the ability to establish a VPN connection through a RDP connection (i.e. I'm using RDP to connect to a PC which has AnyConnect installed on, then trying to establish a VPN connection).
I've downloaded the Cisco VPN Profile Editor, chaned the <WindowsVPNEstablishment> option to "AllowRemoteUsers". Then applied the profile to the relevant Group Policy. Connected VPN from the PC (not through RDP), so that it downloads the new profile, and then disconnected again.
However, I still can't start VPN through an RDP connection. (Error is "VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established".)
I've checked the XML file on the local PC to confirm the profile has been downloaded (and is has, and I can see the AllowRemoteUsers option.
This also happened with the previous version of AnyConnect (3.0.xxxx).
The PC's local routing tables look fine, and I can't see any conflicts that would cause the RDP session to drop.
Also - If I connect VPN, then RDP onto the PC, both the VPN and RDP sessions work fine.
Any ideas would be appreciated!
For this to work both, the ASA and the client must have the same XML profile.
I just tested this with AC 3.1 and ASA 8.4 and it worked just fine.
I am including the XML file.
*BTW, make sure the profile is assigned to the correct group-policy.
Please rate any helpful posts