The new Cisco AnyConnect ver 3.1.10010, does not allow a VPN connection during an RDP session in Windows 10 Pro. ( Remote Desktop / Terminal Services )
The old Cisco VPN Client which allowed VPN from an RDP session does not work in a Windows 10 environment.
Error message is:
"VPN establishment capability from a remote desktop is disabled. A VPN connection wil not be established"
I have looked in the ELS-IMelAde-TCP.XML connection profile and the settings seem to allow it according to the Cisco VPN XML Reference ( Table A-19 ) <WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement> <WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
AnyConnect works perfectly on same Windows 10 PC with normal local log on.
Any suggestions or settings to enable VPN from RDP session?
Sorry but the split tunnel bit is done on the VPN server side only. The setting can be inferred from a connected client by lookig at the VPN details and seeing if all routes (0.0.0.0/0) or not are being pushed to the client.
Also, changing your xml profile locally does not work in general because the ASA will check your local file hash at the time of connection. If it is found to be different than that of the profile stored on the ASA, it will overwrite your local copy with a fresh updated one from the ASA.
This ensures that the administrator policy settings are always the ones used by all clients.
p.s. You may want to redact your organization's host address out of your posting.
Just want to say you have been a great help. I run an OpenVPN server for my small business, so have some basic VPN Server/Client config knowledge. AnyConnect is new to me.
In this case I am only the client, and the AnyConnect VPN server is controlled by the Australian Tax Office, that was the host XXXX in the profile above.
We had to use the new AnyConnect VPN client software as the older Cisco VPN is not supported in Windows 10. When we upgraded to Windows 10 Pro we then lost VPN ability during RDP sessions, a very important productivity feature for our remote latop access.
Apparently AnyConnect VPN client will work with a hosted windows server provider. I suspect the AnyConnect VPN server pushes a profile that recognises a hosted Windows Server. This must allow simlutaneous VPN/RDP as RDP is needed to access the hosted terminal server.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...