Cisco anyconnect VPN client establishment from a remote desktop is disabled.
I have set up an Any connect VPN client profile in ASA 5200. So, before creating an Any connect profile, i have uploaded the Any connect client image into flash (.pkg).It was successfully uploaded.
While creating the profile, i have choosen the AAA server that i created (here its a RADIUS Server), specified the IP pool (192.168.2.x to 192.168.2.x),
and assigned a group policy that i created.
So, in the client side i have installed the Any Connect VPN client in Win XP (version compatible with XP, same as the one that was uploaded into flash).
Entered the IP of ASA in the "connect to" field of Any connect client. So, in the group field, it has auto detected the any connect profile which was created in ASA and i entered username and password and clicked on connect.It has authenticated the user credentials and has displayed the banner present in the group policy.
I accepted the banner, it displayed the security alert,clicked on OK on the alert, immediately after this it has thrown me a warning "VPN establishment capability from a remote desktop is disabled. A VPN coonection will not be established.".
When i click OK on the warning, it has thrown me another warning "Any connect wasn't able to establish a connection to the specified secure gateway.Please try connecting again".
When i searched for this warning, i got a work around which says "you will have to modify the "AnyConnectProfile.tmpl file", which can be found on the machine where the client was installed (its an xml file). You need to change the setting of "'WindowsVPNEstablishment' from "LocalUsersOnly" to "AllowRemoteUsers".
Since i installed the any connect client in XP, i found this xml file in "C:\Documents and Settings\username\Local Settings\ApplicationData\
Cisco\Cisco AnyConnect VPN Client\preferences.xml" . So, is this the same xml file where the change needs to be done? Because, i havent found the setting "WindowsVPNEstablishment" in this xml file.
So, could any one please tell me where can i find this "AnyConnectProfile.tmpl file", if at all this is where the modification needs to be done.
Cisco anyconnect VPN client establishment from a remote desktop
this setting is indeed not in the preferences.xml file, which is used for other settings.
The WindowsVPNEstablishment setting is in the xml profile, which can be found in
c:\documents and settings\all users\application data\cisco\cisco anyconnect vpn client\profile
(path will be different when using Anyconnect 3.x, or when using Vista/Win7, or when using a non-english OS).
If there is a .xml file there, edit it. If there is none, edit the .tmpl file and save it as .xml.
Alternatively, use the profile editor in ASDM to create a profile, and link it to the group-policy. The ASA will then push the profile to the client after it succesfully connects (but so in your case, you would have to first connect without using RDP, to be able to download the profile from the ASA).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :