Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Starting AnyConnect VPN through RDP Session

Hi,

We have AnyConnect (ver 3.1.01065) configured on our ASA5520 boxes. VPN is working fine from the desktop, but I also need the ability to establish a VPN connection through a RDP connection (i.e. I'm using RDP to connect to a PC which has AnyConnect installed on, then trying to establish a VPN connection).

I've downloaded the Cisco VPN Profile Editor, chaned the <WindowsVPNEstablishment> option to "AllowRemoteUsers". Then applied the profile to the relevant Group Policy. Connected VPN from the PC (not through RDP), so that it downloads the new profile, and then disconnected again.

However, I still can't start VPN through an RDP connection. (Error is "VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established".)

I've checked the XML file on the local PC to confirm the profile has been downloaded (and is has, and I can see the AllowRemoteUsers option.

This also happened with the previous version of AnyConnect (3.0.xxxx).

The PC's local routing tables look fine, and I can't see any conflicts that would cause the RDP session to drop.

Also - If I connect VPN, then RDP onto the PC, both the VPN and RDP sessions work fine.

Any ideas would be appreciated!

Thanks

Tony

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Starting AnyConnect VPN through RDP Session

Hi Tony,

For this to work both, the ASA and the client must have the same XML profile.

I just tested this with AC 3.1 and ASA 8.4 and it worked just fine.

I  am including the XML file.

*BTW, make sure the profile is assigned to the correct group-policy.

HTH.

Portu.

Please rate any helpful posts

4 REPLIES

Re: Starting AnyConnect VPN through RDP Session

Hi Tony,

For this to work both, the ASA and the client must have the same XML profile.

I just tested this with AC 3.1 and ASA 8.4 and it worked just fine.

I  am including the XML file.

*BTW, make sure the profile is assigned to the correct group-policy.

HTH.

Portu.

Please rate any helpful posts

New Member

Re: Starting AnyConnect VPN through RDP Session

Hi Portu,

Thanks for your reply, and thanks for confirming that it works with AC 3.1 and ASA 8.4 (I'm using the same ASA version).

It looks like the issue was that I created the profile with the standalone Cisco VPN Profile Editor, saved it, uploaded it to the ASA, I then added a new profile on the ASA (in the Cisco AnyConnect Profiles section), and specified the file... however, it appears that I over wrote the uploaded profile, as the WindowsVPNEstablishment was set to LocalUsers. Once I changed it to AllowRemoteUsers and applied the config, then deleted the profiles from the client, it worked!

Simple mistake - but easily done!!

Thanks again

Tony

Re: Starting AnyConnect VPN through RDP Session

Tony,

You are welcome!

Have a good one

New Member

Thanks, Tony, this helped me.

Thanks, Tony, this helped me.  Editing the profile worked.

 

Regards,
Jay McMickle- 2x CCIE #35355 (R/S,Sec)

22338
Views
15
Helpful
4
Replies