We have AnyConnect (ver 3.1.01065) configured on our ASA5520 boxes. VPN is working fine from the desktop, but I also need the ability to establish a VPN connection through a RDP connection (i.e. I'm using RDP to connect to a PC which has AnyConnect installed on, then trying to establish a VPN connection).
I've downloaded the Cisco VPN Profile Editor, chaned the <WindowsVPNEstablishment> option to "AllowRemoteUsers". Then applied the profile to the relevant Group Policy. Connected VPN from the PC (not through RDP), so that it downloads the new profile, and then disconnected again.
However, I still can't start VPN through an RDP connection. (Error is "VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established".)
I've checked the XML file on the local PC to confirm the profile has been downloaded (and is has, and I can see the AllowRemoteUsers option.
This also happened with the previous version of AnyConnect (3.0.xxxx).
The PC's local routing tables look fine, and I can't see any conflicts that would cause the RDP session to drop.
Also - If I connect VPN, then RDP onto the PC, both the VPN and RDP sessions work fine.
Thanks for your reply, and thanks for confirming that it works with AC 3.1 and ASA 8.4 (I'm using the same ASA version).
It looks like the issue was that I created the profile with the standalone Cisco VPN Profile Editor, saved it, uploaded it to the ASA, I then added a new profile on the ASA (in the Cisco AnyConnect Profiles section), and specified the file... however, it appears that I over wrote the uploaded profile, as the WindowsVPNEstablishment was set to LocalUsers. Once I changed it to AllowRemoteUsers and applied the config, then deleted the profiles from the client, it worked!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...