06-11-2024 04:38 PM
Hi,
I've successfully set up the Identity Services Engine sandbox and attempted to connect to the VPN.
Once I've downloaded Cisco AnyConnect and tried to establish a connection, it fails with the following error: "VPN establishment capability for a remote user is disabled. A VPN connection will not be established."
URL: devnetsandbox-usw1-reservation.cisco.com:20285
user: tall27
Should should I check,
Thank you!
06-12-2024 01:52 AM
You can test this by getting another sandbox and seeing if this a sandbox issue or your network. The error "VPN establishment capability for a remote user is disabled. A VPN connection will not be established" can also be caused by blocked ports on your network. Cisco AnyConnect uses specific ports to establish a VPN connection. If these ports are blocked by your network firewall or router, the connection will fail.
Here are the default ports used by Cisco AnyConnect:
Hope this helps.
06-12-2024 08:01 AM - edited 06-12-2024 08:03 AM
I thought "...VPN establishment capability for a remote user is disabled..." describe the problem (isn't it?)
Is there anyone on Cisco Labs who can check it ?
thanks,
Tal
P.S. I already established a new sandbox environment, and have tried from different windows boxes.
06-12-2024 09:20 AM
By chance are you trying this from a VM within your machine?
06-12-2024 09:56 AM
One time it was win 2022 running in AWS, the other environment runs Win 10 in my VMWare workstation on Windows 11.
for the second option I use:
06-12-2024 10:24 AM
Got it. I’ve seen this a few times from folks, but never seen a real fix. Some people have said to adjust the xml on the WindowsVPNEstablishment setting but I've never got this to work. Check this page as it says you can modify the on the client side. https://www.petenetlive.com/KB/Article/0000546 - but I’ve not seen this work so far with the sandbox.
Otherwise this is not supported on the sandbox environment.
Hope this helps.
06-12-2024 10:46 AM
Ha Ha,
you show how to update a connection profile on Cisco termination device I have no access to.... it is Cisco devnetsandbox environment.
Is there a way to get attention anyone from Cisco DevNetSandbox team to see if the script that adds user to the correct group still runs as expected ?
Tal
06-12-2024 10:54 AM
06-13-2024 01:28 AM
Correct you need to either try and modify your local xml file for your anyconect client, as the only way to allow this is to change/update the firewall side, which is own by Cisco.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide