cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
118246
Views
35
Helpful
7
Replies

How to enable Cisco Anyconnect VPN through Remote Desktop

sachin.m033
Level 1
Level 1

Hi,

When users are trying to get connected to VPN from Remote machines. They are getting below Err. Some one could help me in fixing this issue by command line.

"VPN Establishment capability from a Remote Desktop is disabled. A VPN Connection will not be established"

Thanks 

Sachin M

1 Accepted Solution

Accepted Solutions

jagraaga
Cisco Employee
Cisco Employee

Hi Sachin,

By default, only local users may connect via any connect client. You would need to edit the anyconnect client profile. Please change the  WindowsVPNEstablishment parameter to "AllowRemoteUsers" instead of "LocalUsersOnly.

Please refer the below document for more information.

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac13vpnxmlref.html#wp1070852

Regards,

Jagrati

View solution in original post

7 Replies 7

jagraaga
Cisco Employee
Cisco Employee

Hi Sachin,

By default, only local users may connect via any connect client. You would need to edit the anyconnect client profile. Please change the  WindowsVPNEstablishment parameter to "AllowRemoteUsers" instead of "LocalUsersOnly.

Please refer the below document for more information.

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac13vpnxmlref.html#wp1070852

Regards,

Jagrati

Hi Jagraaga,

By default, only local users may connect via any connect client. You would need to edit the anyconnect client profile. Please change the WindowsVPNEstablishment parameter to "AllowRemoteUsers" instead of "LocalUsersOnly.

After Changed to "AllowRemoteUsers" what I have to do? Please assist me as soon as possible.

Thanks & Regards,

Likith Pallela

Any documents that detailed this for FTD/FMC ? I am not sure if this is even allowed on the FTD ?This is the case with the Firepower as well. Is there a similar workaround for the FTD/FMC ?

It's an AnyConnect VPN profile issue. Those are used on both ASA and FTD devices. The only difference is there is not a profile editor built into FMC (or FDM) and you have to edit them using the standalone profile editor and then upload to FMC (or FDM).

Interesting...Marvin can I make a specific profile for some users to permit this > but still keep the more restrictive profile in the FTD ?

.

Irakli G.
Level 1
Level 1

Hello I have same issue. How can I make it possible to allow remote users if I dont use Client Profiles? Can I enable it globaly for all Group Policies?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: