06-07-2016 04:14 AM - edited 03-12-2019 12:51 AM
Hi,
When users are trying to get connected to VPN from Remote machines. They are getting below Err. Some one could help me in fixing this issue by command line.
"VPN Establishment capability from a Remote Desktop is disabled. A VPN Connection will not be established"
Thanks
Sachin M
Solved! Go to Solution.
06-07-2016 05:14 AM
Hi Sachin,
By default, only local users may connect via any connect client. You would need to edit the anyconnect client profile. Please change the WindowsVPNEstablishment parameter to "AllowRemoteUsers" instead of "LocalUsersOnly.
Please refer the below document for more information.
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac13vpnxmlref.html#wp1070852
Regards,
Jagrati
06-07-2016 05:14 AM
Hi Sachin,
By default, only local users may connect via any connect client. You would need to edit the anyconnect client profile. Please change the WindowsVPNEstablishment parameter to "AllowRemoteUsers" instead of "LocalUsersOnly.
Please refer the below document for more information.
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac13vpnxmlref.html#wp1070852
Regards,
Jagrati
02-27-2019 11:19 PM
11-13-2020 07:27 AM - edited 11-13-2020 08:08 AM
Any documents that detailed this for FTD/FMC ? I am not sure if this is even allowed on the FTD ?This is the case with the Firepower as well. Is there a similar workaround for the FTD/FMC ?
03-10-2021 04:17 AM
It's an AnyConnect VPN profile issue. Those are used on both ASA and FTD devices. The only difference is there is not a profile editor built into FMC (or FDM) and you have to edit them using the standalone profile editor and then upload to FMC (or FDM).
03-10-2021 07:25 AM
Interesting...Marvin can I make a specific profile for some users to permit this > but still keep the more restrictive profile in the FTD ?
11-13-2020 07:52 AM - edited 11-13-2020 08:07 AM
.
07-26-2023 03:18 AM
Hello I have same issue. How can I make it possible to allow remote users if I dont use Client Profiles? Can I enable it globaly for all Group Policies?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide