Showing results for 
Search instead for 
Did you mean: 

Starting AnyConnect VPN through RDP Session on Cisco 891


I have AnyConnect (ver 3.1.01065) configured on Cisco router 891. VPN is working fine from the desktop, but I also need the ability to establish a VPN connection through a RDP connection (i.e. I'm using RDP to connect to a PC which has AnyConnect installed on, then trying to establish a VPN connection). OS Windows 7 SP1 x86.

I've read about changing some settings in profile file (changed the <WindowsVPNEstablishment> option to "AllowRemoteUsers". Then applied the profile to the relevant Group Policy. Connected VPN from the PC (not through RDP), so that it downloads the new profile, and then disconnected again.):

But this make sense to the cisco asa... I have a cisco router on the ios 15.1. I've checked the XML file on the local PC to confirm the profile has been downloaded and is has, and I can't see the AllowRemoteUsers option.

So I still can't start VPN through an RDP connection. (Error is "VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established".)

This also happened with the previous version of AnyConnect (2.5.xxxx).

The PC's local routing tables look fine, and I can't see any conflicts that would cause the RDP session to drop.

In the main window of Cisco anyconnect secure mobility client I\ve noticed label: Web Authentication required. Does configuration webvpn of the cisco IOS is need somthing changins maybe? But I dont know what...

Any ideas would be appreciated!


Сообщение отредактировал: Maxim Bezzubov


Starting AnyConnect VPN through RDP Session on Cisco 891

Hi Maxim,

have the same problem, and could fix it.

Cisco 19XX Router and 15.2  IOS.

I create a profile with the profile editor. Good description can be found here

I upload the xml file to the router.

First copy from a tftp/ftp/... to the router flash

Import the profile on the router:

webvpn import svc profile newprofile flash:/profile1.xml

and assoc it to the corosponding context

webvpn context XYZ



policy group policy_1

  svc profile newprofile

On the client pc you don't need to do anything. Start Anyconnect, assoc to your vpn server, and check under

C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile (for wind 7) if the profile from router is downloaded.

Pls rate if helpful :-)