Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
1
Helpful
2
Replies

Anyconnect issue

Loc120287
Level 1
Level 1

‎04-11-2025 12:46 PM

Hi,

I have an issue with Anyconnect.

When I try from my laptop from my home network to testsitevpn below, it works.  It meants my account and the testsitevpn are working well.

However, I try to test it from a window VM from my client's network, I got the issue below. 

Loc120287_0-1744400285269.png

I manage both testsitevpn's network and my client's network.

What do you think where is the issue, testsitevpn's firewall or client's firewall or the window VM ?

Thanks

Loc

Labels:
0 Helpful
2 Replies 2

marce1000
Hall of Fame
Hall of Fame

‎04-12-2025 12:11 AM

 

          - FYI :  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs72872

   M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Jonatan Jonasson
Level 4
Level 4

‎04-12-2025 03:33 AM

By default, AnyConnect doesn't allow connections from a machine that you're logged into via Remote Desktop (RDP).

Unfortunately, this is expected behaviour IF the VPN headend isn't providing a VPN (XML) profile for the connection.
Having a VPN profile is valuable for a number of reasons and ease of use, and including to allow VPN from RDP connected machines.

If you don't have a profile, and if you're not in a position to have one deployed, the other workaround is to log in to the machine using console via vsphere/vcenter or similar, whatever the virtual environment is, before starting the VPN connection.
As mentioned in the bug ID that M. referenced.

Keep in mind though, when using HyperV, that using console with "enhanced session" is essentially a RDP session.

If you manage the headend, or you can influence the setup on the headend, there are some guides how to configure profiles.
With that in mind, here's a Cisco document based on the error message you had, describing how the profile config should be when configured from the headend:
https://www.cisco.com/c/en/us/support/docs/security/secure-access/221175-troubleshoot-secure-access-error-vpn-es.html

In the XML profile you would see the following value:
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>

---
Please mark helpful answers & solutions
---
Customers Also Viewed These Support Documents