cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6634
Views
2
Helpful
5
Replies

Secure Client Profile Unable to Add Profile

Bert-At-Work
Level 1
Level 1

Hi, we've had a request to enable access to our remote access VPN from an RDP session running on a virtual machine. The two errors reported are:

"VPN establishment capability for a remote user is disabled. A VPN connection will not be established." And "Cisco Secure Client was not able to establish a connection to the specified secure gateway. Please try connecting again."

From what I read (https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/Cisco-Secure-Client-5/admin/guide/b-cisco-secure-client-admin-guide-5-0/anyconnect-profile-editor.html#ID-1424-00000081), I need to add a secure client profile to allow this capability, yet when I navigate straight to 'ASDM>Remote Access VPN>Network (Client) Access>Secure Client Profile', it does absolutely nothing and I seem stuck on the previous section I'd highlighted. For example, in the screenshot below, you can see that I originally clicked on Network (Client) Access, then I click onto 'Secure Client Profile' to try and add one, and the window pane just fails to update!

BertAtWork_2-1720705595759.png

I have also tried accessing the 'Secure Client Profile' section by editing an existing group policy, but all I get is this below:

BertAtWork_1-1720705186826.png

It's like I need to enable something somewhere, but I'm having trouble identifying, what exactly I need to enable first! From what I gather, there used to be a separate profile editor app, but it has now been rolled up into ASDM. Am I just hitting a bug, or do I need to enable something?

One final question, is it more of a security risk to enable the ability for Remote users to be able to access our VPN via an RDP session on a Virtual Machine, and is that why Cisco decided to leave the default setting to local users only?

Thanks.

1 Accepted Solution

Accepted Solutions

@Bert-At-Work I've seen some ASDM GUI issues in the past. Are you using the correct ASDM version that is compatible with the ASA version you are running? Check the compatiblity guide and upgrade ASDM if required - https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#id_65776

 

View solution in original post

5 Replies 5

@Bert-At-Work I've seen some ASDM GUI issues in the past. Are you using the correct ASDM version that is compatible with the ASA version you are running? Check the compatiblity guide and upgrade ASDM if required - https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#id_65776

 

Bert-At-Work
Level 1
Level 1

Thanks again for the quick reply Rob! Currently on ASA Version 9.18(4)24 and ASDM Version 7.19(1)95. I believe these are compatible:

BertAtWork_0-1720708076688.png

It's an FPR1010.
Sorry, should have said all this before!

@Bert-At-Work

Perhaps the issue relates to https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi75848 although there isn't much detail.

Symptom: ASDM fails to open Anyconnect Profile Editor when CSC version 5.1 is in the Client software.
Conditions: ASA managed by ASDM, Configured to use Cisco Secure Client version 5.1
Workaround: Use version below 5.1

FWIW, the FPR1010 I have here runs ASA 9.20(2)2 and ASDM 7.20(2) and displays the profile editor in ASDM without issue. Perhaps upgrade ASDM to a newer version, this is backwards compatible.

Bert-At-Work
Level 1
Level 1

I'll give that a go Rob. I'll likely report back tomorrow. Appreciate your guidance!

Bert-At-Work
Level 1
Level 1

Forgive the late reply Rob. Once again, you've solved a problem for me! Thank very much