ā12-24-2009 02:13 PM
Hi all,
I have installed windows7 prof 64bit primary OS. Also I am using Windows XP on virtual PC. When I try to connect VPN through the XP. I got the below error VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established.
Pls help me to fix this.
ā12-24-2009 04:55 PM
To get this to work you'll probably want the latest AnyConnect client, and you'll need to modify the AnyConnectProfile.tmpl file. The file can be found on your machine (once the client is installed). It's an XML-based file, and contains a setting called 'WindowsVPNEstablishment'. Modify the setting to say 'AllowRemoteUsers' instead of 'LocalUsersOnly'.
You may be able to save the file and connect without a problem. However, I had to push the modified template from the ASA to the client to get it working properly.
When you've modified the AnyConnectProfile.tmpl with the necessary changes, upload that modified file to the ASA using the CLI (tftp) or ASDM. A good place is just "disk0:/AnyConnectProfile.tmpl".
In the webvpn config mode, create a new profile using that file:
ciscoasa(config)# webvpn
ciscoasa(config-webvpn)# svc profiles MY-PROFILE disk0:/AnyConnectProfile.tmpl
Next, you'll need to associate this profile on either a per-group or per-user basis, or both:
ciscoasa(config)# username testuser attributes ciscoasa(config-username-attributes)# webvpn ciscoasa(config-username-webvpn)# svc profiles value MY-PROFILE *OR* ciscoasa(config)# group-policy my-vpn-group attributes ciscoasa(config-group-attributes)# webvpn ciscoasa(config-group-webvpn)# svc profiles value MY-PROFILE
The next time you connect with the AnyConnect VPN client, the new profile should be downloaded and applied immediately. The changes you made to AllowRemoteUsers should allow you to connect via your RDP session without error.
- James
ā12-25-2009 05:01 AM
Hi,
Thanks for your answer.I forgot to mension that I am using cisco anytime web client. So each time when I connect using IE URL. It will download any connect.
Where the file will be stored ?
Regards,
Raghu
ā12-25-2009 05:20 PM
I'm not sure where the file is stored, but you can just search for it on your machine and it should be there after the client has been installed the first time. If the client is being installed every time you hit the URL in the browser, your best bet is to push the modified template out to the clients upon connecting, as I described in my original reply.
Good luck!
James
ā11-17-2015 11:44 PM
On windows machine the profile file is usually stored at:
C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
ā12-20-2011 02:41 AM
If your using the version 3 of the client, I don't think the
AnyConnectProfile.tmpl file exists anymore, heres how I solved the problem with version 3,
Pete
ā11-17-2015 07:10 PM
Hello Pete,
I actually tried your suggestion to no avail. I am still looking for a fix. I am using ASA version 8.4(7)26 and Cisco AnyConnect anyconnect-win-3.1.10010-k9.pkg
132 -rwx 2137 23:52:56 Sep 23 2014 RA-SSL-Profile.xml
group-policy AnyConnect-GROUP internal
group-policy AnyConnect-GROUP attributes
dns-server value x.x.x.x
vpn-simultaneous-logins 1
vpn-idle-timeout 1440
vpn-filter value VPN_RESTRICT
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_Split_Tunnel
webvpn
anyconnect modules value dart
anyconnect profiles value RA-SSL-Profile type user
ā11-18-2015 10:56 AM
I take this back. It is working. I am not sure why I coudln't get it to work in the past or if I changed anything in the config between then. in any case, it is working.
ā08-10-2016 12:12 PM
What was the final configuration? I applied what they suggested with no luck. My VPN with Windows XP Mode won't connect, any ideas?
Thanks
ā08-23-2016 07:17 AM
All this can now be done in the ASDM in the profile editor!!!!!
Pete
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide