cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

95704
Views
35
Helpful
6
Replies
sachin.m033
Beginner

How to enable Cisco Anyconnect VPN through Remote Desktop

Hi,

When users are trying to get connected to VPN from Remote machines. They are getting below Err. Some one could help me in fixing this issue by command line.

"VPN Establishment capability from a Remote Desktop is disabled. A VPN Connection will not be established"

Thanks 

Sachin M

1 ACCEPTED SOLUTION

Accepted Solutions
jagraaga
Cisco Employee

Hi Sachin,

By default, only local users may connect via any connect client. You would need to edit the anyconnect client profile. Please change the  WindowsVPNEstablishment parameter to "AllowRemoteUsers" instead of "LocalUsersOnly.

Please refer the below document for more information.

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac13vpnxmlref.html#wp1070852

Regards,

Jagrati

View solution in original post

6 REPLIES 6
jagraaga
Cisco Employee

Hi Sachin,

By default, only local users may connect via any connect client. You would need to edit the anyconnect client profile. Please change the  WindowsVPNEstablishment parameter to "AllowRemoteUsers" instead of "LocalUsersOnly.

Please refer the below document for more information.

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac13vpnxmlref.html#wp1070852

Regards,

Jagrati

Hi Jagraaga,

By default, only local users may connect via any connect client. You would need to edit the anyconnect client profile. Please change the WindowsVPNEstablishment parameter to "AllowRemoteUsers" instead of "LocalUsersOnly.

After Changed to "AllowRemoteUsers" what I have to do? Please assist me as soon as possible.

Thanks & Regards,

Likith Pallela

Any documents that detailed this for FTD/FMC ? I am not sure if this is even allowed on the FTD ?This is the case with the Firepower as well. Is there a similar workaround for the FTD/FMC ?

Marvin Rhoads
VIP Community Legend

It's an AnyConnect VPN profile issue. Those are used on both ASA and FTD devices. The only difference is there is not a profile editor built into FMC (or FDM) and you have to edit them using the standalone profile editor and then upload to FMC (or FDM).

Interesting...Marvin can I make a specific profile for some users to permit this > but still keep the more restrictive profile in the FTD ?

.

Create
Recognize Your Peers
Content for Community-Ad