Hi,
When users are trying to get connected to VPN from Remote machines. They are getting below Err. Some one could help me in fixing this issue by command line.
"VPN Establishment capability from a Remote Desktop is disabled. A VPN Connection will not be established"
Thanks
Sachin M
Solved! Go to Solution.
Hi Sachin,
By default, only local users may connect via any connect client. You would need to edit the anyconnect client profile. Please change the WindowsVPNEstablishment parameter to "AllowRemoteUsers" instead of "LocalUsersOnly.
Please refer the below document for more information.
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac13vpnxmlref.html#wp1070852
Regards,
Jagrati
Hi Sachin,
By default, only local users may connect via any connect client. You would need to edit the anyconnect client profile. Please change the WindowsVPNEstablishment parameter to "AllowRemoteUsers" instead of "LocalUsersOnly.
Please refer the below document for more information.
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac13vpnxmlref.html#wp1070852
Regards,
Jagrati
Any documents that detailed this for FTD/FMC ? I am not sure if this is even allowed on the FTD ?This is the case with the Firepower as well. Is there a similar workaround for the FTD/FMC ?
It's an AnyConnect VPN profile issue. Those are used on both ASA and FTD devices. The only difference is there is not a profile editor built into FMC (or FDM) and you have to edit them using the standalone profile editor and then upload to FMC (or FDM).
Interesting...Marvin can I make a specific profile for some users to permit this > but still keep the more restrictive profile in the FTD ?
.