Problem:
RDP not working over VPN? Getting this error message?
VPN Establishment capability from a Remote Desktop is disabled. A VPN Connection will not be established.
Solution:
By default, VPN establishment capability is disabled once you remote into a remote desktop session. To enable Cisco Anyconnect VPN through a remote desktop you must first create an Anyconnect Client Profile.
The client profile is basically a XML file that gets pushed out to the client upon VPN establishment. This XML file can be created using a text editor or ASDM. I wouldn’t recommend using anything but the ASDM to create this file as you will see.
- To create this profile, launch ASDM > Remote Access VPN > Expand Network (Client) Access > Anyconnect Client Profile.
- Click Add to create a profile
- Give the profile a name and select the VPN group policy it applies to.
- *IMPORTANT* Once you select OK make sure you click APPLY so the xml gets created. This needs to be done before you can edit the profile
- Next, edit the profile > Under Preferences (Part 1) > Windows VPN Establishment > Select “AllowRemoteUsers” > then hit OK.
- Make sure you click apply once more and save your changes.
- Next remote desktop and try connecting to the VPN!