How to enable Cisco Anyconnect VPN through Remote Desktop


Problem:

RDP not working over VPN? Getting this error message?

VPN Establishment capability from a Remote Desktop is disabled. A VPN Connection will not be established.

Solution:

By default, VPN establishment capability is disabled once you remote into a remote desktop session. To enable Cisco Anyconnect VPN through a remote desktop you must first create an Anyconnect Client Profile.

The client profile is basically a XML file that gets pushed out to the client upon VPN establishment. This XML file can be created using a text editor or ASDM. I wouldn’t recommend using anything but the ASDM to create this file as you will see.

  1. To create this profile, launch ASDM > Remote Access VPN > Expand Network (Client) Access > Anyconnect Client Profile.asaclientprofile1
  2. Click Add to create a profile
  3. Give the profile a name and select the VPN group policy it applies to.asaclientprofile2
  4. *IMPORTANT* Once you select OK make sure you click APPLY so the xml gets created. This needs to be done before you can edit the profile
  5. Next, edit the profile > Under Preferences (Part 1) > Windows VPN Establishment > Select “AllowRemoteUsers” > then hit OK.
  6. Make sure you click apply once more and save your changes.asaclientprofile3
  7. Next remote desktop and try connecting to the VPN!
Related Posts with Thumbnails

About the Author

Alfred Tong
Author and owner of this blog. A Networking enthusiast, full time networking and systems Engineer. Generally curious about all things IT. Certifications: GIAC GSEC, CCNP-S, CCNP, CCSP, CCDP, CCNA, RHCE, JNCIA - FWV