By default, VPN establishment capability is disabled once you remote into a remote desktop session. To enable Cisco Anyconnect VPN through a remote desktop you must first create an Anyconnect Client Profile. The client profile is basically a XML file that gets pushed out to the client upon VPN establishment. Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.7. Configure VPN Access. PDF - Complete Book (6.85 MB) PDF - This Chapter (2.23 MB).
Cisco Anyconnect Disables Wireless
I ran into this issue this morning when attempting to setup a VPN on a Hyper-V virtual machine. After an hour of searching the Google machine and troubleshooting, I came upon this solution.
Upon installation, AnyConnect pulls down a profile from the ASA containing several settings. This profile is in xml format and is located (on a Windows machine) at %programdata%CiscoCisco AnyConnect Secure Mobility ClientProfileAnyConnectProfile.xsd.
Anyconnect ssl df-bit-ignore disable. Anyconnect routing-filtering-ignore disable. Smart-tunnel tunnel-policy tunnelall. Always-on-vpn profile-setting. Anyconnect will try to use DTLS (TLS over UDP) whenever it is supported and not blocked by packetfilters on the way. In case it is notsupported or filtered, anyconnect will try to fallback to.
To resolve this issue and connect to your VPN, open this file with notepad (or any text editor, run as admin), search for the 'WindowsVPNEstablishment' tag, and modify the value. The default value is 'LocalUsersOnly', you will need to change it to 'AllowRemoteUsers'. Save and close the file, then restart the machine.
BEFORE:
Cisco Anyconnect Disabled
AFTER:
If you are trying to to use Cisco AnyConnect through a Windows Virtual PC and receiving the following message
VPN establishment capability from remote desktop is disabled. A VPN connection will not be established.
This is what I did to get it functional.
Go to your virtual machines and edit the Settings.
- Under Networking, ensure that you are using Share Networking (NAT)
- Under Integration Features, ensure that Enable at startup is NOT checked
Cisco Anyconnect Disabled Code 22
Now, if you launch your virtual machine Cisco AnyConnect should connect (at least it did for me).
Cisco Anyconnect Start At Boot
That said, having to disable the Integration Features in this manner, to me, is a serious PITA! You can’t even copy/pastes or utilize your main PC’s hard drive to access files… I don’t know the underlying issues, but this to me is a MAJOR problem.