Cisco Anyconnect: Vpn establishment capability from a remote desktop is disabled
I need to run Cisco AnnyConnect from a VM in a data center. When I run it I get this message:
Vpn establishment capability from a remote desktop is disabled
Can this be turned off? I saw some posts about it, but required downloading Cisco software with an account, which I do not have. The VPN software is from a client I work for.
I've found a workaround for this problem when there is no access to VPN server settings:
- set up Teamviewer
- disconnect RDP
- connect via Teamviewer
- connect to VPN in remote session
- disconnect Teamviewer
- connect via RDP
- continue working as used to
It really depends on the version you are using, but nowadays this is done by creating an AnyConnect Client Profile
on the ASA itself.
By default the policy will be set to LocalUsersOnly
and you need to change it to AllowRemoteUsers
.
You'll need access to the ASA though (ASDM) in order to do this.
The steps would be:
- Log into the ASDM
- Go to Configuration, Remote Access VPN, Anyconnect Client Profile
- Click Add and create a new profile and choose the Group Policy it should apply to
- Click OK, and then at the Profile screen click "Apply" at the bottom (important)
- Now edit the profile, and you should see under the Preferences, Windows VPN Establishment you can select "AllowRemoteUsers" and hit OK
- Apply once more and then save/writemem
- That's it, RDP and try again
If you don't have access to the ASA, the best I can suggest is to use a different type of remote connection like VNC or Teamviewer as they will allow you to use the VPN.
Connect to your computer via RDP. Create connect.dat file as following, finishing it with extra empty line (must-have requirement, sic!):
connect your-VPN-server-here
your-username-here
your-password-here
Then create connect.cmd file as following
for /f "tokens=3 delims= " %%G in ('tasklist /FI "IMAGENAME eq tasklist.exe" /NH') do SET RDP_SESSION=%%G
Rundll32.exe user32.dll, LockWorkStation
tscon.exe %RDP_SESSION% /dest:console
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe" -s <connect.dat
Correct the path to vpncli.exe if necessary. Then terminate VPN UI process (it shouldn't be loaded into memory) and start our CMD file as a local admin.
If you don't mind, full note is here http://windowsasusual.blogspot.ru/2016/10/cisco-anyconnect-vpn-and-remote-desktop.html