VPN establishment capability from a remote desktop is disabled
Hello, maybe someone can help me in this very strange case.
We have situation, where we need to connect via RDP to Win10 PC station and then from this PC via AnyConnect VPN to MX64 device. But it is not working, there is some error like: VPN establishment capability from a remote desktop is disabled.
If we are going directly from win10 pc to MX device, everything works fine.
I have read some articiles about VPN profile editor, so i have changed <WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment> in profile.xml section, but without success.
You are right that you need the "AllowRemoteUsers" option. I'm thinking the change has not taken correctly. Perhaps double check the XML syntax in the profile to make sure it is well formed. Note that you often need to restart the AnyConnect service after making a profile change to make it re-read it.
I am having the same issue while using RDP. I have tried both modifying the XML manually and and using the Cisco profile editor that is downloadable off the Meraki Anyconnect page in the dashboard. Same results and yes I am restarting the AnyConnect client service. Anyone able to get this to work? Really need to ba able to do this from a PC on one client and a terminal server on another.
PhilipDAth, If this is working for you can you post the exact syntax you are using in your profile and the version of client you are using? I have checked both the Windows 10 and 11 pc's I am testing on and the only copy of it is in the profile directory. Mine reads <WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
The client I am running is 4.10 downloaded from the Meraki Dashboard.
I was not able to get it to work either. I opened a case with Meraki and sent them my config files and they said my files worked for them. I tried my files on more than one MX and more than one PC using RDP with no success.I was then told I would need to open a case with Cisco support for AnyConnect and have them look into it. I do not have the extra time to do this.