PDF(562.2 KB) View with Adobe Reader on a variety of devices
ePub(637.3 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(470.6 KB) View on Kindle device or Kindle app on multiple devices
Updated:November 3, 2023
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how to resolve error: "VPN establishment capability for a remote user is disabled. A VPN connection will not be established."
When a user tries to connect with RA-VPN (Remote Access VPN) to the Secure Access headend, the error is printed in the Cisco Secure Client notification popup:
VPN establishment capability for a remote user is disabled. A VPN connection will not be established.
Cisco Secure Client was not able to establish a connection to the specified secure gateway. Please try connecting again.
Cisco Secure Client - Problem connecting to Cisco Secure Access
The mentioned error is generated, when the user is connected via the RDP to the Windows PC, tries to connect to RA-VPN from the given PC, and WindowsVPN Establishment is set to Local Users Only (default option).
Windows VPN Establishment determines the behavior of the Cisco Secure Client when a user who is remotely logged on to the client PC establishes a VPN connection. The possible values are:
Local Users Only
Prevents a remotely logged-on (RDP) user from establishing a VPN connection.
Allow Remote Users
Allows remote users to establish a VPN connection. However, if the configured VPN connection routing causes the remote user to become disconnected, the VPN connection terminates to allow the remote user to regain access to the clients PC. Remote users must wait 90 seconds after VPN establishment if they want to disconnect their remote login session without causing the VPN connection to be terminated.
Navigate to Cisco Secure Access Dashboard.
Click on Connect > End User Connectivity
Click on Virtual Private Network
Choose the profile that you want to modify and click Edit