https://windowsasusual.blogspot.com/2016/10/cisco-anyconnect-vpn-and-remote-desktop.html
I know it is quite rude of me to post this kind of work-around that IT people try and prevent. But I cannot install VPN clients on the computers I care about. The crap software often destroys perfectly good computers. I use a dedicated computer for connecting to corporate VPNs which I remote into. It gives a level of security for them, I install nothing but the VPN software on these special VPN only computers and I do not browse the web on them. I don't accidentally route crazy traffic through their VPNS. This protects all of us.
But here is my take:
Make a folder named 'ciscoanyconnect' for two files described below.
Create one file called 'connect.dat'. This file contains what will be sent as if typed on a keyboard. New lines are interpreted as an enter key. This is the contents of the file; replace servername, username and password with the correct info:
connect servername
username
password
Sometimes you need a blank line under username and under password. Sometimes you need to add additional parameters if there are additional questions in the VPN command.
Create another file called 'connect.cmd'. This file is the script you will run as administrator. This is the contents of the file; alter your paths as needed:
for /f "tokens=3 delims= " %%G in ('tasklist /FI "IMAGENAME eq tasklist.exe" /NH') do SET RDP_SESSION=%%G
Rundll32.exe user32.dll, LockWorkStation
tscon.exe %RDP_SESSION% /dest:console
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe" -s < L:\ciscoanyconnect\connect.dat
PAUSE
Make sure the Any Connect Client is quit.
Run connect.cmd as administrator. You will be logged out of your RDP Session. Then log back in. It may have worked. Look at the open command window for errors.
To disconnect run the Any Connect client and then in the icon on the taskbar you can quit.