Solved

PPTP Passthrough on Cisco to ISA 2004

Posted on 2008-10-07
4
620 Views
Last Modified: 2008-11-17
Hi Everyone,

We currently use an ISA 2004 server as our primary firewall and PPTP VPN termination point into our network.  I have been configuring and testing a new Cisco ASA5510 and have it running alongside the ISA with a second internet connection etc...  We plan on replacing the ISA server with the Cisco and I have configured IPSec VPN with RSA SecurID tokens on the Cisco, however due to the large rollout and potential issues, I would like to able to configure the Cisco to passthrough PPTP traffic to the ISA Server to terminate there.  Effectively giving me two places where VPN's will terminate to.

Has anyone done this before?  Is there any considerations I need to think about?

I planned on doing a static nat between one of our external IP Addresses and the ISA Server (which would have an internal IP Address)
The ISA Server would have a default gateway of our Internal Router which is configured to send an WAN VPN traffic to our other offices, and 0.0.0.0 0.0.0.0 to the Cisco.

This would let us slowly roll out the Cisco VPN with RSA Tokens while some users continue connecting to their current ISA PPTP VPN.

Any input is much appreciated.
0
Comment
Question by:NutrientMS
  • 2
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22665719
This can work, but I highly suggest you terminate VPN on the ASA and then route the traffic through ISA if it's an option.
PPTP is very picky with NAT and other technologies and doesn't generally play well with others.
If you MUST use it (not generally recommended) then you can use the information in this article to get what you need done!
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml
Cheers! Let me know if you have any questions!
0
 
LVL 5

Author Comment

by:NutrientMS
ID: 22665723
Thanks, I will have a read of it.  We do need to use it just at the start as we can't do a clean cutover from the ISA to the Cisco.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22665751
I understand...
Just let me know if you have any questions!
Cheers!
0
 
LVL 5

Author Comment

by:NutrientMS
ID: 22811800
Hey PuggleWuggle,

This worked like a charm.  Thanks heaps!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question