NutrientMS
asked on
PPTP Passthrough on Cisco to ISA 2004
Hi Everyone,
We currently use an ISA 2004 server as our primary firewall and PPTP VPN termination point into our network. I have been configuring and testing a new Cisco ASA5510 and have it running alongside the ISA with a second internet connection etc... We plan on replacing the ISA server with the Cisco and I have configured IPSec VPN with RSA SecurID tokens on the Cisco, however due to the large rollout and potential issues, I would like to able to configure the Cisco to passthrough PPTP traffic to the ISA Server to terminate there. Effectively giving me two places where VPN's will terminate to.
Has anyone done this before? Is there any considerations I need to think about?
I planned on doing a static nat between one of our external IP Addresses and the ISA Server (which would have an internal IP Address)
The ISA Server would have a default gateway of our Internal Router which is configured to send an WAN VPN traffic to our other offices, and 0.0.0.0 0.0.0.0 to the Cisco.
This would let us slowly roll out the Cisco VPN with RSA Tokens while some users continue connecting to their current ISA PPTP VPN.
Any input is much appreciated.
We currently use an ISA 2004 server as our primary firewall and PPTP VPN termination point into our network. I have been configuring and testing a new Cisco ASA5510 and have it running alongside the ISA with a second internet connection etc... We plan on replacing the ISA server with the Cisco and I have configured IPSec VPN with RSA SecurID tokens on the Cisco, however due to the large rollout and potential issues, I would like to able to configure the Cisco to passthrough PPTP traffic to the ISA Server to terminate there. Effectively giving me two places where VPN's will terminate to.
Has anyone done this before? Is there any considerations I need to think about?
I planned on doing a static nat between one of our external IP Addresses and the ISA Server (which would have an internal IP Address)
The ISA Server would have a default gateway of our Internal Router which is configured to send an WAN VPN traffic to our other offices, and 0.0.0.0 0.0.0.0 to the Cisco.
This would let us slowly roll out the Cisco VPN with RSA Tokens while some users continue connecting to their current ISA PPTP VPN.
Any input is much appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I understand...
Just let me know if you have any questions!
Cheers!
Just let me know if you have any questions!
Cheers!
ASKER
Hey PuggleWuggle,
This worked like a charm. Thanks heaps!
This worked like a charm. Thanks heaps!
ASKER