Solved

PIX vs ASA CLI command differences

Posted on 2009-05-04
2
1,350 Views
Last Modified: 2012-08-14
For years, we have used the Cisco PIX FW, with extremely good results. Never had a problem with them.  Now that Cisco is discontinuing this product, we just purchased our first ASA. (5540).

There are many commands that have been drastically changed from the PIX IOS to the ASA IOS.  

One of them is the "sysopt connection permit-pptp" command which is no longer available on the ASA.  Instead the command SEEMS to be "sysopt connection permit-vpn".

If I enter the "sysopt connection permit-vpn" command in the ASA does it allow for Microsoft VPN clients, (including Vista ones), to come in via VPN for authentication?  

I will include the code I would have USUALLY put in to the PIX for supporting MS VPN clients.  If someone could translate that into code for the ASA I would greatly appreciate it.
(PIX code for supporting MS VPN clients)
 

ip local pool ippool 192.168.100.1-192.168.100.254
 

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server RADIUS (inside) host <local radius server ip> <pwd> timeout 10
 
 

sysopt connection permit-pptp
 

vpdn group PPTP-GROUP accept dialin pptp

vpdn group PPTP-GROUP ppp authentication pap

vpdn group PPTP-GROUP ppp authentication chap

vpdn group PPTP-GROUP ppp authentication mschap

vpdn group PPTP-GROUP client configuration address local ippool

vpdn group PPTP-GROUP client configuration dns <local DNS server IP>

vpdn group PPTP-GROUP client authentication aaa RADIUS

vpdn group PPTP-GROUP pptp echo 60

vpdn enable outside

Open in new window

0
Comment
Question by:jgrammer42
2 Comments
 
LVL 8

Accepted Solution

by:
akalbfell earned 500 total points
ID: 24305500
Cisco actually makes a PIX to ASA config tool, i have used it once with surprisingly good results. I only had to make a few minor changes on the ASA afterwards...

http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=/cisco/ciscosecure/pix/PIXtoASAsetup_1_0.exe

you need a CCO account which i am assuming you have :-)
0
 

Author Comment

by:jgrammer42
ID: 24307775
Thanks, akalbfell, I will give that a shot.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now