Solved

PIX vs ASA CLI command differences

Posted on 2009-05-04
2
1,356 Views
Last Modified: 2012-08-14
For years, we have used the Cisco PIX FW, with extremely good results. Never had a problem with them.  Now that Cisco is discontinuing this product, we just purchased our first ASA. (5540).

There are many commands that have been drastically changed from the PIX IOS to the ASA IOS.  

One of them is the "sysopt connection permit-pptp" command which is no longer available on the ASA.  Instead the command SEEMS to be "sysopt connection permit-vpn".

If I enter the "sysopt connection permit-vpn" command in the ASA does it allow for Microsoft VPN clients, (including Vista ones), to come in via VPN for authentication?  

I will include the code I would have USUALLY put in to the PIX for supporting MS VPN clients.  If someone could translate that into code for the ASA I would greatly appreciate it.
(PIX code for supporting MS VPN clients)
 
ip local pool ippool 192.168.100.1-192.168.100.254
 
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host <local radius server ip> <pwd> timeout 10
 
 
sysopt connection permit-pptp
 
vpdn group PPTP-GROUP accept dialin pptp
vpdn group PPTP-GROUP ppp authentication pap
vpdn group PPTP-GROUP ppp authentication chap
vpdn group PPTP-GROUP ppp authentication mschap
vpdn group PPTP-GROUP client configuration address local ippool
vpdn group PPTP-GROUP client configuration dns <local DNS server IP>
vpdn group PPTP-GROUP client authentication aaa RADIUS
vpdn group PPTP-GROUP pptp echo 60
vpdn enable outside

Open in new window

0
Comment
Question by:jgrammer42
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 8

Accepted Solution

by:
akalbfell earned 500 total points
ID: 24305500
Cisco actually makes a PIX to ASA config tool, i have used it once with surprisingly good results. I only had to make a few minor changes on the ASA afterwards...

http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=/cisco/ciscosecure/pix/PIXtoASAsetup_1_0.exe

you need a CCO account which i am assuming you have :-)
0
 

Author Comment

by:jgrammer42
ID: 24307775
Thanks, akalbfell, I will give that a shot.
0

Featured Post

Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Grant drive/folder change permissions to VPN user 6 39
Clientless VPN Access 23 56
Connectivity drops 9 74
Tracert fails final hop at some client offices 3 45
Let’s list some of the technologies that enable smooth teleworking. 
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question