For years, we have used the Cisco PIX FW, with extremely good results. Never had a problem with them. Now that Cisco is discontinuing this product, we just purchased our first ASA. (5540).
There are many commands that have been drastically changed from the PIX IOS to the ASA IOS.
One of them is the "sysopt connection permit-pptp" command which is no longer available on the ASA. Instead the command SEEMS to be "sysopt connection permit-vpn".
If I enter the "sysopt connection permit-vpn" command in the ASA does it allow for Microsoft VPN clients, (including Vista ones), to come in via VPN for authentication?
I will include the code I would have USUALLY put in to the PIX for supporting MS VPN clients. If someone could translate that into code for the ASA I would greatly appreciate it.
(PIX code for supporting MS VPN clients)
ip local pool ippool 192.168.100.1-192.168.100.254
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host <local radius server ip> <pwd> timeout 10
sysopt connection permit-pptp
vpdn group PPTP-GROUP accept dialin pptp
vpdn group PPTP-GROUP ppp authentication pap
vpdn group PPTP-GROUP ppp authentication chap
vpdn group PPTP-GROUP ppp authentication mschap
vpdn group PPTP-GROUP client configuration address local ippool
vpdn group PPTP-GROUP client configuration dns <local DNS server IP>
vpdn group PPTP-GROUP client authentication aaa RADIUS
vpdn group PPTP-GROUP pptp echo 60
vpdn enable outside