Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1382
  • Last Modified:

PIX vs ASA CLI command differences

For years, we have used the Cisco PIX FW, with extremely good results. Never had a problem with them.  Now that Cisco is discontinuing this product, we just purchased our first ASA. (5540).

There are many commands that have been drastically changed from the PIX IOS to the ASA IOS.  

One of them is the "sysopt connection permit-pptp" command which is no longer available on the ASA.  Instead the command SEEMS to be "sysopt connection permit-vpn".

If I enter the "sysopt connection permit-vpn" command in the ASA does it allow for Microsoft VPN clients, (including Vista ones), to come in via VPN for authentication?  

I will include the code I would have USUALLY put in to the PIX for supporting MS VPN clients.  If someone could translate that into code for the ASA I would greatly appreciate it.
(PIX code for supporting MS VPN clients)
 
ip local pool ippool 192.168.100.1-192.168.100.254
 
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host <local radius server ip> <pwd> timeout 10
 
 
sysopt connection permit-pptp
 
vpdn group PPTP-GROUP accept dialin pptp
vpdn group PPTP-GROUP ppp authentication pap
vpdn group PPTP-GROUP ppp authentication chap
vpdn group PPTP-GROUP ppp authentication mschap
vpdn group PPTP-GROUP client configuration address local ippool
vpdn group PPTP-GROUP client configuration dns <local DNS server IP>
vpdn group PPTP-GROUP client authentication aaa RADIUS
vpdn group PPTP-GROUP pptp echo 60
vpdn enable outside

Open in new window

0
jgrammer42
Asked:
jgrammer42
1 Solution
 
akalbfellCommented:
Cisco actually makes a PIX to ASA config tool, i have used it once with surprisingly good results. I only had to make a few minor changes on the ASA afterwards...

http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=/cisco/ciscosecure/pix/PIXtoASAsetup_1_0.exe

you need a CCO account which i am assuming you have :-)
0
 
jgrammer42Author Commented:
Thanks, akalbfell, I will give that a shot.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now