Solved

Cisco ASA VPN configuration

Posted on 2009-07-07
4
705 Views
Last Modified: 2012-05-07
I am converting all of my PIX devices over to ASA platforms.  Several of my PIX 515's also support VPDN access.  Can someone take a look at the attached following code and make sure I have the ASA configured to match the way I have my PIX devices currently set up?

The one CLI command on the PIX that really concerns me the most is the 'vpdn enable outside' command.  I cannot find the equivalent CLI under the ASA.
PIX config:
ip local pool etpool 192.168.250.1-192.168.250.254
...
...
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication pap
vpdn group PPTP-VPDN-GROUP ppp authentication chap
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
vpdn group PPTP-VPDN-GROUP client configuration address local etpool
vpdn group PPTP-VPDN-GROUP client configuration dns 172.20.3.11
vpdn group PPTP-VPDN-GROUP client authentication aaa RADIUS
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn enable outside
 
ASA configuration:
ip local pool etpool 192.168.250.1-192.168.250.254
...
...
service-policy global_policy global
group-policy PPTP-VPDN-GROUP internal
group-policy PPTP-VPDN-GROUP attributes
 dns-server value 172.20.3.11
 vpn-tunnel-protocol l2tp-ipsec
tunnel-group PPTP-VPDN-GROUP type ipsec-ra
tunnel-group PPTP-VPDN-GROUP general-attributes
 address-pool etpool
 authentication-server-group RADIUS
 default-group-policy PPTP-VPDN-GROUP
tunnel-group PPTP-VPDN-GROUP ppp-attributes
 authentication pap
 authentication ms-chap-v2

Open in new window

0
Comment
Question by:jgrammer42
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 13

Expert Comment

by:3nerds
ID: 24795118
Your VPDN is using PPTP, and the ASA does not support that as a remote access VPN protocol, just making sure you realize this. As it was common to create a VPN connection using PPTP in windows XP so that you did not have to load a client on the remote machines. They new idea is to use IPSEC and the Cisco VPN client or to go the SSL VPN route.

Regards,

3nerds
0
 

Author Comment

by:jgrammer42
ID: 24830935
3nerds,

So, what you are saying is that if I make this change, my MS Windows XP users will no longer be able to VPN in using the Windows VPN client?

Thanks,
0
 
LVL 13

Accepted Solution

by:
3nerds earned 500 total points
ID: 24842600
Correct.

3nerds
0
 

Author Comment

by:jgrammer42
ID: 24849664
That is not good....that creates some real problems.

I will have to think about this..

Thank you,
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month10 days, 1 hour left to enroll

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question