Cisco ASA VPN configuration

I am converting all of my PIX devices over to ASA platforms.  Several of my PIX 515's also support VPDN access.  Can someone take a look at the attached following code and make sure I have the ASA configured to match the way I have my PIX devices currently set up?

The one CLI command on the PIX that really concerns me the most is the 'vpdn enable outside' command.  I cannot find the equivalent CLI under the ASA.
PIX config:
ip local pool etpool 192.168.250.1-192.168.250.254
...
...
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication pap
vpdn group PPTP-VPDN-GROUP ppp authentication chap
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
vpdn group PPTP-VPDN-GROUP client configuration address local etpool
vpdn group PPTP-VPDN-GROUP client configuration dns 172.20.3.11
vpdn group PPTP-VPDN-GROUP client authentication aaa RADIUS
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn enable outside
 
ASA configuration:
ip local pool etpool 192.168.250.1-192.168.250.254
...
...
service-policy global_policy global
group-policy PPTP-VPDN-GROUP internal
group-policy PPTP-VPDN-GROUP attributes
 dns-server value 172.20.3.11
 vpn-tunnel-protocol l2tp-ipsec
tunnel-group PPTP-VPDN-GROUP type ipsec-ra
tunnel-group PPTP-VPDN-GROUP general-attributes
 address-pool etpool
 authentication-server-group RADIUS
 default-group-policy PPTP-VPDN-GROUP
tunnel-group PPTP-VPDN-GROUP ppp-attributes
 authentication pap
 authentication ms-chap-v2

Open in new window

jgrammer42Asked:
Who is Participating?
 
3nerdsCommented:
Correct.

3nerds
0
 
3nerdsCommented:
Your VPDN is using PPTP, and the ASA does not support that as a remote access VPN protocol, just making sure you realize this. As it was common to create a VPN connection using PPTP in windows XP so that you did not have to load a client on the remote machines. They new idea is to use IPSEC and the Cisco VPN client or to go the SSL VPN route.

Regards,

3nerds
0
 
jgrammer42Author Commented:
3nerds,

So, what you are saying is that if I make this change, my MS Windows XP users will no longer be able to VPN in using the Windows VPN client?

Thanks,
0
 
jgrammer42Author Commented:
That is not good....that creates some real problems.

I will have to think about this..

Thank you,
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.