Solved

ASA5510 and ISA 2006

Posted on 2011-03-10
5
630 Views
Last Modified: 2012-05-11
Hi all,

Currently we have a PIX515 as our Internet Edge FW connecting to an ISA 2006 server.  We also have remote VPN users who use Windows Dial-Up networking (PPTP)  terminating on the PIX.  Now we need to replace the PIX with an ASA5510.  As this cutover needs to be transparent to the VPN users we will need to terminate the VPN connections on the ISA as the ASA does not support PPTP.

Any suggestions on the best way to allow the passthrough to the ISA server and is there any other stumbling blocks that would be in my way when I replace the PIX with the ASA?
0
Comment
Question by:MadMenSA
  • 3
  • 2
5 Comments
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 35093511
For PPTP passthrough you would need to allow the GRE protocol and tcp port 1723 to the ISA server:

access-list acl_outside permit gre any host vpn_external
access-list acl_outside permit tcp any host vpn_external eq 1723

And apply it of course:
access-group acl_outside in interface outside

And you will need a 1-1 static:
static (inside,outside) vpn_external vpn_internal netmask 255.255.255.255

That should do it.
0
 

Author Comment

by:MadMenSA
ID: 35094734
Thanks erniebeek.

Would I need to include an inspect PPTP command?  

Also, any ideas on the VPN server config on the ISA?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35096142
If I remember correctly that should only be necessary for outgoing connections. On the other hand, it wouldn't hurt to try.

I'm not an ISA guru, but this might help you, though it's for 2004: http://technet.microsoft.com/nl-nl/library/cc713329(en-us).aspx

If we're lucky, keith_alabaster might drop by (that's the man from I.S.A.  :)
0
 

Author Comment

by:MadMenSA
ID: 35096259
Thanks erniebeek.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35096455
Thank you (for the points as well), glad I could help.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now