Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
ASA5510 and ISA 2006
Posted on 2011-03-10
Hi all,
Currently we have a PIX515 as our Internet Edge FW connecting to an ISA 2006 server. We also have remote VPN users who use Windows Dial-Up networking (PPTP) terminating on the PIX. Now we need to replace the PIX with an ASA5510. As this cutover needs to be transparent to the VPN users we will need to terminate the VPN connections on the ISA as the ASA does not support PPTP.
Any suggestions on the best way to allow the passthrough to the ISA server and is there any other stumbling blocks that would be in my way when I replace the PIX with the ASA?
Currently we have a PIX515 as our Internet Edge FW connecting to an ISA 2006 server. We also have remote VPN users who use Windows Dial-Up networking (PPTP) terminating on the PIX. Now we need to replace the PIX with an ASA5510. As this cutover needs to be transparent to the VPN users we will need to terminate the VPN connections on the ISA as the ASA does not support PPTP.
Any suggestions on the best way to allow the passthrough to the ISA server and is there any other stumbling blocks that would be in my way when I replace the PIX with the ASA?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
2
5 Comments
For PPTP passthrough you would need to allow the GRE protocol and tcp port 1723 to the ISA server:
access-list acl_outside permit gre any host vpn_external
access-list acl_outside permit tcp any host vpn_external eq 1723
And apply it of course:
access-group acl_outside in interface outside
And you will need a 1-1 static:
static (inside,outside) vpn_external vpn_internal netmask 255.255.255.255
That should do it.
access-list acl_outside permit gre any host vpn_external
access-list acl_outside permit tcp any host vpn_external eq 1723
And apply it of course:
access-group acl_outside in interface outside
And you will need a 1-1 static:
static (inside,outside) vpn_external vpn_internal netmask 255.255.255.255
That should do it.
Thanks erniebeek.
Would I need to include an inspect PPTP command?
Also, any ideas on the VPN server config on the ISA?
Would I need to include an inspect PPTP command?
Also, any ideas on the VPN server config on the ISA?
If I remember correctly that should only be necessary for outgoing connections. On the other hand, it wouldn't hurt to try.
I'm not an ISA guru, but this might help you, though it's for 2004: http://technet.microsoft.com/nl-nl/library/cc713329(en-us).aspx
If we're lucky, keith_alabaster might drop by (that's the man from I.S.A. :)
I'm not an ISA guru, but this might help you, though it's for 2004: http://technet.microsoft.com/nl-nl/library/cc713329(en-us).aspx
If we're lucky, keith_alabaster might drop by (that's the man from I.S.A. :)
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month6 days, 12 hours left to enroll
Earn Certification
Cisco CCNA R&S: ICND2 v3
$197.00$177.30
Earn Certification
Cisco CCNP Security: SIMOS
$197.00$177.30
636 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.