Solved

ASA5510 and ISA 2006

Posted on 2011-03-10
5
633 Views
Last Modified: 2012-05-11
Hi all,

Currently we have a PIX515 as our Internet Edge FW connecting to an ISA 2006 server.  We also have remote VPN users who use Windows Dial-Up networking (PPTP)  terminating on the PIX.  Now we need to replace the PIX with an ASA5510.  As this cutover needs to be transparent to the VPN users we will need to terminate the VPN connections on the ISA as the ASA does not support PPTP.

Any suggestions on the best way to allow the passthrough to the ISA server and is there any other stumbling blocks that would be in my way when I replace the PIX with the ASA?
0
Comment
Question by:MadMenSA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 35093511
For PPTP passthrough you would need to allow the GRE protocol and tcp port 1723 to the ISA server:

access-list acl_outside permit gre any host vpn_external
access-list acl_outside permit tcp any host vpn_external eq 1723

And apply it of course:
access-group acl_outside in interface outside

And you will need a 1-1 static:
static (inside,outside) vpn_external vpn_internal netmask 255.255.255.255

That should do it.
0
 

Author Comment

by:MadMenSA
ID: 35094734
Thanks erniebeek.

Would I need to include an inspect PPTP command?  

Also, any ideas on the VPN server config on the ISA?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35096142
If I remember correctly that should only be necessary for outgoing connections. On the other hand, it wouldn't hurt to try.

I'm not an ISA guru, but this might help you, though it's for 2004: http://technet.microsoft.com/nl-nl/library/cc713329(en-us).aspx

If we're lucky, keith_alabaster might drop by (that's the man from I.S.A.  :)
0
 

Author Comment

by:MadMenSA
ID: 35096259
Thanks erniebeek.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35096455
Thank you (for the points as well), glad I could help.
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Factory-Resetting & Configuring Cisco Meraki MR18 Wifi Access Points 3 59
Routing certain SSLVPN Traffic to CDN 1 35
SSL-VPN Solution 8 36
Cisco Nexus 5 57
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question