Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 638
  • Last Modified:

ASA5510 and ISA 2006

Hi all,

Currently we have a PIX515 as our Internet Edge FW connecting to an ISA 2006 server.  We also have remote VPN users who use Windows Dial-Up networking (PPTP)  terminating on the PIX.  Now we need to replace the PIX with an ASA5510.  As this cutover needs to be transparent to the VPN users we will need to terminate the VPN connections on the ISA as the ASA does not support PPTP.

Any suggestions on the best way to allow the passthrough to the ISA server and is there any other stumbling blocks that would be in my way when I replace the PIX with the ASA?
0
MadMenSA
Asked:
MadMenSA
  • 3
  • 2
1 Solution
 
Ernie BeekExpertCommented:
For PPTP passthrough you would need to allow the GRE protocol and tcp port 1723 to the ISA server:

access-list acl_outside permit gre any host vpn_external
access-list acl_outside permit tcp any host vpn_external eq 1723

And apply it of course:
access-group acl_outside in interface outside

And you will need a 1-1 static:
static (inside,outside) vpn_external vpn_internal netmask 255.255.255.255

That should do it.
0
 
MadMenSAAuthor Commented:
Thanks erniebeek.

Would I need to include an inspect PPTP command?  

Also, any ideas on the VPN server config on the ISA?
0
 
Ernie BeekExpertCommented:
If I remember correctly that should only be necessary for outgoing connections. On the other hand, it wouldn't hurt to try.

I'm not an ISA guru, but this might help you, though it's for 2004: http://technet.microsoft.com/nl-nl/library/cc713329(en-us).aspx

If we're lucky, keith_alabaster might drop by (that's the man from I.S.A.  :)
0
 
MadMenSAAuthor Commented:
Thanks erniebeek.
0
 
Ernie BeekExpertCommented:
Thank you (for the points as well), glad I could help.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now