juuz
asked on
Windows 2008 server routing and remote access through Cisco ASA trouble
Dear EE's
I am having trouble with PPTP VPN sessions from client through a Cisco ASA 5505 and to a Windows 2008 server running RRAS.
I get the connection, the Cisco knows it and the RRAS lists it. Username is verified.
On the client however, I only see traffic being sent, not returned, and I cannot connect to network resources
Internal net - gateway: 10.10.10.1
RRAS server 10.10.10.13 - LAN
RRAS server: 10.10.10.110 - internal
DHCP window for VPN clients 10.10.10.110-10.10.10.140
I could imagine the Cisco being the issue. Have uploaded the running config to this post.
Please let me know, if you need any other information
-Soeren-
cisco-asa-running-config.txt
I am having trouble with PPTP VPN sessions from client through a Cisco ASA 5505 and to a Windows 2008 server running RRAS.
I get the connection, the Cisco knows it and the RRAS lists it. Username is verified.
On the client however, I only see traffic being sent, not returned, and I cannot connect to network resources
Internal net - gateway: 10.10.10.1
RRAS server 10.10.10.13 - LAN
RRAS server: 10.10.10.110 - internal
DHCP window for VPN clients 10.10.10.110-10.10.10.140
I could imagine the Cisco being the issue. Have uploaded the running config to this post.
Please let me know, if you need any other information
-Soeren-
cisco-asa-running-config.txt
ASKER
@Salneolai
Excellent - I do however only have one public IP that is being used for "everything". Can it work with a single public IP that is being used for mail flow, owa etc.?
Thank you for the fast reply
Soeren
Excellent - I do however only have one public IP that is being used for "everything". Can it work with a single public IP that is being used for mail flow, owa etc.?
Thank you for the fast reply
Soeren
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks very much. I have ordered a second public IP...
You have only defined a port address translation for pptp. In order for pptp to work and also for the gre traffic to pass through to the Windows Server you need to define a static nat for the IP address of the windows server...
In order to create a static nat you will need a dedicated public IP address for the Windows Server which you can use to create the nat on the firewall.