cisco asa config


Help needed with configuring Cisco asa 5505

I want to configure one cisco asa 5505 with the following:

Be able to handle vpn both from Pc and mac and Linux with the protocol pptp and certificate
Be the company firewall with both internal and external net, + have dmz capacity
Route between internal and external net

What I need is a good description on how to do this.
One step-to-step guide is possible.

Appreciate any directions,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I'll answer these in order.
1. Cisco removed support for PPTP when the ASA devices were released. PPTP was only available in software versions before V7. You will need to use IPsec IKEV1, L2TP over IPsec IKE V1, IPsec IKE V2 or SSL. IKEV2 or SSL will require additional licenses. IPsec IKEV1 will probably require Cisco's VPN Client which is no longer supported, so you may find it's easiest to use L2TP over IPsec IKEV1

2. You will need a sec plus license for the DMZ interface if it needs access to both the inside and outside. Once you've done that, try reading Pete Long's guides.

Also, the ASA Configuration guides are very good. I know they look big, but they don't take too long and are organised very effectively. If you only want to read about routing, go to the section about routing, ACLs and NAT are in the firewall section.

Let me know if you need more info.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
joebilekAuthor Commented:
Thanks. we´ve read theres a workaround to enable PPTP in ASA, but that might be wrong?
I've never heard of that, but that doesn't mean there isn't a way. A couple of points to note about this though.

1. This would not be supported by Cisco if you had problems in the future.
2. This has probably been removed in more recent versions of code.
3. I've just run a quick search against Google and can't find anything. I can only find info on PPTP passthrough which would allow another device to do the PPTP stuff for you.
4. PPTP is an OLD and deprecated technology. Whilst it is quick and easy to implement, it's also not very secure, using 56-bit DES, not 3DES or newer, more secure AES.
Pete LongTechnical ConsultantCommented:
>>Thanks. we´ve read there's a workaround to enable PPTP

Not that I'm aware of? InteraX is correct Your best choice it L2TP, unless you want to spend money on more SSL Licences.


>> And thanks for the site plug :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.