cisco asa config

Posted on 2013-10-04
Medium Priority
Last Modified: 2013-10-09

Help needed with configuring Cisco asa 5505

I want to configure one cisco asa 5505 with the following:

Be able to handle vpn both from Pc and mac and Linux with the protocol pptp and certificate
Be the company firewall with both internal and external net, + have dmz capacity
Route between internal and external net

What I need is a good description on how to do this.
One step-to-step guide is possible.

Appreciate any directions,
Question by:joebilek
  • 2
LVL 16

Accepted Solution

InteraX earned 1500 total points
ID: 39546164
I'll answer these in order.
1. Cisco removed support for PPTP when the ASA devices were released. PPTP was only available in software versions before V7. You will need to use IPsec IKEV1, L2TP over IPsec IKE V1, IPsec IKE V2 or SSL. IKEV2 or SSL will require additional licenses. IPsec IKEV1 will probably require Cisco's VPN Client which is no longer supported, so you may find it's easiest to use L2TP over IPsec IKEV1

2. You will need a sec plus license for the DMZ interface if it needs access to both the inside and outside. Once you've done that, try reading Pete Long's guides.


Also, the ASA Configuration guides are very good. I know they look big, but they don't take too long and are organised very effectively. If you only want to read about routing, go to the section about routing, ACLs and NAT are in the firewall section.

Let me know if you need more info.

Author Comment

ID: 39546176
Thanks. we´ve read theres a workaround to enable PPTP in ASA, but that might be wrong?
LVL 16

Expert Comment

ID: 39546217
I've never heard of that, but that doesn't mean there isn't a way. A couple of points to note about this though.

1. This would not be supported by Cisco if you had problems in the future.
2. This has probably been removed in more recent versions of code.
3. I've just run a quick search against Google and can't find anything. I can only find info on PPTP passthrough which would allow another device to do the PPTP stuff for you.
4. PPTP is an OLD and deprecated technology. Whilst it is quick and easy to implement, it's also not very secure, using 56-bit DES, not 3DES or newer, more secure AES.
LVL 58

Expert Comment

by:Pete Long
ID: 39550546
>>Thanks. we´ve read there's a workaround to enable PPTP

Not that I'm aware of? InteraX is correct Your best choice it L2TP, unless you want to spend money on more SSL Licences.


>> And thanks for the site plug :)

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Considering cloud tradeoffs and determining the right mix for your organization.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question