Allow PPP Connections through ASA 5505

mumbles202 · ‎03-02-2012

We have a user who needs to access a vpn from his MAC through an ASA 5505. The user is getting an IP via DHCP and the outside interface of the ASA gets it's address via DHCP as well. The user states that when he is home or anywhere else but behind the ASA it connects fine, but once the ASA is added it times out. He is able to get to the internet from the machine without any issues. Looking over the config on the firewall it isn't set to deny any traffic and there is a global set on the interface and it is nat the inside interface. There is no global policy in place so I was considering implementing the following:

policy-map global_policy
class inspection_default
inspect pptp

based on documentation I had read. Will that work to fix the issue without generating other problems? I can post a clean config from the ASA if needed.

andrew.prince · ‎03-03-2012

Read the below URL - it gives plenty of examples.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml

HTH>

mumbles202 · ‎03-03-2012

Andrew -- thanks for the link. That's actually the article I read. I was following the section for allowing internal client to outside server for version 7.x since the ASA is running version 7.2. The Nat and global statements are already in place, just no inspection being used yet. I'll add that and give it a try. Btw, do you know if there would be any issue if the client would be double nat'd. They are actually connect to a wireless router that is nating their local IP(5.x) to the external address(1.x) that the router is getting via dhcp from the ASA. It works fine for internet access so I suspect it should be fine here as well.o