Solved: Re: Allow PPTP to pass through a Cisco ASA device

ckuriyar74 · ‎11-08-2006

I have Cisco ASA and ISA 2004 server.

I want to use the ISA as VPN server. Thus, I need the ASA to allow the

PPTP VPN traffic through to the ISA Server so that it can authenticate.

Can anyone help me how to configure.

Fernando_Meza · ‎11-08-2006

Only tcp .. If you have an access-list applied to the inside interface .. then you might need to add

access-list extended permit gre host any

Fernando_Meza · ‎11-08-2006

HI .. I believe you only need to allow GRE and PPTP on your access-lists

1.- Configure a static for your ISA box

2.- allow GRE and PPTP to that Public IP address i.e

quote

"In this configuration example, the PPTP server is 209.165.201.5 (static to 10.48.66.106 inside), and the PPTP client is at 209.165.201.25.

access-list acl-out permit gre host 209.165.201.25 host 209.165.201.5

access-list acl-out permit tcp host 209.165.201.25 host 209.165.201.5 eq 1723

static (inside,outside) 209.165.201.5 10.48.66.106 netmask 255.255.255.255 0 0

access-group acl-out in interface outside "

I hope it helps .. please rate it if it does !!

ckuriyar74 · ‎11-08-2006

do we have to allow tcp only or even udp along with tcp in access-list entry

Fernando_Meza · ‎11-08-2006

Only tcp .. If you have an access-list applied to the inside interface .. then you might need to add

access-list extended permit gre host any