ā03-16-2016 09:36 AM - edited ā03-12-2019 12:30 AM
I have a customer using an ASA 5505 who we do very little work for so very often when they ask us to do some work it's something we've not touched before as in this case. I'm trying to setup VPN so the users can connect into the office network and I suspect it's not configured to allow and forward PPTP VPN connections to the server where RRAS is running. The server is running Windows server 2012 (not R2).
First I found out the ASA wasn't setup for http access but I managed to get that enabled via Telnet. Once I got that done then I found I couldn't hardly connect or login to the ASA and deduced it was a Java issue. The server was running the latest Java v8. The ASA is ASDM 5.2 which I think is pretty old. I'm used to SonicWalls, not ASAs.
I removed Java 8 and finally went all the way back to 1.4.2 which of course isn't secure but at least now I can connect and login. However when I try to run the ASDM Applet it gets up to 100% and says "Not able to load Application, Exception in Startin...". I've tried to install the ASDM Launcher and use that but when I run it after installation I get a tiny window that is only big enough to display the minimize, maximize, and close buttons and it can't be increased by dragging a corner or clicking maximize as the maximize button is grayed out.
This is all done using IE11 with and without compatibility mode. I can't get Firefox or Chrome to connect to the router at all to even login to it. Firefox says Java isn't enabled and I can't see how to do that and Chrome won't connect as it says there is no common SSL protocol or cipher suite, likely due to the age of the ASA.
I can't say how reluctant I am to try to upgrade ASDM on this ASA as I have no idea what all has been done with it before or if it will break. At least now it works. And since this customer seems very reluctant to ask for work to be done I'm not sure they would want to take the risk either.
So short of updating ADSM beyond the 5.2 it is now, is there anything I can do to actually get into the routers interface and do the work I'm trying to do of setting up forwarding of port 1723 to the server for the VPN?
Jonathan
ā03-16-2016 09:51 AM
Feedback forum is dedicated to other topics. See forum description for details.
Moved to Firewalling
ā03-16-2016 11:43 AM
Dan,
Sorry about posting in the wrong forum. I forgot to check what forum I was in before posting. Thanks for moving my thread to the correct forum.
ā03-16-2016 10:15 AM
Hi Jonathan,
May I know what is the ASA version running on the
Also to port forward 1723 for PPTP you can use this sample config:
Assuming your PPTP server is connected to the inside interface.
object network VPN-TCP
host 10.1.1.1
nat
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object
access-list outside extended permit
access-list outside extended permit
policy-map global_policy
class inspection_default
inspect
Regards,
Aditya
Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide