Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
555
Views
8
Helpful
1
Replies

ASA firewall can't be used as a PPTP VPN endpoint?

thomasdzubin
Level 1
Level 1

‎08-22-2007 10:08 AM

I was hoping to replace an aging PIX running 6.3 with a new ASA 5505 running 8.0

However, the PIX is currently used as a PPTP VPN endpoint for a number of MS-WinXP dialin clients on the outside. After a bit of research, it seems that the ASAs don't support PPTP tunnels? I was hoping for a real simple setup but now it looks like I need to do L2TP and a more complicated IPSEC setup.

Anyway...my question is: why did the ASA drop PPTP support? Is it significantly less secure? Are there any good examples for the "new" dialin VPN configs? (everything I google for seems to assume a PIX 6.x)

I'd like to see an example with the "tunnel-group" and "group-policy" commands...anyone have one?

Labels:
0 Helpful
1 Reply 1

rajbhatt
Level 3
Level 3

‎08-24-2007 02:02 AM

Hi Thomas,

I am not sure why they have discontinued the use of pptp in ver 7. 0 upwards .

But here is a link with l2tp with preshared keys :

http://www.ciscosystems.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807213a7.shtml

and also link with certificates :

http://www.ciscosystems.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800942ad.shtml

Raj

Customers Also Viewed These Support Documents