Cisco ASA VPN question

[aerosome]

I have several IPO VPNd through the Cisco ASA, sometimes everything works just fine, sometimes not....can someone point me in the right direction for the fixups and so on, or perhaps the avaya documentation on what needs to be off or on, i cant seem to find it on their site.

thanks

 

[ShakinEakin]

Fixup is the old Pix 6.X method. The new ASA version 7+ uses Inspect.

If the VPN is PPTP based (I'm not sure what ports/protocols the Avaya VPN uses), just make sure you have the Inspect PPTP line enabled:

policy-map global_policy
class inspection_default
inspect pptp

I've remove the other inspect policies, just wanted to show the one to add.

If you don't have this, outbound PPTP will not flow correctly trhough an ASA firewall.

I hope that helps.

Chris.

 

[Maxwell1001]

no fixup protocol h323 h225 1720
no fixup protocol h323 ras 1718-1719
nofixup protocol tftp 69

these are the fixups plus a as i have learnt the very hardway the Avaya VPN phones will only work on ASA software version 7.2 or a PIX upgraded to version7.2 from 6.X

 

[racom]

I have a customer with an IPSEC VPN on their Cisco ASA. Is there a setup command or Inspect command for that? They continue to have quality issues, and the traffic on their network is light.

 

[Drew2400]

On the ASA there should be no entries under:

Configuration > Firewall > Objects > Inspect Maps > H.323
Configuration > Firewall > Objects > Class Maps > H.323

Follow the configuration steps in the tech-tip and all should go well. I've had a VPN phone running under PIX and ASA without a problem. Limit tunnel access only to the IPO and server to decrease the security risk.

Drew