Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New to ASA: Need some feedback

Status
Not open for further replies.
thecoffeeguy

thecoffeeguy

IS-IT--Management
Feb 13, 2007
6
US
I have been asked to setup a VPN connection, using PPTP from the vendors location (public IP addresses have been given) to servers within our network.

I went out and grabbed some ASA books (Hucaby Handbook) and will be going over it.

In the meantime, does anyone have suggestions on how to get started?

In a nutshell, I need a crash course to get up to speed.

Here is what I have so far:

20.10.5.2 -- remote host making connection

32.16.8.4 -- public IP statically assigned to internal authentication server

access-list inbound_pptp_traffic permit gre host 20.10.5.2 host 32.16.8.4
access-list inbound_pptp_traffic permit tcp host 20.10.5.2 host 32.16.8.4 eq 1723
static (inside,outside) 32.16.8.4 172.15.5.1 255.255.255.255
access-group inbound_pptp_traffic in interface outside

That look right?
do I need to setup a rule to make sure the return traffic would get through?

thanks.
 
Sort by date Sort by votes
Thanks. I should have been more specific.
We have a authentication server internally (RRAS I believe...first week, so I am learning.)

So, I was thinking I could use sort of what I had in the ACL's above. That way, the incoming connections get forwarded to the authentication server which is where authentication happens. That way, the ASA just forwards port 1723 to the correct server.

I was using a 1-to-1 mapping for the internal server.

I found this:


I was just curious on a few things:
Since I have 7 public IP addresses given to me, I need to setup rules for each IP address? essentially, 14 new ACL's?

Secondly, what about return traffic? I am new to ASA, so I didn't know if their are any caveats about making sure the VPN traffic will return properly to the originating machine.

Thanks Brent. Appreciate your help.

Jason
 
Upvote 0 Downvote
You can have the pix terminate the tunnel but have it authenticate to the 2003 server - IAS. That takes a bit more to configure. I would have the pix terminate the PPTP vpns, but you can do it the other way. The 2003 server would need 2 NICs.

Here is more what you are looking for

The pix/asa is adaptive and understands the connection back out once it is established. No worries.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
299
Sameer258
Sameer258
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
94
PauS0n
PauS0n
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
313
intel233
intel233
gkreg
  • Locked
  • Question
asa 5500-x url filtering
Replies
0
Views
209
gkreg
gkreg
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
353
intel233
intel233

Part and Inventory Search

Sponsor

Back
Top