ASA firewall can't be used as a PPTP VPN endpoint?

Unanswered Question
Aug 22nd, 2007
User Badges:

I was hoping to replace an aging PIX running 6.3 with a new ASA 5505 running 8.0

However, the PIX is currently used as a PPTP VPN endpoint for a number of MS-WinXP dialin clients on the outside. After a bit of research, it seems that the ASAs don't support PPTP tunnels? I was hoping for a real simple setup but now it looks like I need to do L2TP and a more complicated IPSEC setup.

Anyway...my question is: why did the ASA drop PPTP support? Is it significantly less secure? Are there any good examples for the "new" dialin VPN configs? (everything I google for seems to assume a PIX 6.x)

I'd like to see an example with the "tunnel-group" and "group-policy" commands...anyone have one?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
rajbhatt Fri, 08/24/2007 - 02:02
User Badges:



Hi Thomas,

I am not sure why they have discontinued the use of pptp in ver 7. 0 upwards .


But here is a link with l2tp with preshared keys :

http://www.ciscosystems.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807213a7.shtml


and also link with certificates :

http://www.ciscosystems.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800942ad.shtml


Raj

Actions

This Discussion