ASA firewall can't be used as a PPTP VPN endpoint?

Unanswered Question
Aug 22nd, 2007
User Badges:

I was hoping to replace an aging PIX running 6.3 with a new ASA 5505 running 8.0

However, the PIX is currently used as a PPTP VPN endpoint for a number of MS-WinXP dialin clients on the outside. After a bit of research, it seems that the ASAs don't support PPTP tunnels? I was hoping for a real simple setup but now it looks like I need to do L2TP and a more complicated IPSEC setup. question is: why did the ASA drop PPTP support? Is it significantly less secure? Are there any good examples for the "new" dialin VPN configs? (everything I google for seems to assume a PIX 6.x)

I'd like to see an example with the "tunnel-group" and "group-policy" commands...anyone have one?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
rajbhatt Fri, 08/24/2007 - 02:02
User Badges:

Hi Thomas,

I am not sure why they have discontinued the use of pptp in ver 7. 0 upwards .

But here is a link with l2tp with preshared keys :

and also link with certificates :



This Discussion