Internal client can't establish VPN to external site thru 5505

Unanswered Question
Apr 4th, 2008
User Badges:

Total noob...My laptop can establish a vpn connection to a site when I am at home. Bring it to work, it can't establish thru the 5505. Can you tell me what I need to enable so I can VPN through it? I have searched and tried different things to no avail.


Thanks,

Jim

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Fri, 04/04/2008 - 16:19
User Badges:
  • Green, 3000 points or more

Hi Jim,


You do not specify which vpn client you are using to vpn from inside asa to outside but here are the most commonly used vpn clients examples you need to allow in asa5500.


add this to your global polciy for IPsec pass trhough ( Cisco VPN Client )


IPsec-Cisco-VPN-CLIENT

ciscoasa(config)# policy-map global_policy </p><p>ciscoasa(config-pmap)# class inspection_default </p><p>ciscoasa(config-pmap-c)# inspect ipsec-pass-thru </p><p>ciscoasa(config-pmap-c)#exit


For Microsoft PPTP


ciscoasa(config)# policy-map global_policy </p><p>ciscoasa(config-pmap)# class inspection_default </p><p>ciscoasa(config-pmap-c)# inspect pptp  </p><p>ciscoasa(config-pmap-c)#exit




please read these two links for background info.

Ipsec

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i2_72.html#wp1668213


PPTP

http://www.cisco.com/warp/public/110/pix_pptp.html


HTH

Rgds

Jorge

JORGE RODRIGUEZ Wed, 04/09/2008 - 19:16
User Badges:
  • Green, 3000 points or more

Jim, just following up.. are you all set with this or do you still have problems.


Rgds

Jorge

Actions

This Discussion