Internal client can't establish VPN to external site thru 5505

trymelatr · ‎04-04-2008

Total noob...My laptop can establish a vpn connection to a site when I am at home. Bring it to work, it can't establish thru the 5505. Can you tell me what I need to enable so I can VPN through it? I have searched and tried different things to no avail.

Thanks,

Jim

JORGE RODRIGUEZ · ‎04-04-2008

Hi Jim,

You do not specify which vpn client you are using to vpn from inside asa to outside but here are the most commonly used vpn clients examples you need to allow in asa5500.

add this to your global polciy for IPsec pass trhough ( Cisco VPN Client )

IPsec-Cisco-VPN-CLIENT

ciscoasa(config)# policy-map global_policy

ciscoasa(config-pmap)# class inspection_default

ciscoasa(config-pmap-c)# inspect ipsec-pass-thru

ciscoasa(config-pmap-c)#exit

For Microsoft PPTP

ciscoasa(config)# policy-map global_policy

ciscoasa(config-pmap)# class inspection_default

ciscoasa(config-pmap-c)# inspect pptp

ciscoasa(config-pmap-c)#exit

please read these two links for background info.

Ipsec

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i2_72.html#wp1668213

PPTP

http://www.cisco.com/warp/public/110/pix_pptp.html

HTH

Rgds

Jorge

Jorge Rodriguez

JORGE RODRIGUEZ · ‎04-09-2008

Jim, just following up.. are you all set with this or do you still have problems.

Rgds

Jorge

Jorge Rodriguez