02-18-2009 02:15 PM - edited 02-21-2020 04:09 PM
I support a group that previously connected to their internal network with a Microsoft VPN client via a Microsoft RRAS connection using PPTP. I have a Cisco ASA device in place that forwards inspected PPTP traffic to the server and also allows GRE packets. We have since moved to a RADIUS configuration on the ASA for authenication. What's happening is the customer wants the ability to connect both ways (PPTP and IPSEC). Is this possible? Ever since I established the VPN configuration on the ASA to allow RADIUS authentication, the PPTP that the Microsoft VPN client with uses with the servers RRAS has stopped working. Please help!
02-19-2009 08:51 AM
I am not sure if I follow your query here, you have a pptp client going through the ASA it all worked fine till you added what now? Can you upload your configuration? Did you configure the ASA to allow VPN clients (cisco) to connect to it and use radius authentication for these?
02-19-2009 09:42 AM
Here's what happened. This client had been setup with a Sonicwall router and their remote employees were using RRAS (which is setup on their SBS 2003 server) for VPN access. They would connect to it by launching the network connection wizard on their XP laptops and configuring a new VPN connection. We then replaced the Sonicwall with a Cisco ASA 5505, and had to set up PPTP port forwarding, PPTP inspection and the allowance of GRE packets on the ASA to allow these PPTP connections. We then decided to start uising the Cisco VPN client to give us better security. I connected to the ASA ASDM and used the VPN Setup wizard to configure AAA Radius authentication. This has been working fine, but now some of the overseas endusers are having trouble connecting and prefer to have the ability to connect using the old Microsoft PPTP method instead. I'd like to keep both methods active, but it seems that ever since I ran the VPN Config wizard and setup access for Cisco VPN clients, I can no longer connect using the Microsoft VPN method. I'm not at the office, so I don't have access to the running-config , but will be able to post it later today. Does all this make sense?
02-19-2009 02:26 PM
02-20-2009 12:13 PM
OK, strange your pptp clients worked since the beginning, PPTP as you mentions uses GRE which is a portless protocol, I see on your config that you have Static PAT for PPTP and some other ports GRE does not support this so it would be normal that this does not work since the beginning.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide