Sorry but I am not very networking related, and after checking more posts, and made changes after recommendations, cannot get it to work.
I am trying to configure my ASA 5505 to be able to accept incoming request to the port 1723 and being forwarded to our Windows VPN connection.
The scenario is the following:
ip address 192.168.1.202 255.255.255.0
ip address 83.244.*.* 255.255.255.224
The VPN machine has 192.168.1.211.
I created the security policies:
access-list 101 extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list outside_access_in extended permit icmp host 18.104.22.168 any
access-list outside_access_in extended permit object-group TCPUDP any host 83.244.*.* object-group DM_INLINE_TCPUDP_1
access-list outside_access_in extended permit tcp any host 83.244.*.* eq 1111
access-list outside_access_in extended permit tcp any host 83.244.*.* eq 3389
access-list outside_access_in extended permit udp any any
access-list outside_access_in extended permit tcp any 83.244.*.* 255.255.255.224 eq pptp
access-list outside_access_in extended permit gre any 83.244.*.* 255.255.255.224
access-list outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 172.17.0.0 255.255.0.0
According to this, I permit traffic to the port 1723 and the GRE service for the PPTP.
After that, I created the NAT:
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 192.168.1.0 255.255.255.0
static (outside,inside) tcp 192.168.1.203 3389 83.244.*.* 3389 netmask 255.255.255.255
static (inside,outside) tcp interface pptp 192.168.1.211 pptp netmask 255.255.255.255
static (outside,inside) tcp 192.168.1.211 pptp 83.244.*.* pptp netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 83.244.*.* 1
I created 2 different static NAT because I don't really know which one is the valid one.
We use also the ASA as a DHCP server
dhcpd auto_config outside
dhcpd option 4 ip 22.214.171.124
dhcpd option 156 ascii ftpservers=192.168.1.203
dhcpd address 192.168.1.1-192.168.1.199 inside
dhcpd dns 192.168.1.212 192.168.1.219 interface inside
dhcpd enable inside
The VPN is working correctly from the inside network, but cannot access from outside...
I spent many days reading Cisco articles and change the configuration many times, but no joy...
Can anybody help me with this?
Thanks a lot!
Have a nice day!
Did you also "clear xlate" after removing the static NAT?
Also where is it failing?
Does TCP/1723 connect? and GRE is failing? or none are working?
Have you tried to telnet on port 1723 from the outside towards the public ip address of the ASA firewall?
Your static NAT uses the ASA outside interface ip address, can you try to use a spare public ip address that you have instead?
You would need to configure the following:
static (inside,outside) 83.244.x.x 192.168.1.211 netmask 255.255.255.255
Then "clear xlate" and test it again. Thanks.