I have been searching forums all over and spent much time looking for an answer to what is happening here. I have been trying to open up access to our internal server 2k3 vpn server and allow access to our RDP server and I can't seem to get any of the ports to open. In ADSM everything seems to be setup to work but still nothing is working. I am unanle to get outside connections to come in even with my ACL list setup and the group applied tot he outside connection. Here is my config file, and help would be greatly appreciated:
: Saved : PIX Version 8.0(3) ! hostname XXXXXXX enable password XXXXXXXXXXX encrypted names ! interface Ethernet0 description outside interface speed 100 duplex full nameif outside security-level 100 ip address dhcp setroute ! interface Ethernet1 description inside interface speed 100 duplex full nameif inside security-level 100 ip address 192.168.254.254 255.255.255.0 ! interface Ethernet2 shutdown no nameif no security-level no ip address ! interface Ethernet3 shutdown no nameif no security-level no ip address ! interface Ethernet4 shutdown no nameif no security-level no ip address ! interface Ethernet5 shutdown no nameif no security-level no ip address ! passwd XXXXXXXXXXXX encrypted ftp mode passive clock timezone CST -6 clock summer-time CDT recurring same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group icmp-type ICMP-INBOUND description Permit necessary inbound ICMP traffic icmp-object echo-reply icmp-object unreachable icmp-object time-exceeded object-group service RDP tcp port-object eq 3389 access-list INBOUND extended permit icmp any any object-group ICMP-INBOUND access-list 110 extended permit tcp any host 192.168.254.252 eq 3389 access-list 110 extended permit tcp any eq pptp host 192.168.254.5 eq pptp access-list 110 extended permit gre any host 192.168.254.5 pager lines 24 logging enable logging console notifications logging buffered warnings logging asdm notifications mtu outside 1500 mtu inside 1500 ip verify reverse-path interface outside no failover icmp unreachable rate-limit 1 burst-size 1 asdm image flash:/asdm-603.bin no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface pptp 192.168.254.5 pptp netmask 255.255.255.255 static (inside,outside) tcp interface 3389 192.168.254.252 3389 netmask 255.255.255.255 access-group 110 in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL http server enable http 0.0.0.0 0.0.0.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto isakmp policy 5 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 10 authentication pre-share encryption des hash sha group 2 lifetime 86400 no vpn-addr-assign aaa telnet timeout 5 ssh timeout 5 console timeout 0 threat-detection basic-threat threat-detection statistics access-list group-policy DfltGrpPolicy attributes dns-server value 192.168.254.5 ! ! prompt hostname context Cryptochecksum:c80ebce8bbe747e5a5fc68626f2cd3c0 : end asdm image flash:/asdm-603.bin no asdm history enable
Thank you so much. I was able to get the RDP working but I am still having trouble with the PPTP pass through. I hav
e also made the changes to reflect what I changed for RDP and was able to connect to the server but not verify username and password? Could this be a problem with GRE? Even though I have it set just as the RDP and PPTP rule? Once again thanks for the lightning fast response.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...