We have a user who needs to access a vpn from his MAC through an ASA 5505. The user is getting an IP via DHCP and the outside interface of the ASA gets it's address via DHCP as well. The user states that when he is home or anywhere else but behind the ASA it connects fine, but once the ASA is added it times out. He is able to get to the internet from the machine without any issues. Looking over the config on the firewall it isn't set to deny any traffic and there is a global set on the interface and it is nat the inside interface. There is no global policy in place so I was considering implementing the following:
policy-map global_policy class inspection_default inspect pptp
based on documentation I had read. Will that work to fix the issue without generating other problems? I can post a clean config from the ASA if needed.
Andrew -- thanks for the link. That's actually the article I read. I was following the section for allowing internal client to outside server for version 7.x since the ASA is running version 7.2. The Nat and global statements are already in place, just no inspection being used yet. I'll add that and give it a try. Btw, do you know if there would be any issue if the client would be double nat'd. They are actually connect to a wireless router that is nating their local IP(5.x) to the external address(1.x) that the router is getting via dhcp from the ASA. It works fine for internet access so I suspect it should be fine here as well.o
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :