Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

asa 5505 PPTP from outside

ASA 5505 can not PPTP to cleint RAS servers

We have a problem using PPTP to reach cleint RAS servers from inside our network. EAch time we try to create a new PPTP connectiuon if fail to authticate.

Users from the outside can access our RAS server using PPTP from the outside fine though.

Please see the below config and let me know if you can see a problem??

:

ASA Version 7.2(2)

!

hostname ciscoasa

domain-name default.domain.invalid

enable password h0lden encrypted

names

name 192.168.1.4 fixitserv4

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.254 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

pppoe client vpdn group 1

ip address pppoe setroute

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

dns server-group DefaultDNS

domain-name default.domain.invalid

access-list ACLOUTSIDE extended permit tcp any host 203.222.69.26 eq smtp

access-list ACLOUTSIDE extended permit tcp any host 203.222.69.26 eq https

access-list ACLOUTSIDE extended permit tcp any host 203.222.69.26 eq ftp

access-list ACLOUTSIDE extended permit tcp any host 203.222.69.26 eq ftp-data

access-list ACLOUTSIDE extended permit tcp any host 203.222.69.26 eq www

access-list ACLOUTSIDE extended permit tcp any host 203.222.69.26 eq pptp

access-list ACLOUTSIDE extended permit tcp any host 203.222.69.26 eq pop3

access-list ACLOUTSIDE extended permit gre any any

access-list ACLOUTSIDE extended permit icmp any any echo-reply

access-list ACLOUTSIDE extended permit icmp any any echo

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

no asdm history enable

arp timeout 14400

nat-control

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 dns

static (inside,outside) interface fixitserv4 netmask 255.255.255.255

access-group ACLOUTSIDE in interface outside

route outside 0.0.0.0 0.0.0.0 203.222.69.26 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

vpdn group 1 request dialout pppoe

vpdn group 1 localname fixit-it2@connexus.net.au

vpdn group 1 ppp authentication chap

vpdn username fixit-it2.connexus.net.au password h0nda store-local

vpdn username fixit-it2@connexus.net.au password h0nda

dhcpd auto_config outside

!

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect icmp

inspect icmp error

inspect pptp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:04f0a79461c4fdb22c8427e9ef753577

: end

asdm image disk0:/asdm-522.bin

no asdm history enable

557
Views
0
Helpful
0
Replies
CreatePlease to create content