I have two ASA that connect to the Internet. I don't do any static NATTING on my inside network. My users have been trying to establish a VPN session using Microsoft VPN but without much success.
First Firewall
ccess-list INSIDE line 244 extended permit tcp 10.33.0.0 255.255.0.0 host x.x.x.x eq pptp (hitcnt=19)
access-list INSIDE line 246 extended permit gre 10.33.0.0 255.255.0.0 host x.x.x.x (hitcnt=8)
access-list pptp_inspection line 5 extended permit ip 10.33.0.0 255.255.0.0 host x.x.x.x(hitcnt=6)
class-map pptp
description Policy to allow hosts to PPTP
match access-list pptp_inspection
policy-map pptp
class pptp
inspect pptp
policy-map global_policy
class http-map1
set connection advanced-options mss-map
policy-map global-policy
class global-class
inspect icmp error
inspect snmp
inspect icmp
inspect ftp
inspect dns
inspect pptp
class http-map1
set connection advanced-options mss-map
The second firewall has pretty much the same configution.
LAN<->1stFW<->SW<->2ndFW<->SW<->Internet