I have an odd issue with with my VPN setup. I'm using a Windows 2000 server as a VPN server, it sits behind an ASA 5510. All of my users can get in fine in their normal use, generally remotely connecting over DSL. However I often get reports of failure when people try to VPN from hotels. I'm thinking there is some sort of filtering or nat transparency issue happening on the hotel side, but I never have a user at a given hotel long enough for troubleshooting to happen. I don't want a windows box outside of the firewall, but I would like to elimate some user headaches. Anything else I can do to eliminate ASA interference? Here is my pertinent config:
name 192.168.1.10 VPN
ip address 192.168.1.2 255.255.255.0 standby 192.168.1.3
ip address 192.168.2.2 255.255.255.0 standby 192.168.2.3
ip address xx.yy.zz.125 255.255.255.192 standby xx.yy.zz.126
access-list ORG-Outside_access_in extended permit gre any host xx.yy.zz.100
access-list ORG-Outside_access_in extended permit tcp any host xx.yy.zz.100 eq pptp
access-group ORG-Outside_access_in in interface ORG-Outside
I'll check/try that. As for terminating to the ASA, I like being able to define access via Active Directory Global Groups. I'm not sure how smoothly I can integrate with AD on the ASA, or what other benefit there would be in switching. Windows VPN services are so easy to setup and maintain(for a Windows server guy), there would have to be some compelling reasons to switch.
Yes it does. I can't speak to performance(no comparative testing), but RRAS is actually a pretty flexible and intuitive part of Windows server. Access profiles can restrict based on network address, protocol, physical connection type.
I also only average about 4-5 VPN users at any given time, so for all I know the server might die if 50 people were having to connect simultaneously. That might be the Windows catch.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...