Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA firewall can't be used as a PPTP VPN endpoint?

I was hoping to replace an aging PIX running 6.3 with a new ASA 5505 running 8.0

However, the PIX is currently used as a PPTP VPN endpoint for a number of MS-WinXP dialin clients on the outside. After a bit of research, it seems that the ASAs don't support PPTP tunnels? I was hoping for a real simple setup but now it looks like I need to do L2TP and a more complicated IPSEC setup. question is: why did the ASA drop PPTP support? Is it significantly less secure? Are there any good examples for the "new" dialin VPN configs? (everything I google for seems to assume a PIX 6.x)

I'd like to see an example with the "tunnel-group" and "group-policy" commands...anyone have one?

New Member

Re: ASA firewall can't be used as a PPTP VPN endpoint?

Hi Thomas,

I am not sure why they have discontinued the use of pptp in ver 7. 0 upwards .

But here is a link with l2tp with preshared keys :

and also link with certificates :


CreatePlease to create content