I support a group that previously connected to their internal network with a Microsoft VPN client via a Microsoft RRAS connection using PPTP. I have a Cisco ASA device in place that forwards inspected PPTP traffic to the server and also allows GRE packets. We have since moved to a RADIUS configuration on the ASA for authenication. What's happening is the customer wants the ability to connect both ways (PPTP and IPSEC). Is this possible? Ever since I established the VPN configuration on the ASA to allow RADIUS authentication, the PPTP that the Microsoft VPN client with uses with the servers RRAS has stopped working. Please help!
I am not sure if I follow your query here, you have a pptp client going through the ASA it all worked fine till you added what now? Can you upload your configuration? Did you configure the ASA to allow VPN clients (cisco) to connect to it and use radius authentication for these?
Here's what happened. This client had been setup with a Sonicwall router and their remote employees were using RRAS (which is setup on their SBS 2003 server) for VPN access. They would connect to it by launching the network connection wizard on their XP laptops and configuring a new VPN connection. We then replaced the Sonicwall with a Cisco ASA 5505, and had to set up PPTP port forwarding, PPTP inspection and the allowance of GRE packets on the ASA to allow these PPTP connections. We then decided to start uising the Cisco VPN client to give us better security. I connected to the ASA ASDM and used the VPN Setup wizard to configure AAA Radius authentication. This has been working fine, but now some of the overseas endusers are having trouble connecting and prefer to have the ability to connect using the old Microsoft PPTP method instead. I'd like to keep both methods active, but it seems that ever since I ran the VPN Config wizard and setup access for Cisco VPN clients, I can no longer connect using the Microsoft VPN method. I'm not at the office, so I don't have access to the running-config , but will be able to post it later today. Does all this make sense?
OK, strange your pptp clients worked since the beginning, PPTP as you mentions uses GRE which is a portless protocol, I see on your config that you have Static PAT for PPTP and some other ports GRE does not support this so it would be normal that this does not work since the beginning.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...